Attribution is a rather mystical thing when it comes to cyber-attacks. “Cyber related” companies offering response based services - incident response, investigations - know this very well and play up the fear to continue to sell their services. As an offensive penetration tester, I have many tricks up my sleeve that …show more content…
Proof via way of an attacker caught red-handed, with data on their machine. What level of proof would we be willing to offer if all we did is state: “Dmitri Russianov was caught in the act. He has a personal website that lists him as a cyber expert in Russian government.” Would we be willing to investigate this Dmitri without blinders. “What exactly did he do, how, and why.” Are we willing to make sure that perhaps his machine was not compromised and used as a proxy? The answer is: “Probably not.” We would be so content with pointing the finger, we would just settle. But what if for a moment, someone in China compromised Dmitri’s machine, and leveraged his credentials to pull off other attacks? Another country skates away scott-free. See the