Move over COVID. 2021 is turning out to be another year of the digital virus. One massive hacking story after another. Unrelated stories in many cases, we are told. In particular:
1. The SolarWinds mega-hack announced in December of 2020, blamed on Russia, blamed on Cozy Bear
2. The Microsoft Exchange mega-hack disclosed in March 2021, blamed on China.
3. The revelations about NSO Group’s oversight (or lack thereof) of its powerful spyware sold to governments around the world.
4. The emerging story of Candiru, one of NSO Group’s fellow “commercial surveillance vendors”, selling toolkits overflowing with zero-day exploits, specializing in targeting Microsoft products.
But how unrelated are these stories? That’s the big question we’re going to explore in this post. A question punctuated by another meta-story we’ve looked at many times before: the meta-story of a cyberattribution paradigm seemingly designed to allow private companies and governments to concoct an attribution scenario for whatever guilty party they want to finger. As long as there was some sort of ‘clue’ found by investigators — like piece of Cyrillic or Mandarin text or malware previously attributed to a group — these clues were strung together in a “pattern recognition” manner to arrive at a conclusion about the identity of the perpetrators. Attribution conclusions often arrived at with incredible levels of confidence. Recall how the Japanese cybersecurity firm TrendMicro attributed a 2017 US Senate email phishing campaign to ‘Pawn Storm’/Fancy Bear with 100 percent certainty, and they made this highly certain attribution based heavily on how similar the hack was to the 2017 hacks of Emmanuel Macron’s emails via a phishing campaign that TrendMicro attributed at the time with 99 percent certainty to Pawn Storm/Fancy Bear and yet the ANSSI, the French government’s cybersecurity agency, was leaving open the possibility that the hack they could be the work of “other high-level” hackers trying to pin the blame on “Pawn Storm” (another name for “Fancy Bear”). TrendMicro was making 99 percent certain attributions that the French government said could be any range of actors. That was the state of affairs for cyberattributions in 2017 and nothing has changed in the years since. Highly certain attributions continued to be piled on top of highly certain attributions — almost always pointing towards Russian, Iran, China, or North Korea — built on a foundation of what appear to be largely guesswork. Often highly motivated guesswork (i.e. lies).
Recent Comments