Was Russia behind the massive hack of the Democratic National Committee or this latest breach of what appears to be the NSA’s elite hacking unit?
That’s quite possible, but the National Security Agency is probably not going confirm that — even as former employees proclaim it can do so, and top US officials say there is “little doubt” Moscow is involved.
Former NSA contractor Edward Snowden said on Twitter “evidence that could publicly attribute responsibility for the DNC hack certainly exists at NSA” with a tool known as XKeyScore, which he previously described as a “one stop shop” for information it collects. If that’s true, it’s likely that same tool could find the culprits behind the latest attack.
But Dr. Peter Singer, a strategist at the think tank New America and coauthor of “Ghost Fleet,” argues that releasing a “smoking gun” clearly pointing the finger at Russia (or some other nation) for a cyber attack bears a much larger risk of blowing future operations. If NSA has covert computers just sitting back and watching as Russian hackers hit a target, it probably doesn’t want to give those up by trying to prove it.
“You give away capabilities and maybe even access if you reveal that,” Singer told Business Insider, adding that it’s a case of, “I can’t show you my homework, because it means I’ll give up this intelligence goldmine.”
That’s not to say that Russia is not involved in the hack of the DNC or the NSA. Cybersecurity firm Crowdstrike found two different Russia-linked hacker groups inside the DNC servers, while providing a technical analysis of its findings. And some former agency employees believe Moscow is behind the mysterious “Shadow Brokers” claiming to have hacked NSA.
But a detailed dump of evidence like President Kennedy did in 1962 proving that nuclear missiles were inside of Cuba is probably not coming
“President Kennedy famously gave his press briefing where he actually showed U-2 spy plane photos in his press briefing, and this gave away great secrets of the United States, but it also proved to the world that there were, in fact, missiles in Cuba,” Cris Thomas, a strategist at Tenable Network Security and former hacker at the legendary L0pht collective, told Business Insider in May of the Sony hack, which officials publicly blamed on North Korea.
“[The US should] say ‘this is why we think this country did this thing … here’s our evidence, here’s our IP addresses, here’s our packet captures,’ just so that it’s not a he said, she said type of thing.”
Many in the computer security community are often sceptical of attribution claims, since attacks can originate from previously-hacked machines, hop over a variety of servers, and exposed code and hacker toolkits can end up pointing the finger at someone else entirely.
In short, attribution is difficult, if not impossible.
The problem is two-fold: Gathering definitive evidence is extremely hard, and even that data, if obtained, is not easy to understand by average people outside of the world of computer security research.
“What is persuasive when so few people understand the topic?” Singer asked. “The most persuasive stuff might be the most technical.”
Even a former NSA hacker who took part in cyberattacks on behalf of the US agrees.
“I can tell you that if I got onto a machine today and I found a Russian backdoor and I started using it, it’s just software. You wouldn’t know that I was using it,” the source, who spoke on condition of anonymity to discuss sensitive matters, told Business Insider. “It’s just really hard to know who’s using, who created it. I find these analyses that ‘the code had a reference to this part of the Bible, so it must be Israel,’ it’s just really kind of silly.”