Identifying the Cyber Attacker

hacker2.jpg

Computers and networks have blurred the boundaries when you look at cyber warfare, cyber crime, and cyber terrorism. There is no doubt that future conflicts will involve cyber warfare between nations. Distinguishing between military and criminal and civilian attacks is tough and could create a dangerous problem in determining who is behind a cyber attack. It's very difficult to trace cyber attacks back the responsible parties. It is rarely the case that the computer forensic analysis conducted as a result of a cyber attack yields enough hard evidence that would meet the "beyond a reasonable doubt" standard we apply in non-civil court actions.

There are millions of pieces of malicious code available today along with a significant number of vulnerabilities that can be exploited by cyber soldiers, hackers and others who wish to compromise computers and networks. Websites now provide both novice and expert level computer attackers with the latest, up-to-date programs and support needed to plan, design, develop and initiate cyber attacks. In fact, these websites provide services to parties that are interested in hacker computer systems and networks.

When you use the Internet, you leave the equivalent of digital footprints and attacks leave digital fingerprints as well as digital DNA. Every message a computer sends to a different computer travels in a series of hops from one router or server to another leaving behind logs and addresses of the route. Even after the message is received, the record of its path of travel remains behind. There are also a number of ways that attackers use to obscure their location and identity. Intelligence around cyber weapons development and cyber attacks is very limited. In our vast sources of intelligence gathering capabilities only electronic intercepts and human intelligence have the ability to provide the primary sources for our intelligence helping to defend our nation against cyber attacks. The tools and technologies available to law enforcement and the Defense Department are not keeping pace with the rapid advances being made in cyber weapons used by attackers. The current state of the practice and available tools regarding the technical ability to track and trace cyber attacks remains very primitive. The advanced level of sophisticated cyber attacks make it close to impossible to trace to their true source and have the hard evidence that would pass the court of public opinion. In addition, the technical nature of the investigation would make it difficult to effectively communicate to those serving on a jury. Advanced tools for tracing complex attacks are among the research topics that are currently under development by multiple organizations and agencies, but we need them now.

We have seen the harbingers of cyber warfare and the image they present instills fear in our military and technical professionals. Dozens of nation states currently have highly sophisticated cyber attack capabilities and many others are in the process of developing cyber weapons of mass disruption. Advances are needed now to defend our systems against such attacks. Likewise, advances tools, techniques and trained staff are needed now to conduct the investigations into the rash of cyber attacks we are experiencing. Finally, international laws and doctrine must rapidly be developed and implemented as part of our overall cyber defense activities.

-- Kevin Coleman

Show Full Article

Related Topics

DefenseTech

Most Popular Military News