One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 332355 |
| Date de publication | 2017-03-08 19:22:03 (vue: 2017-03-08 19:22:03) |
| Titre | A note about "false flag" operations |
| Texte | There's nothing in the CIA #Vault7 leaks that calls into question strong attribution, like Russia being responsible for the DNC hacks. On the other hand, it does call into question weak attribution, like North Korea being responsible for the Sony hacks.There are really two types of attribution. Strong attribution is a preponderance of evidence that would convince an unbiased, skeptical expert. Weak attribution is flimsy evidence that confirms what people are predisposed to believe.The DNC hacks have strong evidence pointing to Russia. Not only does all the malware check out, but also other, harder to "false flag" bits, like active command-and-control servers. A serious operator could still false-flag this in theory, if only by bribing people in Russia, but nothing in the CIA dump hints at this.The Sony hacks have weak evidence pointing to North Korea. One of the items was the use of the RawDisk driver, used both in malware attributed to North Korea and the Sony attacks. This was described as "flimsy" at the time [*]. The CIA dump [*] demonstrates that indeed it's flimsy -- as apparently CIA malware also uses the RawDisk code.In the coming days, biased partisans are going to seize on the CIA leaks as proof of "false flag" operations, calling into question Russian hacks. No, this isn't valid. We experts in the industry criticized "malware techniques" as flimsy attribution, long before the Sony attack, and long before the DNC hacks. All the CIA leaks do is prove we were right. On the other hand, the DNC hack attribution is based on more than just this, so nothing in the CIA leaks calls into question that attribution. |
| Envoyé | Oui |
| Condensat | #vault7 about active all also apparently are attack attacks attributed attribution based before being believe biased bits both bribing but call calling calls check cia code coming command confirms control convince could criticized days demonstrates described dnc does driver dump evidence expert experts false flag flimsy going hack hacks hand harder have hints indeed industry isn items just korea leaks like long malware more north not note nothing one only operations operator other out partisans people pointing predisposed preponderance proof prove question rawdisk really responsible right russia russian seize serious servers skeptical sony strong strong attribution techniques than theory there time two types unbiased use used uses valid weak weak attribution what would |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.