Inside the Enemy’s Computer: Identifying Cyber Attackers

Attribution - tracing those responsible for a cyber attack - is of primary importance when classifying it as a criminal act, an act of war, or an act of terrorism. Three assumptions dominate current thinking: attribution is a technical problem; it is unsolvable; and it is unique. Approaching attribution as a problem forces us to consider it either as solved or unsolved. Yet attribution is far more nuanced, and is best approached as a process in constant flux, driven by judicial and political pressures. In the criminal context, courts must assess the guilt of criminals, mainly based on technical evidence. In the national security context, decision-makers must analyse unreliable and mainly non-technical information in order to identify an enemy of the state. Attribution in both contexts is political: in criminal cases, laws reflect society’s prevailing norms and powers; in national security cases, attribution reflects a state’s will to maintain, increase or assert its power. However, both processes differ on many levels. The constraints, which reflect common aspects of many other political issues, constitute the structure of the book: the need for judgement calls, the role of private companies, the standards of evidence, the role of time, and the plausible deniability of attacks.