With the increasing frequency, complexity and sophistication of cyber attacks - such as Stuxnet, the Sony Hack - how is attribution done?

This podcast is an interview with Ben Buchanan about a paper he recently published with Thomas Rid, Professor of Security Studies at Kings College, London on Attributing Cyber Attacks The paper can be found in the Journal of Strategic Studies. Additional information about the various reports mentioned in the podcast are linked throughout the transcript.

This podcast was produced and is hosted by Adriene Lilly.

 

Adriene Lilly: With the increasing frequency of cyber attacks in the media I think it's worth taking a few minutes to try and understand how attribution is done - how do we find out who is doing it, why, how, and where from.  What exactly is attribution in the cyber context, why do we try to attribute attacks? How is it different than it's offline equivalent in criminal investigations? Where does data and forensic evidence come from? And who – be it the government or private companies – is actually involved in the process of attribution?
Today I'm talking to Ben Buchanan....

Ben Buchanan: good to be with you Adriene. So I'm Ben Buchanan, I'm a PHD Candidate at Kings College London.

AL: He's recently published a paper with Thomas Rid in the Journal of Strategic Studies called “Attributing Cyber Attacks” their paper attempts to get to the essence of attribution in cyber crime and sets up a model that they hope can help streamline the process.
Before we begin though, there are a number of major cyber attacks that have popped up in the media over the past couple of years. So just in case you're like me and may need a refresher, let's start with a few of those stories.
Let's begin back in 2010 with the discovery of Stuxnet. Stuxnet was a piece of malware – or malicious software – that is generally cited as being one of the most if not they most sophisticated computer viruses to date. And while no one has officially taken credit for it, best guesses it's a product of the US and Israeli governments. The software was specifically designed to target a uranium enrichment facility in Iran by subtly changing how some of the mechanical structures in the facility operated. Specifically the spinning speed of a number of centrifuges. Stuxnet was designed to sabotage the Iranian nuclear program. It's significant for a number of reasons, but the one that I want to emphasize here is the complexity and sophistication of the operation.. here's Ben..

AL: Ok, now your brought up the centrifuges in Iran so I'm assuming you're talking about Stuxnet..

BB: Sure, so Stuxnet was a long cyber operation against Iranian centrifuges that by some reports involved building a replica of the Iranian nuclear facility and testing the code against this model before it was deployed against Iran. That's an operation that probably cost hundreds of millions of dollars when you consider all the physical expenses. It's believed to have been conduced by the US, likely working in partnership with Israel, and it had the effect of manipulating the centrifuges in a number of ways over a number of years in an attempt to slow down the Iranian nuclear program.

AL: Who discovered it and who did it?

BB: So the tech side of the operation was discovered by researches who were alerted when a computer in Iran kept restarting for unknown reasons. They looked in the code and they discovered that it was what looked like a cyber weapon against the Iranian nuclear facility. People immediately assumed, or guessed, that it was the US or Israel but there was no concrete proof for quite awhile. And in that case, what is today the most credible attribution of the Stuxnet attack came from a reporter, came from David Sanger at the New York Times who working inside the beltway of sources found out that it was in fact likely a US or Israeli operation and then further reporting seems to indicate that's the case,

Ver todos los episodios