The difficulties of tracing a cyber attack back to the attacker

What is true for the Stuxnet worm and the Estonian cyberwar is true for most cyber attacks, mostly the sophisticated ones among them.  In general, it is difficult to trace the attacks back to the original attacker and to find the real culprit behind the many attacks on another nation. The reason for this is quite simple. No intelligence service launching attacks on another nation would want to leave footprints that could lead back to them. They would want to deny their involvement in the stealing of data etc. and to proclaim innocence.

In addition to that, the more sophisticated opponents can easily hide their footprints by launching their attacks from a third country. And let’s be honest here: There are a lot of communication facilities around the world that could easily be hacked and used for an attack. China is one of those countries that are especially susceptible to being used as a platform for third-country-cyberattacks. The reason for this are its poorly secured networks, that hackers have no trouble taking over. China’s network is so vulnerable, because security practices are generally poor and because more than 90% of the software used in China is pirated. This makes it hard to obtain security updates and patches. More than three quarters of Chinese computers are generally found infected with malware. Just as vulnerable as the Chinese networks are American universities, as their large networks must be accessible at all times to hundreds, maybe thousands of students. This makes them especially vulnerable to misuse as a platform for cyber attacks on other American facilities.

In short, it can be said that just because an attack can be trace back to China, this does not necessarily mean that China is behind those attacks. The problem is that every nation has certain countries that it suspects of wanting to steal classified data or attack its industrial facilities. If an attack is traced back to one of those countries, the victim might not even think about investigating further for finding the real culprit.

Another aspect of cyber criminality that changed greatly in recent years is the availability of sophisticated hacking tools. In the past only well-established intelligence services had the power to launch cyberattacks. Nowadays, even a small virtual community of skilled cybercriminals could cause the same amount of damage. A large corporation might therefore just hire cybercriminals to steal certain data.

Cyber espionage is probably the form of attack that had benefitted most from the rise of the internet, as “information that once required physical access or recruitment of agents can now be downloaded from afar.” China is continuously copying the U.S military and even developed computer network operations capable of attacking U.S information centres and probably even infrastructure in the event of a conflict. Not only China, but also Russia, France, Israel and even North Korea own similar programs.

Even so, the main goal of all these attacks is to remain unnoticed and to have covered your digital footprints well enough in case the attacks are noticed by the victim. What matters is not really who is attacking, but how to secure data in general. This could be done by authenticating users, encrypting data, regular patching and of course by monitoring the systems for intrusions.