Vladimir Putin shooting
REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE

 

Was Russia behind the massive hack of the Democratic National Committee, or the latest breach of what appears to be the NSA’s elite hacking unit?

That’s quite possible, but the US National Security Agency is probably not going confirm that — even as former employees proclaim that it can do so, and top US officials say that there is “little doubt” Moscow is involved.

Former NSA contractor Edward Snowden said on Twitter that “evidence that could publicly attribute responsibility for the DNC hack certainly exists at NSA” with a tool known as XKeyscore, which he previously described as a “one stop shop” for information it collects.

If that’s true, then it’s likely that that same tool could find the culprits behind the latest attack.

But Dr. Peter Singer, a strategist at the think tank New America and coauthor of “Ghost Fleet,” argues that releasing a “smoking gun” clearly pointing the finger at Russia — or some other nation — for a cyberattack bears a much larger risk of blowing future operations.

If the NSA has covert computers just sitting back and watching as Russian hackers hit a target, then it probably doesn’t want to give those up by trying to prove it.

“You give away capabilities and maybe even access if you reveal that,” Singer told Business Insider, adding that it’s a case of “I can’t show you my homework because it means I’ll give up this intelligence goldmine.”

That’s not to say that Russia is not involved in the hack of the DNC or the NSA. Cybersecurity firm CrowdStrike found two different Russia-linked hacker groups inside the DNC servers, while providing a technical analysis of its findings. And some former agency employees believe that Moscow is behind the mysterious “Shadow Brokers” claiming to have hacked the NSA.

But a detailed dump of evidence like President John Kennedy did in 1962, proving that nuclear missiles were inside Cuba, is probably not coming.

“President Kennedy famously gave his press briefing where he actually showed U-2 spy plane photos, and this gave away great secrets of the United States, but it also proved to the world that there were, in fact, missiles in Cuba,” Cris Thomas, a strategist at Tenable Network Security and former hacker at the legendary L0pht collective, told Business Insider in May of the Sony hack, which officials publicly blamed on North Korea.

The US should “say ‘this is why we think this country did this thing … here’s our evidence, here’s our IP addresses, here’s our packet captures,’ just so that it’s not a he-said/she-said type of thing.”

Many in the computer-security community are often skeptical of attribution claims, since attacks can originate from previously hacked machines and hop over a variety of servers, and exposed code and hacker toolkits can end up pointing the finger at someone else entirely.

In short, attribution is difficult, if not impossible.

The problem is twofold: Gathering definitive evidence is extremely hard, and even that data, if obtained, is not easy to understand by average people outside the world of computer-security research.

“What is persuasive when so few people understand the topic?” Singer asked. “The most persuasive stuff might be the most technical.”

Even a former NSA hacker who took part in cyberattacks on behalf of the US agrees.

“I can tell you that if I got onto a machine today and I found a Russian backdoor and I started using it, it’s just software. You wouldn’t know that I was using it,” the source, who spoke on condition of anonymity to discuss sensitive matters, told Business Insider. “It’s just really hard to know who’s using, who created it. I find these analyses that ‘the code had a reference to this part of the Bible, so it must be Israel,’ it’s just really kind of silly.”

As reported by Business Insider