The DNC Breach and the Hijacking of Common Sense

Jeffrey Carr
author, 'inside Cyber Warfare' (O'Reilly Media 2009, 2011); CEO, Taia Global, Inc.; Founder, Suits and Spooks conference

June 19, 2016

This article is about the DNC breach and its attribution to the Russian government. But first, imagine that the DNC breach wasn’t a network breach but a shooting (no one was injured). No one knows who the shooter was but he left behind his weapon, a Kalishnikov AKM.

The unknown shooter used a Russian-made weapon. Does that mean that the shooter is Russian? Or that the shooter works for the company, Kalishnikov Concern? Or even more likely in the crazy world of cyber investigations, that the designer of the AKM is also the shooter?

Police would certainly explore the possibility that the shooter may have been Russian but they wouldn’t exclude other suspects. And no investigator in his right mind would arrest the CEO of Remington Arms, Sig Sauer, Kalishnikov Concern or any other arms manufacturer because a gun they made was used in a crime.

In the physical world of crime investigation, common sense dictates that the perpetrator of a crime may use any weapon and not just one made in the country of his birth, and that the developer or manufacturer of the weapon most likely isn’t the criminal.

And yet, those seemingly crazy assumptions are made every day by cybersecurity companies involved in incident response and threat intelligence.

The malware was written in Russian? It was a Russian who attacked you.

Chinese characters in the code? You’ve been hacked by the Peoples Liberation Army.

[…]

Continua qui: https://medium.com/@jeffreycarr/the-dnc-breach-and-the-hijacking-of-common-sense-20e89dacfc2b#.hb6fq4nh1