Latest articles in ‘Forensic’

  1. How are attacks and APTs attributed

    Published: Sun 01 October 2017 in Opinions.
    How to put the name of a country or an individual behind a security event.

    Computer-based attack attribution works like the attribution of any other illegal activity: it requires a significant amount of investigation, gathering clues, corroborating information, attempting to eliminate false leads and recognize right ones, etc.

    On the attackers’ side

    The attacker may cover his tracks using two main techniques: plausible deniability and false flag.

    Plausible deniability

    Plausible deniability aims non-attribution by making the attacker’s identity unclear. It relies notably on using off-the-shelf and widely available tools and techniques, and carefully removing all metadata or potential clue.

    CIA’s Development Tradecraft DOs and DON’Ts from the “Vault 7” leak is a perfect example on how to implement plausible deniability in malicious software.

    False flag

    False flag (in the case of a government entity we can also talk of a black ops) aims misattribution by voluntarily and actively forging clues designed to deceive investigators (or simply the targets) into attributing the attack …

  2. 23, Karl Koch and Cliff Stoll

    Published: Sun 23 July 2017 in Library.
    The best depiction of the hacking world in the early days of the Chaos Computer Club.

    23 - Nichts ist so wie es scheint (1998)

    The best depiction I’ve seen so far of the state of the hackers’ world in western Germany in the 80’s. You name it: this the place and time which gave birth to the Chaos Computer Club.

    This film is an independent production (by Hans-Christian Schmid), and due to this is not very widely known which I think is a real shame. This film follows Karl Koch, a German hacker stealing information from US military systems to sell them to the KGB. But, IMHO, this is merely an excuse to provide us an overview of the hackers’ world of that time, both at the cultural and technical level, where idealism faces conspiracy theories, the desire to free the access to information meets individual and national craving for power, and Usenet groups were creating new kinds of links between people.

    Screenshot of "23 - Nichts ist so wie es scheint"

    Some people …

Popular tags see all