December 1, 2014 in Daily Bulletin
Over the past two weeks computer security experts have been analyzing a piece of malicious software known as Regin which is targeting computers in many countries including Russia and Saudi Arabia. It is thought to be British. The Economist took a look at how experts figure out where such software comes from:
- There are usually clues in the targets of the software. Anything targeting Iran is likely Israeli. Suspicion would fall on NATO countries for anything targeting Russia.
- Sometimes there are clues in the code itself. In the case of Regin there were references to “Legspin” a type of cricket bowling. This has led experts to suspect British involvement.
- Code in Korean, Mandarin, Arabic or any other country specific language also provides a signpost.
- Of course designers of malicious software know that people will be looking for such clues and may plant a trail of false breadcrumbs.
- If done correctly cyber-attacks can be impossible to trace, highlighting their appeal.
Read about some famous examples, the clues that point towards the real perpetrator, and more over here.
Source: The Economist