How Cyber-Attacks Are Traced

December 1, 2014 in Daily Bulletin

Over the past two weeks computer security experts have been analyzing a piece of malicious software known as Regin which is targeting computers in many countries including Russia and Saudi Arabia. It is thought to be British. The Economist took a look at how experts figure out where such software comes from:

  • There are usually clues in the targets of the software. Anything targeting Iran is likely Israeli. Suspicion would fall on NATO countries for anything targeting Russia.
  • Sometimes there are clues in the code itself. In the case of Regin there were references to “Legspin” a type of cricket bowling. This has led experts to suspect British involvement.
  • Code in Korean, Mandarin, Arabic or any other country specific language also provides a signpost.
  • Of course designers of malicious software know that people will be looking for such clues and may plant a trail of false breadcrumbs.
  • If done correctly cyber-attacks can be impossible to trace, highlighting their appeal.

Read about some famous examples, the clues that point towards the real perpetrator, and more over here.

Source: The Economist