Attackers Engage In False Flag Attack Manipulation

  /     /     /  
Publicated : 22/11/2024   Category : security


Attackers Engage In False Flag Attack Manipulation


When hackers posing as other hackers encourage conflict among other nations or organizations



Just because someone claiming to be the Iranian Cyber Army claims responsibility in a Pastebin post for a targeted attack doesnt necessarily mean they did it – nor that the group boasting about the attack is really the so-called Iranian Cyber Army.
Welcome to the frustratingly deceptive age of hacking attribution. While the subterfuge is often all about a game of cat-and-mouse or to throw authorities off the trail of the real attackers, it can be an especially dangerous game when it comes to sometime attempting to incite conflict between the victim organization or nation, and the supposed attackers. Hackers posing as other hackers can basically encourage conflict among other nations or organizations, experts say, and sit back and watch.
The trouble with so-called cyberwar and targeted attacks like the recent one against Saudi Aramco is that the attackers who claim responsibility for the deed may be posing as another nation or group in order to incite conflict between other nations or groups.
Its very easy to attack some group of people or some country and make it look like it came from another country. You can engage them into cyberwar via a third party, says Cesar Cerrudo, CTO for IO/Active Labs.
Take the hack that took down Chinas Baidu search engine in early 2010. A group claiming to be the Iranian Cyber Army
said it had downed Baidu
, prompting retaliatory hacks by Chinese hackers against Iranian sites. The Chinese were surprised that Iranians had attacked them, he says. After that, the Chinese attacked Iran.
But it turns out it wasnt actually Iran behind the Baidu attack, Cerrudo says. Someone else attacked the Chinese to get them to attack the Iranians. Maybe it was a test or some sort of experiment, he says.
Cerrudo, who delivered a presentation last week at the Ekoparty conference in Buenas Aires on the problem of these so-called false flag attacks and the myths and truths about cyberwarfare, says the difficulty in confirming whos behind what attacks often leads to the spread of disinformation about cyberwarfare and cyberweapons.
There is a lot of things published that is not real and doesnt have any hard evidence behind it. Then people start repeating the same [information] and then you start to realize ... its nonsense or is wrong. There are many hidden agendas and manipulation behind some high-profile attacks, he says.
Some nations basically use that model to manipulate the public perception or to elicit a response from the victim organization to retaliate against the attackers enemy, for example, he says. Or they are looking to hide their activities.
Joe Stewart, director of malware research for Dell SecureWorks, says cyberespionage attackers often use subterfuge. They use a fair amount of subterfuge, trying to relay their traffic through third-party hacked servers in whatever country they might be in, Stewart says. We also see plenty of activity not being relayed, also. Lots of command and control is hosted right here on Chinese IP addresses. [Those attackers] dont care about attribution – its kind of an open secret. They care more about getting around firewall controls and access control lists.
[Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats arent just from China and Eastern Europe. See
Profiling The Cybercriminal And The Cyberspy
.]
Meanwhile, while superpowers such as the U.S. are investing big bucks in cyberwarfare and defense, theyre spending more than they should, IOActives Cerrudo says. Its just software, hey says. It may be more expensive if you have good researchers who find new attack techniques or zero-days. But in the end, its just software.
This lower barrier to entry makes it possible for small nations with little or no cyberweapon budget to participate in cyberwarfare as well, he says. One model: a nation could select top university talent and train those students in exchange for having them work on cyberweapon-type projects, he says.
And look for cyber-mercenaries to become the next potential threat, Cerrudo says. Cybercrime has spawned a new generation of skilled hackers as well as established botnet infrastructures and other tools that easily could be used in militia-for-hire type scenarios by malicious nation-states or other bad actors.
In the future, we might see cyber mercenaries and militias who work for whoever pays them to go after groups of people or governments, he says. It could be anyone or even could be government -- but you couldnt prove it.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Attackers Engage In False Flag Attack Manipulation