+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Here's why the NSA won't release a 'smoking gun' implicating Russia in these major hacks

Aug 19, 2016, 04:42 IST

REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE

Was Russia behind the massive hack of the Democratic National Committee or this latest breach of what appears to be the NSA's elite hacking unit?

Advertisement

That's quite possible, but the National Security Agency is probably not going confirm that - even as former employees proclaim it can do so, and top US officials say there is "little doubt" Moscow is involved.

Former NSA contractor Edward Snowden said on Twitter "evidence that could publicly attribute responsibility for the DNC hack certainly exists at NSA" with a tool known as XKeyScore, which he previously described as a "one stop shop" for information it collects. If that's true, it's likely that same tool could find the culprits behind the latest attack.

But Dr. Peter Singer, a strategist at the think tank New America and coauthor of "Ghost Fleet," argues that releasing a "smoking gun" clearly pointing the finger at Russia (or some other nation) for a cyber attack bears a much larger risk of blowing future operations. If NSA has covert computers just sitting back and watching as Russian hackers hit a target, it probably doesn't want to give those up by trying to prove it.

"You give away capabilities and maybe even access if you reveal that," Singer told Business Insider, adding that it's a case of, "I can't show you my homework, because it means I'll give up this intelligence goldmine."

Advertisement

That's not to say that Russia is not involved in the hack of the DNC or the NSA. Cybersecurity firm Crowdstrike found two different Russia-linked hacker groups inside the DNC servers, while providing a technical analysis of its findings. And some former agency employees believe Moscow is behind the mysterious "Shadow Brokers" claiming to have hacked NSA.

But a detailed dump of evidence like President Kennedy did in 1962 proving that nuclear missiles were inside of Cuba is probably not coming.

"President Kennedy famously gave his press briefing where he actually showed U-2 spy plane photos, and this gave away great secrets of the United States, but it also proved to the world that there were, in fact, missiles in Cuba," Cris Thomas, a strategist at Tenable Network Security and former hacker at the legendary L0pht collective, told Business Insider in May of the Sony hack, which officials publicly blamed on North Korea.

"[The US should] say 'this is why we think this country did this thing … here's our evidence, here's our IP addresses, here's our packet captures,' just so that it's not a he said, she said type of thing."

Many in the computer security community are often skeptical of attribution claims, since attacks can originate from previously-hacked machines, hop over a variety of servers, and exposed code and hacker toolkits can end up pointing the finger at someone else entirely.

Advertisement

In short, attribution is difficult, if not impossible.

The problem is two-fold: Gathering definitive evidence is extremely hard, and even that data, if obtained, is not easy to understand by average people outside of the world of computer security research.

"What is persuasive when so few people understand the topic?" Singer asked. "The most persuasive stuff might be the most technical."

Even a former NSA hacker who took part in cyberattacks on behalf of the US agrees.

"I can tell you that if I got onto a machine today and I found a Russian backdoor and I started using it, it's just software. You wouldn't know that I was using it," the source, who spoke on condition of anonymity to discuss sensitive matters, told Business Insider. "It's just really hard to know who's using, who created it. I find these analyses that 'the code had a reference to this part of the Bible, so it must be Israel,' it's just really kind of silly."

Advertisement

NOW WATCH: 'Pokémon GO' is testing out a huge change that makes it easier to play the game

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article