Among all the other lies told at the final presidential debate, the one that most violently leaped out at me is this nonsense about “17 of our top intelligence agencies name Russia as the hacker in support of the Trump presidency.” While some or even all of the U.S. intel guys might believe or think that Russia is behind the email hack, they cannot know for sure and if asked, they will tell you exactly that. That’s because they can’t know.

The incredible danger is that any hacking group can be misrepresented by false flags, and attribution is rarely accurate and thus can never be relied on.

Close

So, Donald Trump was absolutely right when he reiterated his claim that it “could be anybody.”

The top security analysts in the world (including Kaspersky Lab) all agree that attribution is impossible in today’s cybersecurity world. Blaming Russia or North Korea (for the SONY attacks) is at best dangerous — and at worst could lead directly to dramatic global consequences. Hillary Clinton and Barack Obama are being reckless with these accusations. They should know that it is widely held and common knowledge within the industry that all major attacks are conducted under at least one if not many sets of false flags. This is not news. This has been going on for years.

A good example of this is a cybercrime group known as the CyberCaliphate, which first appeared at the end of 2014 when it took control of the Albuquerque Journal’s mobile applications, and proceeded to broadcast propaganda apparently in support of ISIS. This takeover was followed in January 2015 by grabbing control of the United States Central Command (USCENTCOM)’s Twitter and YouTube accounts. The world believed that a new pro-ISIS hacking group had arrived, because it was promoted in that way.

Then, when French TV station TV5Monde was hacked and almost destroyed in April 2015, CyberCaliphate claimed responsibility. Since it had an established presence in the broadcast space through its alleged work at the AJ, the attribution “made sense” and the CyberCaliphate group was broadly accepted as the source.

[lz_ndn video= 31540558]

However, it turns out that the cybersecurity forensics company FireEye discovered that an IP address associated with a different but equally nefarious group known as Sofacy had been used instead, and the attribution and blame suddenly switched from CyberCaliphate to Sofacy.

Sofacy, which is also known as APT28, Pawn Storm, Tsar Team, and Fancy Bear has been linked to Russia by another cybersecurity firm called CrowdStrike, and as a result Russia has been implicated in every attack by any of these groups since 2015. This might begin to make sense, except for a recent discovery by Kaspersky that now links Sofacy to leading Yemen Cyber Army groups, which have been operating as surrogates for ISIS in cyberattacks against Syria, the Ukraine, and Qatar outing the sale of military weapons to Yemeni and Syrian rebel groups.

None of this makes any sense. If the accusations are true, Russia would not only be operating on all sides of the Middle East conflict, but some of its cyberattacks would also be directed at one of its key allies and trading partners — Iran, who is supplying weapons to the Houthis who are fighting to overthrow the Saudi-backed government in Yemen.

Who do you think would win the Presidency?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

What is probably true instead is that several different cyber-mercenary groups have created all of these hacking nom de plumes and are operating on behalf of anyone willing to pay the right price — including but not limited to the Russian government. We should remind ourselves amid all of this hubris that China is the master of cyber espionage and North Korea now has a formidable cyber espionage capability as well. Both countries have repeatedly attacked global targets under various false flags and masked IP addresses.

[lz_related_box id=”230754″]

The incredible danger is that any hacking group can be misrepresented by false flags, and attribution is rarely accurate and thus can never be relied on. This is especially true when the accusations are being used as rationalizations for war or halting talks aimed at peace. It is chilling that Obama either doesn’t know this or fails to understand the implications of blaming Russia outright and letting Old Uncle Joe BIden mouth off about it to Chuck Todd.

The cybersecurity space is highly complex; the layers of masquerade can be deep and are frequently surrounded by mystery. A widely differing range of targets, a bevy of false flags and bogus IP addresses, and a random hodgepodge of other fallacious indicators all combine to create serious difficulty in any attempt to connect dots. There is no immediate solution either. We need to get better about counter-espionage and we need to get serious about cybersecurity.

Whoever moves into the White House in January will face digging out from a cybersecurity deficit of unprecedented proportions, with the Kremlin and Beijing holding the upper hand. Whatever you may think of Trump, he seems to have gotten this issue right.

Steve King is the COO and CTO of Netswitch Technology Management.