NEWS YOU CAN USE: How Spy Agency Hackers Pose As – Anybody.
The recently released WikiLeaks archives of alleged CIA hacking tools have led some cybersecurity specialists to believe that a unit called Umbrage is facilitating CIA false flag operations by acquiring and repurposing techniques – either those found online, stolen from other governments, or purchased from private security firms and illicit groups acting as brokers. Whether the CIA conducts such false flag operations remains unconfirmed. Some commentators – including WikiLeaks – have alleged that that the intention of repurposing tools is to imitate other actors, rather than that the CIA is simply improving its own arsenal. This charge rests on shaky ground at best. After all, once attacks are deployed, others can copy their techniques. A thriving market for hacking techniques has appeared in recent years. It would be surprising if government spy agencies were not taking advantage of it.
To add to the confusion, multiple actors sometimes use the same tools. For example, the 2012 attack against Saudi Aramco and the 2014 attack against Sony Pictures had in common a disk-wiping tool called RawDisk. Yet the Saudi Aramco attack has largely been attributed to Iran, while the Sony attack was blamed on North Korea – even resulting in U.S. imposed sanctions.
If a false flag operation is to be successful, it cannot rely on a single bogus lead. Some experts question whether any false flag operation can completely deceive everyone. Some false flag gambits may be meant as warning shots. “A state might try to send a signal to another state,” says Maurer, “knowing the victim state will be capable of attributing the true source, while all or most other states will not notice.”
Who can see past the false flags to fix blame for cyber attacks? The Kaspersky Lab paper argues that major signals intelligence agencies, particularly the NSA and the UK’s GCHQ, are capable of attributing attacks with certainty and confidence. The problem is, the secret agencies cannot make their cases in public. “As intelligence agencies,” the paper says, “they are blessed with the ability to see but not to publically substantiate, the gift to attribute without being believed.”
This is the kind of report which used to fill you with confidence about our spy agencies, but now makes you wonder exactly whom those tools are being used against.