Experts, Microsoft push for global NGO to expose hackers

June 8, 2017 by Michel Moutot
Experts say pinning down the identity of hackers in cyberspace can be next to impossible

As cyberattacks sow ever greater chaos worldwide, IT titan Microsoft and independent experts are pushing for a new global NGO tasked with the tricky job of unmasking the hackers behind them.

Dubbed the "Global Cyber Attribution Consortium", according to a recent report by the Rand Corporation think-tank, the NGO would probe major cyberattacks and publish, when possible, the identities of their perpetrators, whether they be criminals, global networks or states.

"This is something that we don't have today: a trusted international organisation for cyber-attribution," Paul Nicholas, director of Microsoft's Global Security Strategy, told NATO's Cycon cybersecurity conference in Tallinn last week.

With state and private companies having "skills and technologies scattered around the globe" Nicholas admits it becomes "really difficult when you have certain types of complex international offensives occurring."

"The main actors look at each other and they sort of know who they think it was, but nobody wants to make an affirmation."

Microsoft already floated the idea of an anti-hacking NGO in a June 2016 report that urged the adoption of international standards on cybersecurity.

The report by Rand commissioned by Microsoft called "Stateless Attribution - Toward international accountability in Cyberspace" analyses a string of major cyberattacks.

They include offensives on Ukraine's electricity grid, the Stuxnet virus that ravaged an Iranian nuclear facility, the theft of tens of millions of confidential files from the US Office of Personnel Management (OPM) or the notorious WannaCry ransomware virus.

Duping investigators

"In the absence of credible institutional mechanisms to contain hazards in cyberspace, there are risks that an incident could threaten international peace and the global economy," the report's authors conclude.

They recommend the creation of an NGO bringing together independent experts and computer scientists that specifically excludes state actors, who could be bound by policy or politics to conceal their methods and sources.

Rand experts suggest funding for the consortium could come from international philanthropic organisations, institutions like the United Nations, or major computer or telecommunications firms.

Pinning down the identity of hackers in cyberspace can be next to impossible, according to experts who attended Cycon.

"There are ways to refurbish an attack in a way that 98 percent of the digital traces point to someone else," Sandro Gaycken, founder and director of the Digital Society Institute at ESMT Berlin, told AFP in Tallinn.

"There is a strong interest from criminals to look like nation-states, a strong interest from nation-states to look like criminals," he said.

"It's quite easy to make your attack look like it comes from North Korea."

According to experts at Cycon, hackers need only include three lines of code in Cyrillic script in a virus in order to make investigators wrongly believe it came from Russian hackers.

Similarly, launching attacks during working hours in China raises suspicions about Chinese involvement.

Hackers can also cover their tracks by copying and pasting bits and pieces of well known Trojan viruses, something that points the finger at their original authors.

Explore further: 'Tallinn Manual 2.0'—the rulebook for cyberwar

Related Stories

'Tallinn Manual 2.0'—the rulebook for cyberwar

June 3, 2017

With ransomware like "WannaCry" sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world's only book laying down the law in cyberspace ...

Cyberattacks prompt massive security spending surge

May 18, 2017

The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

Experts question North Korea role in WannaCry cyberattack

May 19, 2017

A couple of things about the WannaCry cyberattack are certain. It was the biggest in history and it's a scary preview of things to come—we're all going to have to get used to hearing the word "ransomware." But one thing ...

Recommended for you

How artificial intelligence is taking on ransomware

June 28, 2017

Twice in the space of six weeks, the world has suffered major attacks of ransomware—malicious software that locks up photos and other files stored on your computer, then demands money to release them.

Engineers use replica to pinpoint California dam repairs

June 26, 2017

Inside a cavernous northern Utah warehouse, hydraulic engineers send water rushing down a replica of a section of a dam built out of wood, concrete and steel—trying to pinpoint what repairs will work best at the tallest ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.