Inside the Enemy’s Computer
Identifying Cyber Attackers
When your business, your defence ministry or your PC is hacked, how do you know who did it, given the limitless range of possible culprits? This book explores the complexities of attribution.
Attribution — tracing those responsible for a cyber attack — is of primary importance when classifying it as a criminal act, an act of war, or an act of terrorism. Three assumptions dominate current thinking: attribution is a technical problem; it is unsolvable; and it is unique. Approaching attribution as a problem forces us to consider it either as solved or unsolved. Yet attribution is far more nuanced, and is best approached as a process in constant flux, driven by judicial and political pressures. In the criminal context, courts must assess the guilt of criminals, mainly based on technical evidence. In the national security context, decision-makers must analyse unreliable and mainly non-technical information in order to identify an enemy of the state. Attribution in both contexts is political: in criminal cases, laws reflect society’s prevailing norms and powers; in national security cases, attribution reflects a state’s will to maintain, increase or assert its power. However, both processes differ on many levels. The constraints, which reflect common aspects of many other political issues, constitute the structure of the book: the need for judgement calls, the role of private companies, the standards of evidence, the role of time, and the plausible deniability of attacks.
‘Who did it? This is one of the hardest questions of any investigation. It gets even harder in high-profile computer network breaches. Clement Guitton’s book is an invaluable guide to attributing cyber attacks. Inside the Enemy’s Computer adds much-needed attention to detail, historical depth, and conceptual clarity.’ — Thomas Rid, Professor in War Studies, King’s College London, and author of Cyber War Will Not Take Place
‘If you believe attribution in cyberspace is a technical problem, that it cannot be solved, and that it is unlike anything in the physical world, then you must read this illuminating book. Dr Guitton shows that attribution is really the evolving product of a political process — as it should be.’ — Richard Bejtlich, Chief Security Strategist, FireEye
‘Inside the Enemy’s Computer is a much-needed statement on the difficulties, and possibilities, of attributing cyber actions. Guitton provides a workable framework for moving forward on the issue, for both malicious criminal attacks as well as national security-related intrusions.’ — Brandon Valeriano, Reader in International Relations, Cardiff University, and author of Cyber War versus Cyber Realities
Clement Guitton is a former analyst with the Department of Defence, Switzerland; he is now an assistant manager for cyber security at PwC.