Home » Around the Globe » Dangerous Conversations

Dangerous Conversations

By Kevin Coleman — Defense Tech Cyberwarfare Correspondent

Perhaps the most frequent comment about “Cyber” is – why do we just sit here and take it! We should fire back! I am not saying that we do not or have not returned cyber fire, but the major stumbling block is attribution. This is a hot discussion now that some of the details about “Shady Rat” have become public. Some are pointing to China as being the culprit behind the attack. Some conversations are already calling for retaliatory strikes. Is there enough evidence to support these claims?

Attribution (link http://​www​.dtic​.mil/​c​g​i​-​b​i​n​/​G​e​t​T​R​D​o​c​?​A​D​=​A​D​A​4​6​8​859 ) is typically described as “determining the identity or location of an attacker or an attacker’s intermediary.” The word is often used interchangeably with trace-back or “source tracking.” While there are many techniques for investigating and determining attribution, there are as many if not more ways for attackers to hide their tracks. These concealment techniques and lack of international agreements supporting cyber attack investigation and many other legal and political issues combine to make attribution very difficult. This difficulty cast doubt over the statements that divulge who was behind the attack.

What is reasonable doubt in the context of a cyber attack? According to the Lectric Law Library’s Lexicon, REASONABLE DOUBT is the level of certainty a juror must have to find a defendant guilty of a crime. A real doubt, based upon reason and common sense after careful and impartial consideration of all the evidence, or lack of evidence, in a case. Proof beyond a reasonable doubt, therefore, is proof of such a convincing character that you would be willing to rely and act upon it without hesitation in the most important of your own affairs. However, it does not mean an absolute certainty. If this is what we use in cyber attribution, we may never return fire.

This is not a criminal proceeding! While the degree of certainty must be factored in to whether or not to retaliate and determine what retaliatory measure will be taken (kinetic versus digital), the current legal definition is problematic. The level of confidence/reasonable doubt, as related to cyber warfare, has no case law to provide guidance. How will we determine that threshold?

UMUC: Cultivating Tomorrow's Cyber Warriors
UMUC's cybersecurity programs are designed to address the serious workforce shortages of highly skilled cyber professionals needed to protect our nation's infrastructure. These programs provide students — looking to advance professionally, change careers or build on existing skill sets — with the proper tools to enter the cybersecurity field. UMUC is designated a National Center of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security. To learn more about these degree and certificate programs offered entirely online, visit http://military.umuc.edu.

{ 14 comments… read them below or add one }

Trooper2 August 8, 2011 at 11:11 am

Other that enthusiasm and a dictionary definition, this is a pretty empty "article". I read for content - I'm not looking for cheerleading.


Brian August 9, 2011 at 6:50 pm

Look the obvious objective was to bring out the fact that people - not thinking through their actions and words - are talking about retaliation when we aren't even sure who was behind the attack. Sorry you did not get that! It must have went over your head!


Big Guy August 8, 2011 at 12:19 pm


Ever heard the saying, "If you can't say something nice, don't say it at all"?

Take the advice or post your own article.


Trooper2 August 10, 2011 at 3:40 pm

Point taken. But sometimes you have to call 'em as you see 'em, and I stand by my comments. My post was not intended to insult anyone, and Kevin is free to consider or ignore my comments.


marvel August 8, 2011 at 2:30 pm

I have always found it interesting that these cyber-related articles typically get far fewer comments than more typical posts. This goes to show just how difficult it is to answer these questions.


markus wolf August 8, 2011 at 2:57 pm

there's not many replies because there is usually no substance to what's posted. Kevin is trying his best at FUD that's what he does.

If you're a victim of a spear phishing attack, that's a personnel problem. If you are the victim of a SQL injection that's a personnel problem. DDoS attack? get over it. I could go on.

Sadly people who are making law and policy have no idea what they are doing, they are coming up with increasingly stupid remedies.


imfine August 8, 2011 at 4:04 pm

I think its quite obvious, this is just a fluff article to meet an advertising quota the Univ of Maryland. If you google the author, you'll see lots of nuttiness, including a very embarrassing session where he claimed China was inventing a new kind of Operating System to leap frog the US. If you follow the references he mentioned under oath, its really just a fork of a 30 yo Operating system with a focus on Madarian language support.


Oblat August 8, 2011 at 9:52 pm

Yea Kevin is a joke, all marketing and no content. In the early day he made such laughable statements that were shredded by readers that he just doesn't say anything these days

And not even decent marketing - looking up the definition of "Attribution" and "doubt"? Christ we'd get rid of that sort of sophomoric marketing yesterday.
It gets even lamer when you realize that he is astroturfing the entries too.

You'd think the editors could get someone who knew something (anything) about network security.


Christopher Bloom August 8, 2011 at 2:43 pm

The reason that Hackers in China can do this stuff with impunity is they all have the tacit approval of the government and just enough anonymity.
The US has the Rule of law meaning private citizens with the computer skills can't retaliate against hackers in foreign country's with out risking arrest.
In China their is not separation of powers meaning the military and security services in China can order the Law enforcement and courts to ignore complaints against hackers.

We can't develop these kinds of comprehensive skills in the US because we would get caught when the foreign government reported the digital attack look what has happened to these Hacktivist are being caught left and right.


Matt August 8, 2011 at 4:39 pm

You can’t have the US government support Internet vigilanties. What America needs is a CIA/Delta Force esq black budget hackers. America has deniablity, while also getting to strike back against China and it’s hackers


Christopher Bloom August 8, 2011 at 5:21 pm

But the US MIl/Intell comunity can't suport a large comunity of hackers who could provide a meningfull deterent to the hords of hackers in China and N Korea.

I believe S Korea just busted a large criminal hacker ring who was using N Korean Hacker to break in to S Korean On line Games, and stole like Six Million Dollars worth of Game credits which was funneled in the the North.


dwright doqwns August 9, 2011 at 12:06 pm

Back in the Old Days (before PCs and Cell phones, the late 80s) when there were just land lines, radios, and golf balls housing SATCOM, one answered the phone including the phrase…"this line is not secure.."knowing we could, probably were, being monitored by someone, depending on ones mission.
Too bad, now when every communication is basically a radio, encripted or not, people forget that what is made can be broken. There are people who hack for the challenge—put them on the payroll and see how long it takes them to hack into our systems before they are on line. Do a test drive. What is a week or two? It is like letting privates test drive newly designed vehicles before they are on the assembley line…Pvt or PFC can wreck any thing and s(he) can find the quick way to fix it.


Alex August 10, 2011 at 3:59 pm

Here's the response of the people who need to have there system tested (again):
We have a project/s running, there's no time, to disruptive, Oh! we do have an opening in 2 years, we could do your what's it called? Oh yes, your red team project, how about then. Goodbye.

(And how fast does cybertech evolve?)

Read more: http://defensetech.org/2011/07/18/dod-cyber-strat…


Russell Barclay August 9, 2011 at 9:04 pm

Perhaps Shady Rat was in retaliation for something else?

Anyway, I'm not sure the juridical limitations apply in cyberspace. Not every terrorist is entitled to a Hollywood lawyer and a book deal before hanging. Certainly not in the ethereal world of cyberspace.

Remember the SAC motto: Failure to counter the threat. When in doubt, just take them out.


Leave a Comment

Previous post:

Next post: