When the report was published, it was detailed down to the level of singling out the Chinese People's Liberation Army cyber espionage group known as Unit 61398. The US Department of Justice backed up the report when it indicted five officers from the unit on charges of hacking and stealing intellectual property from American companies.
The report changed the benefit-risk calculus of the attackers, according to a German cyber-espionage investigator.
Prior to that report, cyber-operations were seen as almost risk-free tools. The report came up with hypotheses and documented 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 888-739-5110 It was clear that this was not a one-off lucky finding, but that the tradecraft can be applied to other operations and attacks as well.
The consequences of the headline- grabbing news were far-reaching. The United States accused China of systematic massive theft, leading to the visit of the Chinese president to the United States in 2015.
The elephant in the room that no one dared to mention was attribution.
Intelligence officers are now well-versed in the technical side of the business, and that final step has been missing. To be able to attribute a cyberattack, intelligence analysts look at a range of data including the software the hackers used, the infrastructure or computers they orchestrated to conduct the attack, intelligence and intercept communications, and who stands to gain.
As patterns emerge, the easier it is to attribute. The world's best hackers make mistakes, leave behind clues, and reuse old tools to make the case. There is an ongoing arms race between analysts coming up with new ways to uncover hackers and the hackers trying to cover their tracks.
The speed with which the Russian attack was attributed showed that previous delays in naming names were not due to a lack of data or evidence. It was about politics.
Wilde worked at the White House until 2019. My interactions with Anne Nueberger led me to believe that she is the type that can move mountains and cut through red tape. That is the person she is.
Wilde argues that the White House needs to act more quickly because of the risk of hundreds of thousands of lives.
The administration seems to have gathered that the best defense is a good pre-emptive offense to get ahead of these narratives, pre-bunking them, and inoculating the international audience whether it be the cyber intrusions or false flags and fake pretexts.
An adversary's cyber-strategy can be impacted by public attribution. It can signal that they are watched and understood, or that costs must be imposed when operations are uncovered. It can lead to political action such as sanctions against the bank accounts of those responsible.
It is a signal to the public that the government is closely tracking malicious cyber activity and working to fix it in a way that you can often go and read in public indictments or intelligence reports.
“It creates a credibility gap, particularly with the Russians and Chinese," he says. "They can obfuscate all they want but the US government is putting it all out there, for public consumption, a forensic accounting of their time and efforts."