Received 14.06.2022. Revised 10.092022. Accepted 29.09.2022.
Abstract. The work is devoted to the problem of attribution of cyberattacks as one of the top important issues on the global agenda of world politics. The subject of this research is targeted offensive computer attacks that perform state tasks. The authors have systematically analyzed the conceptual apparatus, classification features and general indicators, a set of problems related to identification of reliable sources of cyberattacks, as well as the features of targeted attacks and cybernetic groups supported by state actors. This allowed to conclude that the problem of attribution is emerging as a new scientific direction in the field of international information security. Based on the analysis of relevant studies of academic institutions and private companies, an attribution classification was proposed. It was utilized to review conceptual informal models of targeted computer attacks. The authors have analyzed issues of the applied methodological apparatus, which may affect the reliability of conclusions on imposing responsibility on the perpetrator of cyber-attack, while noting that there is a contradiction between the perception of the attribution results by various political blocs and unions. At the same moment, the USA and its allies are reported to pursue a policy of dominance in the field of attribution of targeted cyber-attacks. The paper proves the impact of modern breakthrough information technologies of the Fourth Industrial Revolution on the security of cyberspace as well as the impact of the attribution problem on the level of international security and strategic stability. This issue includes a complex set of political, regulatory, organizational and technical tasks with a high degree of uncertainty, where political aspects are playing a central role. The conclusions are confirmed by the statistics of public reports of IT companies and publications of leading research institutes. The main scientific result of the work is formulation of the problem of divergence in the attribution of computer attacks between political blocs and alliances, which negatively affects international security. The authors propose topical measures to solve the problem of attribution of cyberattacks.
Keywords: computer attack attribution, cyberattack, cyber security, cyberspace security, cyber threat, cyber weapons, APTattack, cyberattack attribution report
1. Harris S. @War: The Rise of the Military-Internet Complex. Boston, Houghton Mifflin Harcourt, Eamon Dolan, 1st ed., 2014. 288 p.
2. Steffens T. Attribution of Advanced Persistent Threats. How to Identify the Actors Behind Cyber-Espionage. Berlin, Springer, 2020. 205 p. DOI: 10.1007/978-3-662-61313-9
3. Grotto A. Deconstructing Cyber Attribution: A Proposed Framework and Lexicon. IEEE Security & Privacy, 2020, vol. 18, no. 1, pp. 12-20. DOI: 10.1109/MSEC.2019.2938134
4. Goel S., Nussbaum B. Attribution Across Cyber Attack Types: Network Intrusions and Information Operations. IEEE Open Journal of the Communications Society, 2021, no. 2, pp. 1082-1093. DOI: 10.1109/OJCOMS.2021.3074591
5. Wheeler D.A., Larsen G.N. Techniques for Cyber Attack Attribution. Institute for Defense Analyses. October 2003. 84 p.
6. Lukatskyi A.V. Determining the Source of Cyber-Attacks. Security Index, 2015, vol. 21, no. 2 (113), pp. 73-86. (In Russ.)
7. Romashkina N.P., Markov A.S., Stefanovich D.V. International Security, Strategic Stability and Information Technologies. Moscow, IMEMO, 2020. 98 p. (In Russ.) DOI: 10.20542/978-5-9535-0581-9
8. Romashkina N.P. Global Military Political Problems in International Informational Security: Trends, Threats and Prospects. Cybersecurity Issues, 2019, no. 1 (29), pp. 2-9. (In Russ.) DOI: 10.21681/2311-3456-2019-1-2-9
9. Krutskikh A.V., Streltsov A.A., Tikk E. International Information Security: Problems and Ways of Solving them. Routledge Handbook of International Cybersecurity. Tikk E., Kerttunen M., eds. London, Taylor and Francis, 2020, pp. 260-268. DOI: 10.4324/9781351038904-26
10. Zinovieva E.S. Cyber-Deterrence and Digital Security Dilemma in American Expert Discourse. International Trends, 2019, no. 3 (58), pp. 51-65. (In Russ.) DOI: 10.17994/IT.2019.17.3.58.4
11. Sebekin S. Constant Involvement in Cyberspace: New US Strategy and its Correlation with the Concept of Cyber Support. International Trends, 2020, vol. 18, no. 3 (62), pp. 96-125. (In Russ.) DOI: 10.17994/IT.2020.18.3.62.3
12. Shakleina T.A., Baykov A.A., eds. Megatrends. The Main Trajectories of the Evolution of the World Order in the XXI Century. Moscow, Aspect Press, 2022. 520 p. (In Russ.)
13. Streltsov A.A. Sovereignty and Jurisdiction in the Environment of Information and Communication Technologies in the Context of International Security. The International Affairs, 2017, no. 2, pp. 87-106. (In Russ.) Available at: https://interaffairs.ru/jauthor/material/1806 (accessed 23.09.2022).
14. Healey J. Beyond Attribution: Seeking National Responsibility for Cyber Attacks. Atlantic Council. IssueBrief, 2012, no. 2, pp. 1-8. Available at: https://www.files.ethz.ch/isn/142271/022212_ACUS_NatlResponsibilityCyber.pdf (accessed 23.09.2022).
15. Cal N.M. Crossing the Rubicon: Identifying and Responding to an Armed Cyber-Attack. International Conference on Cyber Conflict (CyCon U.S.), 2016, pp. 1-7. DOI: 10.1109/CYCONUS.2016.7836612
16. Biller J., Schmitt M. Classification of Cyber Capabilities and Operations as Weapons, Means, or Methods of Warfare. International Law Studies, 2019, vol. 95, pp. 179-225.
17. Smirnov A.I. The Problem of Attribution of Cyberattacks in the Context of International Information Security. International Information Security: A New Geopolitical Reality. Zinovieva E.S., Alborova M.B., eds. Moscow, Aspect Press, 2021, pp. 61-66. (In Russ.)
18. Markov A.S., Sheremet I.A. Enhancement of Confidence in Software in the Context of International Security. CEUR Workshop Proceedings, 2019, vol. 2603, pp. 88-92. Available at: http://ceur-ws.org/Vol-2603/paper19.pdf (accessed 23.09.2022).
19. Skopik F., Pahi T. Under False Flag: Using Technical Artifacts for Cyber-Attack Attribution. Cybersecurity, 2020, vol. 3, no. 8, pp. 1-20. DOI: 10.1186/s42400-020-00048-4
20. Dacier M., Pham V.-H., Thonnard O. The WOMBAT Attack Attribution Method: Some Results. Proceedings of the Fifth International Conference Information Systems Security. ICISS, 14–18.12.2009, pp. 19-37. DOI: 10.1007/978-3-642-10772-6_3
21. Nguyen V. Attribution of Spear Phishing Attacks: A Literature Survey. Edinburgh (Australia), DSTO, 2013. 167 p.
22. Derian-Toth G., Walsh R., Sergueeva A., et al. Opportunities for Public and Private Attribution of Cyber Operations. Tallinn Paper, 2021, no. 12. 80 p. Available at: https://complexdiscovery.com/wp-content/uploads/2021/08/Tallinn-Papers-Attribution-18082021.pdf (accessed 23.09.2022).
23. Minto B. The Pyramid Principle: Logic in Writing and Thinking. London, Minto International, PLR, 2021. 240 p.
24. Rid T., Buchanan B. Attributing Cyber Attacks. The Journal of Strategic Studies, 2015, vol. 38, no. 1–2, pp. 4-37. DOI: 10.1080/01402390.2014.977382
25. Caltagirone S., Pendergast A., Betz C. The Diamond Model of Intrusion Analysis. London, Defense Technical Information Center, 2013. 80 p.
26. Brandao P.R. Advanced Persistent Threats (APT)-Attribution-MICTIC Framework Extension. Journal of Computer Science, 2021, no. 17 (5), pp. 470-479. DOI: 10.3844/jcssp.2021.470.479
27. Markov A.S. Problems of Attribution and Regulation of International Information Security. 14th International Forum “Partnership of the State, Business and Civil Society in Ensuring International Information Security”. Moscow, NAMIB, 2020, pp. 88-93. (In Russ.)
28. Krutskikh A.V., Biryukov A.V., Boyko S.M., et al. International Information Security: Theory and Practice. Krutskikh A.V., ed. Moscow, MGIMO, 2021. Vol. 1. 384 p. (In Russ.)
1. Letter dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations Addressed to the Secretary-General. A/66/359. (In Russ.) Available at: http://rus.rusemb.org.uk/data/doc/internationalcoderus.pdf (accessed 05.04.2022).
2. Decree of the President of the Russian Federation No. 400 dated 02.07.2021 On the National Security Strategy of the Russian Federation. (In Russ.) Available at: http://www.kremlin.ru/acts/bank/47046 (accessed 23.07.2021).
3. Decree of the President of the Russian Federation No. 213 dated 12.04.2021. On the Approval of the Basic Principles of the Russian Federation State Policy on International Information Security. (In Russ.) Available at: http://www.kremlin.ru/acts/bank/46614 (accessed 23.05.2022).
4. Address to Participants and Guests of the 10th Moscow Conference on International Security. 16.08.2022. (In Russ.) Available at: http://www.kremlin.ru/events/president/news/69166 (accessed 23.08.2022).
5. Threat of cyber-attacks on Russian information resources. ALRT‑20220224.1. NKTsKI. 24.02.2022. (In Russ.) Available at: https://safe-surf.ru/upload/ALRT/ALRT-20220224.1.pdf (accessed 25.02.2022).
6. Biden Has Been Presented with Options for Massive Cyberattacks against Russia. NBC NEWS, 24.02.2022. Available at: https://www.nbcnews.com/politics/national-security/biden-presented-options-massive-cyberattacks-russia-rcna17558 (accessed 25.02.2022).
7. National Cyber Strategy of the United States of America. September 2018. Available at: https://trumpwhitehouse.archives.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf (accessed 23.04.2021).
8. Defending the Nation from Cyber Attack (Business Executives for National Security). As Delivered by Secretary of Defense Leon E. Panetta, New York, Thursday, 11.10.2012.
9. Putin Called the Accusations of Collusion with Trump a Pretext for Deterring Russia. TASS, 06.10.2019. (In Russ.) Available at: https://tass.ru/politika/6968463 (accessed 15.04.2021).
10. Hackers are Looking for Moscow’s Hand. The Kremlin Denies Involvement in a Cyberattack on the US Government. Kommersant, 15.12.2020. (In Russ.) Available at: https://www.kommersant.ru/doc/4614995 (accessed 07.09.2022).
11. “We Hope that Common Sense Will Prevail in Washington”. Russian Security Council Secretary Nikolai Patrushev on the Crisis in Relations with the United States and Ways out of It. Kommersant, 08.04.2021. (In Russ.) Available at: https://www.kommersant.ru/doc/4762137 (accessed 07.09.2022).
12. OECD: Damage to the Global Economy Due to the Pandemic Will Amount to $7 Trillion by the End of 2021. TASS, 17.09.2020. (In Russ.) Available at: https://tass.ru/ekonomika/9478165 (accessed 23.03.2022).
13. Austrian Foreign Ministry: ‘State Actor’ Hack on Government IT Systems is Over. The Register, 14.02.2020. Available at: https://www.theregister.com/2020/02/14/austria_foreign_ministry_hack_turla_group_allegs (accessed 04.04.2021).
14. Joint Statement from the Departments of Justice and Homeland Security Assessing the Impact of Foreign Interference During the 2020 U. S. Elections. Departments of Justice. 16.03.2021. Available at: https://www.justice.gov/opa/pr/joint-statement-departments-justice-and-homeland-security-assessing-impact-foreign (accessed 25.02.2022).
15. News Conference Following Russia-US Talks. Geneva. 16.06.2021. (In Russ.) Available at: http://en.kremlin.ru/events/president/news/65870 (accessed 08.09.2022).
16. For the First Time in the World! In Response to the Cyberattack, Israel Immediately Launched an Airstrike. 05.05.2019. Available at: https://vk.com/@cyber_sec-vpervye-v-mire-v-otvet-na-kiberataku-izrail-nemedlenno-nanes (accessed 23.09.2022).
17. About Attribution.news. Available at: https://attribution.news/about/ (accessed 23.04.2022).
18. Case Studies. Available at: https://attribution.news/studies/ (accessed 23.04.2022).
19. Crowdstrike 2021 Global Threat Report. Available at: https://www.fbcinc.com/source/virtualhall_images/CyberMaryland/CrowdStrike/2021_Global_Threat_Report_FINAL_.pdf (accessed 23.09.2022).
20. Microsoft Digital Defense Report. October 2021. Available at: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi (accessed 23.05.2022).
21. Groups. Available at: https://attack.mitre.org/groups/ (accessed 23.09.2022).
22. DARPABAA1634: Enhanced Attribution. Research. USC. Available at: https://nsarchive.gwu.edu/sites/default/files/documents/5977342/National-Security-Archive-Department-of-Defense.pdf (accessed 23.09.2022).
23. WOMBAT – Worldwide Observatory of Malicious Behaviors and Attack Threats. Available at: http://www.wombat-project.eu/ (accessed 23.03.2022).
24. Intelligence Cycle Graphic. FBI. Available at: https://www.fbi.gov/image-repository/intelligence-cycle-graphic.jpg/view (accessed 23.04.2022).
Registered in System SCIENCE INDEX