Make us your home page

Today’s top headlines delivered to you daily.

(View our Privacy Policy)

What makes cyberattacks so hard to trace?

NEW YORK — The attacks that knocked South Korean banks offline this week appear to be the latest examples of international "cyberwar." But among the many ways that digital warfare differs from conventional combat: there's often no good way of knowing who's behind an attack.

South Korean authorities said Thursday that the attack, which shut down scores of cash machines and hampered business, had been traced to an "Internet Protocol" address in China. But that doesn't mean the attack was launched from there. The general assumption in South Korea is that the attack originated in North Korea.

"IP" addresses are, roughly speaking, the phone numbers of the Internet. Each connected computer has a number that identifies it uniquely on the network, so the Chinese IP address implies that a computer in China was involved in the attack.

However, that computer could have been controlled from elsewhere, either because someone bought access to it, or because it's been infected with malicious software. To determine the location from which it's being controlled, investigators would need access to that computer, or to the records of the company hosting the computer. That's unlikely to be forthcoming from a Chinese company.

"China is obviously a popular place to hide things," said Dan Holden, director of security research at Arbor Networks' Security Engineering & Response Team. Chinese authorities are difficult to work with, and there's a language barrier, he said.

In addition, China is believed to be conducting its own campaign of cyber-espionage, which means that attacks launched from there are often simply attributed to the Chinese government, even if it isn't responsible for the aggression, Holden said.

"If you are any nation state or even any attacker right now, why wouldn't you hide in China right now?" Holden asked rhetorically.

Apart from tracing the path an attack takes through the Internet, there's another way to figure out who's behind it: analysis of the software involved. Malicious software, or "malware," can provide clues to its creator. Some of those are obvious, like comments inserted into the written code. However, such comments can be easily faked to lead investigators astray. More subtle analysis can be fruitful, according to Christopher Novak, managing principal of the global investigative response team at Verizon Communications Inc.

"In many cases, the malware that you see on the computer is very similar to a cold or an illness that a person gets ... The strain of the cold that I have and the strain of the cold that you have may be slightly different, but when we look at the DNA and makeup and see they're 99.9 percent the same, there's a pretty good chance one of us transmitted it to the other," Novak said. "When we analyze malware codes, we see the elements that are copied and reused, certain programming styles."

Such analysis can yield important clues, but rarely rock-solid attribution. The U.S. Department of Defense has said that a cyberattack can merit a violent response, but first you have to know who to target.

"Digital attribution is extremely difficult and if you want to do it, it takes some serious effort," Holden said.

What makes cyberattacks so hard to trace? 03/21/13 [Last modified: Thursday, March 21, 2013 6:00pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, Associated Press.

Join the discussion: Click to view comments, add yours

  1. A meatless burger that tastes like meat? Ciccio Restaurants will serve the Impossible Burger.

    Food & Dining

    TAMPA — The most red-hot hamburger in the nation right now contains no meat.

    Luis Flores, executive chef at Ciccio Restaurant Group, prepares an Impossible Burger at Epicurean Hotel's Food Theatre. Impossible Burger is a plant-based burger that will launch on Sept. 27, 2017 in all the Ciccio Restaurant Group locations, except for Fresh Kitchen. "This burger caters to the carnivorous, not just the vegetarians" said Jeff Gigante, co-founder at Ciccio Restaurant Group. ALESSANDRA DA PRA  |   Times
  2. Plan your weekend: Sept. 22-24: Buffyfest, Arcade Fire, Howl-O-Scream, Wanderlust 108 and 'Rent'


    Plan your weekend

    Pop show

    Florida Björkestra's Buffyfest: Pop culture meets pop music when the Florida Björkestra, a 20-piece alternative-classical ensemble that tributes ground-breaking pop artists, on Saturday will play with eight vocalists for "Once More with …

    The 20th anniversary tour of RENT, shown in 2016, comes to the David A. Straz Jr. Center for the Performing Arts Sept. 19-24, 2017. Photo by Carol Rosegg.
  3. Chris Archer, 25,000 Cubs fans and Tampa Bay's painful truth

    The Heater

    ST. PETERSBURG — The biggest ovation inside Tropicana Field on Tuesday night was not for Cubs manager Joe Maddon, who was returning for the first time since managing the Rays.

    "W" flags fly in the stands after the game between the Chicago Cubs and the Rays Tuesday at Tropicana Field in St. Petersburg. [WILL VRAGOVIC   |   Times]
  4. A rendering of the Bucs' indoor practice facility.
  5. Poorly assembled 'Lego Ninjago Movie' waters down Lego movie franchise


    Well, that didn't take long.

    After only three movies, the Lego franchise is already a shadow of its original self, less irreverent and go-for-broke bricky. The watering down of an ingenious formula comes with The Lego Ninjago Movie, the sort we expected all along from plastic construction toys.

    A scene from "The Lego Ninjago Movie." (Warner Bros.)