One of the commonly cited benefits of cyber attacks over conventional warfare is the anonymity with which actions can be taken. There’s a fine line between military action and criminal activity, and many of the same pros and cons are relevant. It’s hard to pinpoint those responsible for shady online activity, but doable, and there’s often some interesting clues left behind.
Stuxnet was perhaps the most advanced cyber weapon seen to date, and it was a suspected collaboration between the US and Israel for reasons including the celebration of its success at the retirement of Former Chief of General Staff of Israeli Defense Forces and an article outlining an attack precisely like Stuxnet written by a retired US Army special operations veteran. Finally, and most conclusively, Snowden confirmed it.
Another instance of serious cyber action was the BlackPOS malware, the virus that afflicted Target this past year. It was found to be written by a Russian teenager. Some of the evidence that led to his being caught included accidentally displaying a link to his social network profile in a video demonstrating the malware and using a personal domain in connection with the exploit.
Tracking down the Stuxnet and BlackPOS authors required some technical and political know-how, or at least how to navigate Russian black market sites for malware. That takes some doing.
On the flip side, I’ve found it almost comically interesting how much simpler it was to suspect China and Iran in recent cyber attacks. The tools China used for attacking American organizations and the activity on the social networking accounts used to steal identities were updated during the standard working hours of China and Iran, respectively. Even internet criminals like to get home for dinner.