On Mon, Dec 28, 2020 at 12:13 PM coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, December 28, 2020 4:10 AM, Karl <gmkarl@gmail.com> wrote:
...
always sketchy when somebody says it's known who did an international hack. implies either international hackers don't know how to actually hide who they are, government security workers place blame too readily, the public is being lied to, or the international security communities are staring at each oter all day, letting each other do everything, only stopping it afterwards. or all of those, i suppose. am i wrong?
you're right. i should have said *most likely* china.
the way they (industry) attribute hacks is multifaceted. some information comes from the exploits used, which give clues to nationality, past activity, and technical capability.
the best hints are given by underlying infrastructure. if China builds an infrastructure to attack target X, Y, Z, then that same infrastructure attacks Q, you know that Q was attacked by China. (most likely :P
if a normal cracker thought of this, they would of course compromise somebody else's infrastructure and use that, as a norm. i think crackers think of things like that, if they are able to do them, which they usually are. back when i paid attention to things, random crackers were way more knowledgeable than government or corporate employees.
the wikipedia page does a good job summarizing the evidence: """ The overwhelming consensus is that the cyberattack was carried out by state-sponsored attackers for the Chinese government.[4] The attack originated in China,[6] and the backdoor tool used to carry out the intrusion, PlugX, has been previously used by Chinese-language hacking groups that target Tibetan and Hong Kong political activists.[4] The use of superhero names is also a hallmark of Chinese-linked hacking groups.[4]
when i found the trojans on the activist computers in west virginia around 2013, they were modified forms of a chinese trojan used for credit card theft, that didn't appear to be publically documented. i'd never investigated a trojan much before. my perception was that crackers lived all over the world, and got paid very well. i don't know much about it.