Abstract
Much of the publicly available information about attribution methods and concrete cases originates from reports by security companies. Still, attribution statements by government agencies generate much more attention and are regarded as more reliable. Therefore it is worthwhile to examine what methods are available to intelligence agencies and whether they can provide a more complete picture than those of security companies. In this chapter, public sources are used to gain insights into the attribution methods of intelligence services. What is the relevance of human sources and informants? How do intelligence services monitor Internet traffic to track APT activity? How can offensive cyber-operations support attribution? And how do attackers protect themselves against wiretap** and recruitment attempts from foreign intelligence services? How do the methods of IT security companies compare to those of intelligence services?
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
WikiLeaks: Development Tradecraft DOs and DON’Ts. In: Vault 7: CIA Hacking Tools Revealed (2017). http://web.archive.org/web/20170725092909/https://wikileaks.org/ciav7p1/cms/page_14587109.html. Zitiert am 25.7.2017
Petkus, D.A.: Ethics of human intelligence operations: of MICE and men. Int. J. Intell. Ethics 1(1) (2010)
Doherty, S., Gegeny, J., Spasojevic, B., Baltazar, J.: Hidden lynx-professional hackers for hire. In: Symantec Security Response Blog (2013). www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf. Zitiert am 23.08.2017
Mattis, P.: Three scenarios for understanding changing PLA activity in cyberspace. In: China Brief 15(23) (2015). https://jamestown.org/program/three-scenarios-for-understanding-changing-pla-activity-in-cyberspace/. Zitiert am 17.08.2017
Coopers, P.: Operation cloud hopper. In: PwC UK Cyber Security and Data Privacy (2017). https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf. Zitiert am 26.07.2017
Mandiant: APT1-Exposing One of China’s Cyber Espionage Units (2013). https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Zitiert am 21.07.2017
Tien-pin, L., Pan, J.: PLA cyberunit targeting Taiwan named. In: Taipei Times (2015). http://web.archive.org/web/20150311141017/http://www.taipeitimes.com/News/taiwan/archives/2015/03/10/2003613206. Zitiert am 04.09.2017
Security Response: Regin-top-tier espionage tool enables stealthy surveillance. In: Symantec Blog (2015). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/regin-top-tier-espionage-tool-15-en.pdf. Zitiert am 09.09.2017
GReAT: ProjectSauron-top level cyber-espionage platform covertly extracts encrypted government comms. In: Securelist (2016). https://securelist.com/faq-the-projectsauron-apt/75533/. Zitiert am 09.09.2017
Park, J., Pearson, J.: North Korea’s Unit 180, the cyber warfare cell that worries the West. In: Reuters (2017). http://uk.reuters.com/article/us-cyber-northkorea-exclusive/exclusive-north-koreas-unit-180-the-cyber-warfare-cell-that-worries-the-west-idUKKCN18H020. Zitiert am 09.09.2017
Tosi, S.J.: North Korean cyber support to combat operations. In: Military Review, July–August 2017. http://www.armyupress.army.mil/Portals/7/military-review/Archives/English/MilitaryReview_20170831_TOSI_North_Korean_Cyber.pdf. Zitiert am 11.09.2017
Al-Thani, R.: Khyber security station and the activities of the cyber armed forces of Iran. In: Al-Arabiya.net (2017). http://farsi.alarabiya.net/fa/iran/2017/01/15/%D9%82%D8%B1%D8%A7%D8%B1-%DA%AF%D8%A7%D9%87-%D8%A7%D9%85%D9%86%D9%8A%D8%AA%D9%89-%D8%AE%D9%8A%D8%A8%D8%B1-%D9%88-%D9%81%D8%B9%D8%A7%D9%84%D9%8A%D8%AA-%D9%87%D8%A7%D9%89-%D8%A7%D8%B1%D8%AA%D8%B4-%D8%B3%D8%A7%D9%8A%D8%A8%D8%B1%D9%89-%D8%A7%D9%8A%D8%B1%D8%A7%D9%86.html. Zitiert am 11.09.2017, Google-Ãœbersetzung aus Farsi
Greenberg, A.: A mystery agent is Doxing Iran’s hackers and dum** their code. In: Wired (2019). https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/. Accessed 1 Jan 2020
Flynn, M.T., Pottinger, M., Batchelor, P.D.: Fixing intel-a blueprint for making intelligence relevant in Afghanistan. In: Voices from the Field (2010). https://online.wsj.com/public/resources/documents/AfghanistanMGFlynn_Jan2010.pdf. Accessed 1 Jan 2020
Sciutto, J.: US extracted top spy from inside Russia in 2017. In: CNN (2019). https://edition.cnn.com/2019/09/09/politics/russia-us-spy-extracted/index.html. Accessed 2 Jan 2020
Sanger, D.E.: Trump, mocking claim that Russia hacked election, at odds with G.O.P.. In: New York Times (2016). http://web.archive.org/web/20170831041630/https://www.nytimes.com/2016/12/10/us/politics/trump-mocking-claim-that-russia-hacked-election-at-odds-with-gop.html. Zitiert am 12.09.2017
United States District Court Southern District of California: Case 3:17-mj-02970-BGS. https://assets.documentcloud.org/documents/3955509/Yu**anComplaint.pdf. Zitiert am 12.09.2017
The US Department of Justice: Chinese National Pleads Guilty to Conspiring to Hack into U.S. Defense Contractors’ Systems to Steal Sensitive Military Information. In: Justice News (2016). http://web.archive.org/web/20160401055017/https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-conspiring-hack-us-defense-contractors-systems-steal-sensitive. Zitiert am 12.09.2017
United States District Court Northern District of Illinois Eastern Division: United States of America v. Jichaoqun (2018). https://www.justice.gov/opa/press-release/file/1096411/download. Accessed 4 Jan 2020
Hosenball, M., Menn, J.: FBI trying to build legal cases against Russian hackers-sources. In: Reuters (2016). http://in.reuters.com/article/usa-cyber-russia/fbi-trying-to-build-legal-cases-against-russian-hackers-sources-idINKCN11M07U. Zitiert am 12.09.2017
Reissmann, O.: Flucht von Edward Snowden. In: Spiegel Online (2013). http://web.archive.org/web/20130626093238/http://www.spiegel.de/netzwelt/netzpolitik/edward-snowdens-flucht-rekonstruktion-a-907709.html. Accessed 13 Nov 2017
Greenwald, G., MacAskill, E.: Boundless informant: the NSA’s secret tool to track global surveillance data. In: The Guardian (2013). http://web.archive.org/web/20130731051147/https://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining. Accessed 13 Nov 2017
Spiegel Online: Britischer Geheimdienst hackte belgische Telefongesellschaft. In: Spiegel Online Netzwelt (2013). http://web.archive.org/web/20130921055633/http://www.spiegel.de/netzwelt/web/belgacom-geheimdienst-gchq-hackte-belgische-telefongesellschaft-a-923224.html. Accessed 12 Sept 2017
Marquis-Boire, M., Guarnieri, C., Gallagherm, R.: Secret malware in European union attack linked to U.S. and British intelligence. In: The Intercept (2014). http://web.archive.org/web/20170719231033/https://theintercept.com/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/. Accessed 28 July 2017
GReAT: Regin-nation-state ownage of GSM networks. In: SecureList (2014). http://web.archive.org/web/20170802165138/https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/. Accessed 10 Aug 2017
Spiegel Online: Ein deutsches Unternehmen erfährt, dass es gehackt wurde. In: Spiegel Online Netzwelt (2014). http://web.archive.org/web/20140915180305/http://www.spiegel.de/netzwelt/netzpolitik/stellar-gchq-hackte-rechnersystem-eines-deutschen-unternehmens-a-991486.html. Accessed 12 Sept 2017
Biddle, S.: White house says Russia’s hackers are too good to be caught but NSA partner called them ‘Morons’. In: The Intercept (2017). https://theintercept.com/2017/08/02/white-house-says-russias-hackers-are-too-good-to-be-caught-but-nsa-partner-called-them-morons/. Accessed 5 Aug 2017
NSA: Byzantine Hades-an evolution of collection. In: Spiegel Online (2015). http://web.archive.org/web/20150117190714/http://www.spiegel.de/media/media-35686.pdf. Accessed 14 Sept 2017
Symantec: Waterbug-Espionage group rolls out brand-new toolset in attacks against governments. In: Symantec Blogs (2019). https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments. Accessed 3 Jan 2020
NSA: ‘4th Party Collection’: taking advantage of non-partner computer network exploitation activity. In: Spiegel Online (2015). http://www.spiegel.de/media/media-35680.pdf. Accessed 14 Sept 2017
Netzwerk Recherche: Hacker im Staatsauftrag (?)-Wie sie vorgehen und wie man sie enttarnen kann. In: YouTube (2017). https://www.youtube.com/watch?v=OfRb6hssfu8&feature=youtu.be. Zitiert am. Accessed 13 Sept 2017
Howlett, W.: The rise of China’s hacking culture-defining Chinese hackers. Master’s thesis. California State University (2016). http://scholarworks.lib.csusb.edu/cgi/viewcontent.cgi?article=1413&context=etd. Accessed 13 Sept 2017
Wong, E.: Hackers find China is land of opportunity. In: The New York Times (2013). http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html. Accessed 13 Sept 2017
Greenberg, A.: Cyberspies target silent victims. In: Forbes (2007). http://web.archive.org/web/20090929182530/https://www.forbes.com/2007/09/11/cyberspies-raytheon-lockheed-tech-cx_ag_0911cyberspies.html. Accessed 14 Sept 2017
Nakashima, E.: New details emerge about 2014 Russian hack of the State Department-It was ‘hand to hand combat’. In: The Washington Post (2017). http://web.archive.org/web/20170912110914/https://www.washingtonpost.com/world/national-security/new-details-emerge-about-2014-russian-hack-of-the-state-department-it-was-hand-to-hand-combat/2017/04/03/d89168e0-124c-11e7-833c-503e1f6394c9_story.html. Zitiert am 12.09.2017
TASS: FSB finds cyber-spying virus in computer networks of 20 state authorities. In: TASS Russian Politics & Diplomacy (2016). http://web.archive.org/web/20170505015138/http://tass.com/politics/891681. Accessed 14 Sept 2017
Guerrero-Saade, J.A., Raiu, C.: Walking in your enemy’s shadow- when fourth-party collection becomes attribution hell. In: Virus Bulletin (2017). https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf. Accessed 3 Jan 2020
Attorneys for the United States: United States of America, Plaintiff v. YU PINGAN, a.k.a. ‘GoldSun’, Defendant. In: Politico (2017). https://www.politico.com/f/?id=0000015e-161b-df04-a5df-963f36840001. Accessed 10 Dec 2019
United States District Court for the District of Columbia: United States of America v. Viktor Borisovich Netyksho et al. (2018) https://www.justice.gov/file/1080281/download. Accessed 5 Nov 2019
United States District Court for the Central District of California: United States of America v. Park ** Hyok (2018). https://www.justice.gov/opa/press-release/file/1092091/download. Accessed 10 Dec 2019
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2020 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Steffens, T. (2020). Methods of Intelligence Agencies. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-61313-9_8
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-61312-2
Online ISBN: 978-3-662-61313-9
eBook Packages: Computer ScienceComputer Science (R0)