US intelligence agencies getting better at classifying cyber-attacks

July 16, 2011
Cyber Security, FedCyber Wire
No Comment

via Open Channel

When a “foreign intelligence service” hacked into the computers of a major defense contractor in March and made off with more than 24,000 Defense Department files, the subsequent report in the New York Times understandably focused on the size of the haul.

A less-obvious but important aspect of the break-in, first reported late Thursday, is what it says about the U.S. intelligence community’s increasing ability to distinguish between computer attacks by bored teenage hackers and those launched by sophisticated foreign spy agencies, according to a cyber-espionage expert.

“In general, cyber-attacks carried out by foreign intelligence services are currently easy to distinguish from the work of other groups, because of the scale of effort, the level of capabilities and the nature of the targets,” Scott Borg, director of the independent U.S. Cyber Consequences Unit, wrote Friday in an email interview. “Other groups, such as criminal enterprises and ideological militants are not, for the most part, up to mounting these sorts of attacks and wouldn’t have reason to commit the necessary resources.”

That was not always the case, writes Borg, whose nonprofit advises countries — including the United States and the European Union — and major corporations on cyber security.

“We are now past the day when the Department of Defense could mistake an attack by three teenagers for a major effort by a foreign power, as they did with Solar Sunrise in 1998,” he explained, referring to an attack on multiple Defense Department computers worldwide, later determined to have been carried out by two teenagers from California and one from Israel.

Continued here.