Source: Eric Basu and Cameron Matthews – Sentek Global – Help Net Security:
Many would argue, and understandably so, that government does not often provide models for corporations to follow to improve their bottom line. However, federal agencies have long taken the leadership position in cyber security on this one key point; recognizing that it’s not enough to know how networks were hacked, but also to know by whom.
Technical versus social attribution
It’s not at all uncommon that the origins of a virus, worm or other computer attack may reside in one continent, but at the behest of an organization or individual located in a far different region of the world. Case in point – a recent report by researchers in Canada noted that a Chinese Network called GhostNet, purported to be sanctioned by the Chinese government to conduct intelligence gathering over the Internet, controls some 1,200 infected computers in more than 100 countries, including North America, Kuwait and India. While the government denies the allegations, the point here is well made; just because a malicious infiltration against an organization comes from one part of the globe doesn’t mean the people behind it are from that area.