[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /lit/ - 4595

File: 1478024800663.png (97.22 KB, 300x179, ttt.jpg)


hey guys so im writing a short story about a forensic computer engineer, who while investigated a cyber attack, finds evidence that the government did the cyber attack what would be a technologicaly literate way of having this happen in the story?

(i already asked this question on /irc/ i was wondering if theres a different answer


Well, for that to happen the government would have to slip up somehow, and the guy investigating would have to have lots of historical knowledge about this government.

So, for example, he would need to know what servers are really Command & Control servers owned by that government. It's knowledge that you really don't get except through rumors. Then, the govnernment would have to connect from that C&C server to something else, but accidentally not route it through tor or their other unknown servers. Lastly, the guy would have to know somehow that they connected to it that way.

One way of doing this would be to set up a honeypot. If he made his server a very juicy target that the government would love to have, he can just wait around until they try to take it, and monitor its internet connection. If they slip up, he's in business.


well he would work for the government in investigating cyberattacks


Then he would have a pretty good idea of how the government does things, thus making his job that much easier.

Things like what attacks get used, how they tend to poke around the system, and what servers they use to connect are key. Everything else you can more or less make up.


Here's one example of a government backdoor being discovered https://en.m.wikipedia.org/wiki/NSAKEY




Her own government, or a foreign government?

For her own government, assuming she has access to the appropriate information, she could recognize a lot of things about the attack, like C&C servers as mentioned, but also 0days she knows only her state has access to, payloads or monitoring systems that have a signature she would recognize, or similar.

A foreign government would be basically rumor. You'd recognize it by the same things, but how do you know which government? The answer is that if you have a state-level cyberattack on a bank in Moldova, you probably know who did it, and then when you see other attacks with the same features, you can conclude it's probably the same state.

Note that while you could do something like access C&C over Tor, that practice would be identifying of the governments that used Tor to hide C&C server addresses. Maybe the US does this, but China doesn't.