Photo via Angela N./Flickr (CC-BY)
When the hell are we going to know, with absolute certainty, who hacked the Democrats? And what are Americans going to do about it?
More and more fingers are pointing to Moscow as American authorities mull a government reaction. But many experts say that certainty is extremely difficult to come by when it comes to cyberattacks at the highest level.
"I think there's a disconnect between the rhetoric and what people assume is possible because of Hollywood and CSI," Chris Finan, a former director of cybersecurity legislation in the Obama administration, told the Daily Dot.
"The reality is, it's messy and hard," Finan, now CEO of the security firm Manifold Technology, said. "You're playing poker, you're often guessing based on probabilities. You can make great guesses, there are really good poker players. But you're often guessing."
Finan described the process of combing through forensic evidence—the guts of the hack including potentially many millions of files—and comparing it to previous malware. But nothing is so simple as it seems.
"If the guys are really good, they're not leaving much evidence or they're leaving evidence to throw you off the scent entirely. Those are known as false flag operations." Finan continues:
If they're a really high end intelligence service, they could route their attack through China and somebody might think the attack emanated from China where it in fact came from somewhere else. But they made it look Chinese.
It's some combination of the forensic evidence coupled with some other information, like human intelligence or signals intelligence, like an intercept or a phone call where someone directed somebody to do this hack. You want some other intel source that corroborates the forensic evidence.
But the ones who are really good at it, it's hard to know they're even there. And they're there for years.
"Frankly, the idiots that immediately think about just retaliating in kind in cyberspace aren't thinking very creatively or critically about how you do deterrence or how you send signals or how you make people feel pain," Finan argued.
Attribution is hard—that's your disadvantage as a defender but your advantage once you go on the offense. Telegraphing an attack in advance is asking for failure.
"Why would you want to send a signal in a space where stealth is your biggest advantage?" Finan said. "Whereas sanctioning the head of the FSB and GRU [Russia's intelligence agencies widely thought to be involved in the DNC hacking], that's pain, and it sends a really crisp signal."
The American response is a potential political minefield if it appears to be trying to help Hillary Clinton be elected president. That appears less and less likely today as more Republicans are calling for action. But in that sense, retaliation becomes a political decision.
"Some people say it's in the DNC's interest to focus on the act and not the content [of the breach]," Finan said.
"My response is, do you really think the DNC is the only political party hacked? Look at the glass house you're living in before you start throwing rocks."