BBC published a story today about the report done on the attacks against TV5 in France in April of last year. At the time, it was said to have been done by a group connected to ISIS, but as the latest reporting shows, it was Russian hackers operating outside their normal intelligence gathering function. The BBC article refers to APT 28 without giving credit to FireEye for the discovery or documentation of that group's activities and country of origin. For a simple explanation of the work of this group see APT 28: A Window into Russia's Cyber Espionage Operations? The question mark at the end tells a lot about the links between the Russian government and the cyber operations of this group. APT 29 gets into some of those details. [ You will have to provide contact information to FireEye to download this report ].
The importance of the French analysis, though old in cyber standards, is the portrayal of a destructive attack against a network television station. It also shows that the Russians not only know how to do that, but are willing to do it while blaming some other group for the mischief. Even FireEye leaves room in the attribution to the Russian government, but it is also obvious that they believe it has to be centered there.
BBC talked to Yves Bigot, the director-general of TV5Monde who described how close the network came to going down completely. He said if they hadn't just opened a new part of the network, the technicians would not have been there to stop it from getting worse. The damage would have been lasting since it was not a denial of service attack using the usual methods. It was destructive, and its intent was to make the damage last.
I certainly hope the U.S. paid attention. France has to do something though the effects are somewhat reduced by the length of time that has transpired between the events and the report. This is the basic problem with attribution, especially to a government. By the time we figure it out, the event is long over. This is the reason for maintaining a strong deterrence policy and intelligence collection of our own. For France, there has to be some retaliation, since deterrence seems to have failed. For the U.S there is reason to note that the theoretical portrayal of denial of service of basic infrastructure may be more than just a theory.
No comments:
Post a Comment