When it comes to pointing the finger for last year’s historically-disruptive NotPetya cyberattack, nobody could accuse the US and UK of dodging the issue.
First the UK, and then the US, named their chief suspect – Russia – in near-synchronised statements that set out to dissolve the secrecy and confusion that cloaks many cyber-incidents.
UK Defence Secretary Gavin Williamson said at the time:
Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information.
Which echoed White House Press Secretary Sarah Sanders:
This was also a reckless and indiscriminate cyberattack that will be met with international consequences.
In a possible first, the three other members of the Five Eyes intelligence alliance – Australia, Canada and New Zealand – also put out statements blaming Russia too.
We’ve heard US-led condemnations before. Examples include that Russia hacked the Democratic National Committee in 2016, that North Korea was behind WannaCry and, further back in time, a lot of fuss about China’s APTs stealing intellectual property from US companies.
The problem is accusations only get you so far: no technical evidence against Russia has been offered beyond noting that NotPetya appeared to have been aimed at arch-Russian foe, Ukraine.
Inevitably – whether Russia was behind the attack or not – it can dismiss the accusation as “Russiaphobia” in a way that makes that defence sound plausible.
To onlookers, a cyberattack that happened over six months ago (and whose central software exploit has been patched) will sound like old news. Cyberattacks are a regular occurrence after all.
That would be to underestimate NotPetya’s deeper significance, which was unlike any other cyberattack yet recorded, bar perhaps the WannaCry attack which preceded it by mere weeks.
NotPetya should be the last attack the US would want to remind the world of given that it exploited the EternalBlue Windows SMB vulnerability leaked to The Shadow Brokers hacking group from none other than the US National Security Agency (NSA) itself.
In other words, the US and the world had been attacked using its own cyberweapons loaded with a home-made exploit, which is as embarrassing as cyberwar gets.
The US and its allies probably calculate they have little to lose by warning alleged perpetrator Russia about its conduct after the event.
But it seems only fair to point out that had the NSA secured its cyberweapons more competently, the attacks would not have been possible.
David M
The story of “The Boy Who Cried Wolf”. 5 eyes leaders should read it.
roleary
Bit late for that.
Laurence Marks
> But it seems only fair to point out that had the NSA secured its cyberweapons more competently, the attacks would not have been possible.
Or had the NSA performed responsible disclosure instead of hogging the goodies for itself.
John C
Whether the tools are stolen from the NSA or Russia develops them themselves, it is very troubling that they would unleash them on the world to indiscriminately cause damage. Has Russia declared war on the whole world? Or do they just not care who they hurt as long as they cause problems for Ukraine? Whatever the intent, they are the bad boys of the world and need to be exposed as such.
The lack of proof is, I assume, an effort to keep the intelligence community’s forensic tools under wraps. As soon as the perpetrators know the means of detection, they will take countermeasures. As you point out, the secrecy will allow both those who want to believe that western governments always lie, and those who want to believe the Russians have re-embraced cold war Soviet attitudes to feel justified.
Wilderness
It’s always easier to attack than to defend. Every developed nation’s attack capabilities are greater than their defensive capabilities.