The small cadre of experts who spend their time doing the meticulous, painstaking work of tracing cyber attacks is increasingly relying on a combination of advanced technical tools and old-fashioned intelligence-gathering techniques to track down the people and organizations responsible for the attacks. These investigators for years have been relying almost exclusively on custom software programs to do their work, but the changing nature and increased sophistication of the attacks has forced a change in these tactics.
The New York Times is reporting that investigators at the University of Toronto and elsewhere have had to adapt to the shift in tactics by the attackers.
Cyberforensics presents immense technical challenges that are complicated by the fact that the Internet effortlessly spans both local and national government boundaries. It is possible for a criminal, for example, to conceal his or her activities by connecting to a target computer through a string of innocent computers, each connected to the Internet on different continents, making law enforcement investigations time consuming or even impossible.
The most vexing issue facing both law enforcement and other cyberspace investigators is this question of “attribution.” The famous New Yorker magazine cartoon in which a dog sits at a computer keyboard and points out to a companion, “on the Internet, nobody knows you’re a dog,” is no joke for cyberdetectives.
To deal with the challenge, the Toronto researchers are pursuing what they describe as a fusion methodology, in which they look at Internet data in the context of real world events.
Read the full report here.