CyberattacksWhy some claim credit for cyberattacks – and some don’t
The decision to claim credit for a cyberattack on a government or institution depends on both the goals of the attack and the characteristics of the attacker, according to a new study, which is one of the first to look into the voluntary claiming of cybersecurity operations. The researchers note that whether or not the originator of the cyberattack wished to claim credit for it, advances in cybersecurity improve the ability of government and law enforcement agencies to track hackers.
The decision to claim credit for a cyberattack on a government or institution depends on both the goals of the attack and the characteristics of the attacker, according to a study co-authored by a UConn political scientist that is one of the first to look into the voluntary claiming of cybersecurity operations.
The type of attacker – whether a state or a non-state actor such as a terrorist group – determines whether credit is claimed for a cyberattack and how it is communicated, according to the study, “Rethinking Secrecy in Cyberspace: The Politics of Voluntary Attribution,” forthcoming in the Journal of Global Security Studies. Co-authors of the study are Evan Perkoski, assistant professor of political science at UConn, and Michael Poznansky, assistant professor of political science at the University of Pittsburgh’s Graduate School of Public Affairs.
UConn says that among the findings of the study:
• Both states and non-state actors face similar decisions in the lifecycle of a cyberattack, yet the characteristics of each can cause their strategies to diverge, “particularly with the optics of credit claiming.”
• While most research treats cyber operations as distinct from more traditional elements of state power, states “may be able to leverage their cyber assets to achieve many of the same goals most frequently pursued with conventional forces.”
• The decision to privately or publicly acknowledge sponsorship of an attack may provide “crucial information about both their motives and identity.”
Perkoski says that in developing the study, a distinction was drawn between cybercrime and cyberblackmail because “they are inherently different forms of cyber operations with different goals in mind.”
He notes that typically the goal of cybercrime is personal or financial gain, which does not follow the same logic as states operating against other states in cyberspace. In the case of cyberblackmail, the attacker wants the victim to know something was stolen, such as when North Korea hacked into the servers at Sony following the release of “The Interview,” a film about assassinating its leader, Kim Jong-un.
