When we read the news about something going terribly wrong (or right) in cyberspace, we have already made up our minds about victim and attacker. Not only us, but obviously a large portion of the readers did as well.
If it was a botnet hitting the headlines, Russia must be behind it.
Fraud, Scam and Social Engineering is attributed to Râmnicu Vâlcea and the Great Eastern Europe (whatever countries it might consist of).
Stealing information about national security and economy? It was the Chinese!
Coding of a logic bomb being able to shut down the Internet? The bad-ass Americans.
Bypassing national security grids to twitter and Facebook about how much their government sucks? Some poor guys allover the world.
At least we got that straight. The world needs scapegoats. Hell yeah. Drawbacks? Ah, no, never.
For the arguments sake, let me us the term ‘cyberwar’ or ‘netwar’ without further defining it. I know, there are a lot of definitions out there and this article does not leave me enough space to draw the borders. So, if I wanna ‘attack’ a country, meaning: shutting down some servers, stealing vital information on the level of national security or do something similiar to piss off a country like Canada big time (January 2011 was not your month, was it?), there is only two things I need: Skill and a Chinese proxy server. Okay, the requirement is, that I am not a Chinese government backed-up hacker, but that fact should be given. What then?
Then, I can do whatever I want. I should use that Chinese proxy maybe more than once and it should be one of the ‘closest’ (in terms of first) proxies I use. Most people investigating that incident will stop trying to trace the attack, once one of the proxies the attacker used can be traced back to Chinese territory. It seems to be more comfortable and easy to add it up to the number of accusations that are already piled up on the desk of Chinese officials. Who is going to trust you after 3, 5 or 10 different countries accused your country of an act of war you have not
committed? Therefore, it does not really matter if you really committed 1 or 8 of the 10 accused attacks. If you only admit it once, you will be blamed forever. If you do not admit at all (even one incident might be really obviously supported by you) they will say, ‘we are x different sources, do we all make it up or you?’. I don’t really think there is any exit-strategy. Speaking of, we can be really happy that no national information security strategy yet implemented a retaliation with conventional means to cyber-attacks doctrine.
When the point is reached that countries will respond to severe cyber-attacks (e.g. targeting the national power grid or sensitive economical information) with conventional attacks, we should stop point the finger at the scape goat and try to increase our ability to really find out who is behind the ‘thing that hit us’.