Thursday, August 4, 2011

RSA culprit: China and not Iran

On March 28th I wrote that a supposed Iranian "student" took responsibility for the RSA certificate heist. The referenced Pastebin.com bragging might well have been a bit of Chinese misdirection, based upon today's revelation from John Stewart at Dell SecureWorks tracing the command and control of  that penetration to…yep…the usual suspect: China.

As I commented on July 7th, attribution is a key component of cyber retaliation. I now reiterate that our current cybercrime laws tie our hands and make it impossible to do "aggressive back tracing" on attacks. Some wonker claimed to be an Iranian student when he took credit for the RSA cyber exploit. It took over four months to come up with a much more likely culprit. It doesn't need to be this way.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?