That’s not to say attribution is impossible, but it is incredibly rare. To date, it has only been accomplished when the NSA and CIA have suffered internal leaks of their operational tools. Even then, as we saw with notpetya, it’s not always possible. In the case of notpetya, a newly leaked CIA exploit was used in an attack originally targeting the Ukraine, but containment was lost and the attack incidentally spread to many parts of the EU. It is largely believed that Russia was behind the attack, given the original target – the Ukraine – was engaged in traditional combat missions with ‘not-Russian’ soldiers, but it’s never been proven.
This level of capability dispersement is part of a larger campaign by nation states, particularly Russia, to cloud the attribution of attacks associated with government resources. This is similar to the spread of the AK-47, a weapon that’s use was so widespread that its provenance gradually became blurred. In the cyber world, for example, it’s now suspected that well-known hacks, such as the Sony hack, was not the work of the North Koreans, but in fact attributed to another source. North Korea had nothing to lose by accepting responsibility for the hack. In fact, it was a boon to the country’s status in the eyes of the world as most nations lack the capability to execute an attack of that magnitude. This gave North Korea a seat at a cyber capabilities table which still only has a select few nations sitting at it, thus allowing them to use the fear of cyber-attacks in retaliation to sanctions.
This illustrates the use of cyber capabilities in the modern world for terroristic uses. With minimal threat to loss of asset and the ability to mask the identity of the perpetrator, cyber attacks are the perfect weapon. Perpetrators are able to select targets that will cause significant strategic and financial damage, usually at magnitudes beyond what a traditional attack could inflict with little risk. While this initially seems like a neutered capability without the fear component, consider traditional attacks risk capture and defeat during the planning, recruitment, and coordination phase, as well as swift and significant retaliation for loss of life if successfully executed. Cyber attacks typically go un-countered, in fact there has never been a case where another nation has invaded or taken up arms over a cyber attack, despite most large-scale attacks causing more monetary damage and more frequently, on average, then most traditional terror attacks.
There’s no safety in numbers Denial of Service (DoS) attack capabilities consist of a large collection of systems that have been compromised and then sent commands which enables them to send network traffic to a specific target. For example, if I have 100 user systems, I can use a control panel to send a command to all 100 systems telling them to send traffic to a specific website at a specific time in order to use up all the targeted systems resources, or to generate enough traffic to raise the cost of owning the site. In real life, the amount of compromised systems used to do this type of attack start in the hundred thousand and can grow into the millions. In the last few years, technical exploits and techniques that can then magnify this traffic and create mega attacks have also emerged, vastly expanding the possibility for serious damage.