Understanding your enemies and theirs tactics is the only way to identify them in cyberspace.
In traditional warfare, identifying your enemy wasn't all that difficult. For centuries you could see them across the battle field and even with the introduction of long-range missiles, the identity of the person attacking you was pretty clear-cut.
Things are not so clear-cut as we enter the era of cyber-warfare. According to Professor John Arquilla from the Naval Postgraduate School in the US:
"The biggest challenge to deterring, defending against, or retaliating for cyber-attacks is the problem of correctly identifying the perpetrator. Ballistic missiles come with return addresses. But computer viruses, worms, and denial of service attacks often emanate from behind a veil of anonymity."
The problem of attribution is not just a technical one. It is very easy for those analysing cyber-attacks to mistakenly identify their attacker as a non-state actor when in actual fact it is a government just hiding behind the mask of a hacktivist or a cyber-criminal.
There is a way around this however, according to Prof. Arquilla
"The best chance to pierce this veil comes with the skilful blending of forensic back-hacking techniques with deep knowledge of others' strategic cultures and their geopolitical aims."
In a new report entitled World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks, security experts FireEye break down the world based on cyber-identity, from the "noisy" Chinese, to the slealthy Russian, the sophisticated Americans and the toothless Europeans.
To highlight just how difficult it is for countries to know who is attacking them in cyberspace, FireEye's researchers say they have even seen one nation-state develop and use a sophisticated Trojan, and later (after its own counter-Trojan defences were in place) sell it to cybercriminals on the black market.
The report says that in order to understand your enemy, you need to understand their methods and techniques when it comes to creating and launching cyber-weapons, and breaks down the major players globally, profiling how they launch cyber-attacks and the methods they use:
China: The Noisiest Threat in Cyberspace
China is, according to FireEye, the "noisiest threat actor in cyberspace." The reasons for this include its large population, a fast-growing economy, and an inability by its targets to prevent attacks.
The list of reported attacks by China against US include attacks on critical infrastructure (gas pipelines); media companies (New York Times, Wall Street Journal); technology companies (Google) and the US government itself.
It has also attacked targets in Europe, Australia, the Middle East and the sub-continent, highlighing their pervasive nature.
"Some of these cyber-attacks have given China access to proprietary information such as research and development data. Others offer Chinese intelligence access to sensitive communications, from senior government officials to Chinese political dissidents," the report says.
According to the report, China's 1.35 billion population helps it launch "quantity over quality" attacks with Chinese malware not being the more advanced or creative. "China employs brute-force attacks that are often the most inexpensive way to accomplish its objectives. The attacks succeed due to the sheer volume of attacks, the prevalence and persistence of vulnerabilities in modern networks, and a seeming indifference on the part of the cybercriminals to being caught."
Where are the Russians?
Cited by Winston Churchill as a "riddle wrapped in a mystery inside an enigma" the Russians have long been renowned for their ability to remain under the radar. And the trend is continuing in cyberspace, with FireEye saying that one of the outstanding questions in cyber security today is: "Where are the Russians?"
However, despite the lack of concrete evidence, Russian involvement has been suspected in some high profile attacks including what US deputy secretary of defence William Lynn called the "most significant breach of US military computers ever"- an attack on Central Command (CENTCOM), delivered through an infected USB drive.
FireEye says Russian cyber-attacks are much sophisticated than those coming from China with Red October being a perfect example. The sophisticated malware was discovered last year by Russian security firm Kaspersky, and was highly complex and focused on breaching Russian-based targets such as embassies and military bases.
United States: Standing out from the Crowd
The US has developed malware which was "exquisitely designed" and "unparalleled in its complexity" according to FireEye. Highlighting Stuxnet, the report shows how the US had a very different approach to cyber-warfare, trying to infect as few computers as possible rather than as many as possible.
When attempting to identify attacks emanating from the US, the report suggests that because they require such a high level of financial investment, technical sophistication, and legal oversight that "they will stand out from the crowd."
However this level of sophistication can lead to problems and it leaves the US open to cyber-counterattack such as in 2008 when a CIA official admitted that unknown cybercriminals, on multiple occasions, had been able to disrupt the power supply in various foreign cities.
Europe: A Target but not a Threat
Both the EU and NATO have so far shown no indication that they are developing cyber-weapons of their own. While more European countries have to a greater or lesser extent some form of cyber capabilities, none are at the level of the US, China or Russia.
Of course this could change and in the UK at least, the government is bullishly claiming it is developing a force of computer experts who will be charged with creating offensive cyber weapons which the UK government will use if deemed necessary.
There have been numerous attacks on both national and EU levels and these attacks are likely to continue in the future as cyber-criminals and no doubt nation-state actors look on the EU - and the UK in particular - as soft targets.