Identifying who exactly is responsible for the hacker groups committing cyber attacks is a very complex process, according to cybersecurity experts, who stress that the issue remains an international problem that needs to be tackled through joint efforts and a coordinated global response.
In February, a U.S. congressional committee held a hearing on the so-called "cyber threat" from China, claiming that a Chinese state-sponsored hacking organization dubbed "Volt Typhoon" had launched a cluster of activities affecting networks across several critical infrastructure sectors in the United States.
China's National Computer Virus Emergency Response Center (CVERC) on Monday issued a report exposing how U.S. intelligence agencies use the pretext of "Chinese cyber-attack threats" to slander China and aim to secure significant government funding in return.
Regarding the so-called "Volt Typhoon" group, security companies in the U.S. hold different opinions, with some arguing that it is a botnet while some say it is acting as an Advanced Persistent Threat (APT) group.
While many rush to point fingers at who may be operating such systems, a Chinese cybersecurity expert said that attributing who is behind hacker groups is a very complex process as attackers use all kinds of methods to hide their identities and locations when launching online attacks.
"Attackers may deliberately leave misleading clues. They may use foreign languages, symbols, and time stamps and uses the disguises of other hacking groups' specific patterns of behavior to mislead investigators. So, the attribution of the APT groups comes from weighing up the evidence after collecting a large amount of data. Normally, the result can be relatively reliable to a certain extend. But to make 100 percent sure [of who is behind these groups] is very difficult," said Bian Liang, a cybersecurity expert with Qihoo 360, a leading Chinese internet security firm.
In recent years, Chinese public security organs have detected several cyber attacks on Chinese institutions, including those against the Northwestern Polytechnical University in Xi'an and the Wuhan Earthquake Monitoring Center in central China, which were conducted by the U.S. National Security Agency (NSA) and the Central Intelligence Agency(CIA). Insiders say these instances show that the U.S. is the real empire of hacking and espionage.
"The U.S. NSA and CIA all have had a lot of incidents on cyber weapons leakage, which has led to the current situation of a constantly increasing attack capability in cyberspace. Many cyber criminal groups have a very strong attack ability because of this," said Du Zhenhua, a senior engineer at the National Computer Virus Emergency Response Center.
Cybersecurity experts say that current cyber attacks primarily constitute cross-border crimes and stress that countries must enhance cooperation within the International Criminal Police Organization (Interpol) framework, actively share intelligence on cybercrime and establish coordinated governance, so as to collectively combat cybersecurity threats. Experts believe this approach is preferable to a limited number of individual countries engaging in isolated efforts to confront the issue.
Identifying who is behind cyber attacks needs joint efforts under interpol framework: experts
