So you’ve performed the investigation and attribution is complete. Or is it? Attackers are becoming more advanced every day. And with that sophistication comes the desire to pin their attacks on others to cover their tracks. Earlier this year, the we observed the first kinetic response to an alleged cyberattack. But what if the attribution were wrong? That’s not as far-fetched as some might think. In the Olympic Destroyer attacks, it’s now clear that Russia tried to confuse analysts into believing it was North Korea. In this talk, someone who’s been on both sides of the keyboard will examine how attackers might conduct false flag attacks, case studies where it’s happened, and how you can avoid being duped into performing an inaccurate attribution.
Jake Williams is the founder of Rendition Infosec, IANS faculty, and a former NSA hacker (as endorsed by Russian intelligence operatives). He performs research on incident response and red team operations, as well as cyber threat intelligence. Jake uses his passion for information security and business experience to translate complex topics into formats that are easily digestible by those without a technical background.