This presentation will examine the analytic mistakes the infosec community has made over the past ten years when attributing nation-state cyber attacks. We will contrast successful and failed attempts at attribution to identify the root causes of failures. The talk will cover basic logical fallacies (eg, mirror imaging and cherry picking) and briefly explain pivoting pitfalls when observing TTPs like dynamic DNS sites or tor exit nodes. Lastly, we’ll explore historic examples of attribution mistakes and identify unexpected sources of those failures.

Sarah Jones (@sj94356), Principal Analyst, FireEye

свернуть