Author: Clement Guitton
ISBN No: 9781849045544
Review date: 29/02/2024
No of pages: 224
Year of publication: 21/04/2017
Inside the Enemy's Computer: Identifying Cyber Attackers by Clement Guitton
Inside the Enemy’s Computer, by Clement Guitton. Published March 2017 by Hurst.
In a recent review, of The Cybersecurity Dilemma Hacking, Trust, and Fear Between Nations by Ben Buchanan, we harked back (to 2013!) to a book by the Kings College London academic Thomas Rid. A new quite similar work, Inside the Enemy’s Computer, also begins by thanking Thomas Rid. As the author Clement Guitton – who works in cyber at the audit firm PwC – points out, it’s not enough necessarily to block cyber attacks, hard enough though that is. Attribution matters – to know who’s attacking, and why – an act of terror, purely commercial espionage, for criminal gain, sponsored by a state seeking to damage the national security of another, or done by a script kiddie? There’s also money – work and a market – in attributing, and doing so in good time. And it matters to private companies, as once they know who’s trying to hack them, they can ‘focus on defending themselves more effectively’, especially if the same attackers keep coming back – or use one attack to hide another.
The stakes are high, as names such as Edward Snowden, Putin and Obama, and the Syrian Electronic Army and Stuxnet and Iran, are sprinkled through the work. By knowing who’s doing what hacking can have a bearing on what law enforcement and law-makers ought to do, and can feed into public debates about privacy (or lack of it) online. And who, if anyone, can we trust?
As such words may imply, while it may be in the interest of people in the cyber security field to stress how it’s technical, and unique – so that they get state funding – Guitton suggests otherwise. “The similarities between the attribution of any other incident, violent or not, and the attribution of cyber attacks are striking …” and here Guitton gives the example of a bomb explosion – you can look at the remains of the bomb, but intelligence and intercepts, and CCTV imagery, are more likely to point you towards who was the sponsor. And the investigation has to be timely, for evidence to help the police; and the politicians in what policies are possible. It’s more weight for Guitton’s case that ‘plausible deniability’ also has a political aspect, rather than being purely technical; a state may hire someone to do the hacking, so that the state can deny it’s involved. Guitton argues that sponsors are bound to emerge eventually, and ‘plausible deniability is therefore not in fact a very attractive option’.
Guitton makes a closely-argued and well-made case, beyond that attribution matters, that attribution is a process, from turning the attacker from ‘unknown’ into ‘known’ (though again, that’s not purely technical, as judgement comes into it, because knowing the IP address that an attack has come from is not the same as knowing which humans have pressed the buttons and given the orders down a chain of command).
To sum up, in Guitton’s words, the apparent veil of anonymity that permeates the internet and other computer networks is just that: apparent. An official lies or evades; evidence crops up; a whistle-blower blows the whistle – again, not necessarily technical.
The notes and bibliography are thorough – in fact nearly a third of the book are given over to them. Is there a case, especially for a book on cyber, for moving such things to a website and merely providing a free link for those interested?