TV5Monde attack proves hacking attribution is very difficult

Back in April, France's TV5Monde TV network was knocked off air because of a hack attack, which also saw its website and Facebook page hijacked.

At the time, BBC News reported the attack as being perpetrated by "Islamic State hackers" - a reasonable supposition as the attackers called themselves "CyberCaliphate" and posted documents online purporting to be the ID cards and resumés of French soldiers involved in anti-ISIS operations.

But now, BBC News is reporting that "Russia-based hackers" may have been behind the attack.

Animated GIF of BBC news report

In short, attribution of internet attacks is very difficult.

Apparently, the French media is linking the TV5Monde hack to IP addresses used by Russian hackers.

MoscowAccording to a report by L'Express, Trend Micro experts go one step further, suggesting that the hack has the hallmarks of the "Pawn Storm" hack which saw government, media and military agencies in the United States, Pakistan, and Europe targeted with spearphishing, watering hole attacks and malware-laced Word documents, blamed on hackers backed by the Russian government.

If it really was the Russian government who hacked TV5Monde, then you have to wonder why they would have posted pro-ISIS messages, and what they hoped to gain by publishing details of French soldiers online.

TV5Monde social media

It hardly seems the kind of way that hackers keen on avoiding detection would be likely to behave.

In the French media report, it's claimed that clues that the attack might have originated in Russia come through code being written using Cyrillic script, with programs compiled during business hours corresponding to St Petersburg and Moscow.

Because, of course, it's impossible for a hacker who wishes to cover his tracks to change the time on his PC or use a different language pack.

Was Russia behind the TV5Monde hack? Who knows. We probably will never have enough convincing data to confirm the attack was masterminded from Russia, let alone that it was backed by the Kremlin.

But one thing is for sure. It's a lot less embarrassing for organisations to claim that they have been hacked by a sophisticated hacking gang - preferably one with shadowy links to a foreign government - than for them to have been compromised by a bunch of kids.

Especially if the organisation embarrassed itself in the aftermath of being hacked by exposing its passwords live on-air.

By the way, internet attacks against TV stations aren't a new thing.

Tags: , , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , , ,

No comments yet.

Leave a Reply