I fully assume there are more hacks we don’t hear about that ones we do. Not only because of cover ups but it can’t be that hard to cover your tracks if you know what you are doing.
Presumably the attacker has some external command and control infrastructure they must use to get in and out of Citrix's networks, which is presumably what the FBI was tracking.
THIS! My brother works for a large corp that does a lot of government(and private) work. A few years back, they tightened up their security with live monitoring, and as soon as it was enabled they realized that folks from China were actively connected. FBI was involved, but it never made the news. 2-3 more attempts have been made since. While they have an idea how long they had been breached, they don't know for sure...
I assume you rather meant 'connections originating from IP addresses owned by Chinese companies'? It's trivial to use IP address from any place in the world, regardless of your actual location.
I mean from China. It was investigated and pretty conclusively linked. Is there a chance that it wasn't China? sure. But there were specific reasons that China would want to know what this company was working on, and it was more than just an IP address cross reference that pointed to them. Now don't conflate this as "US=good, China=bad" that isn't what Im saying here. Im saying that Chinese state sponsored hackers accessed their computer systems, with reasonably credible evidence.
Even more interesting is how the FBI knew they'd been infiltrated before they themselves did?
(There's the obvious conspiracy style accusation in that they were already in there poking around... but that doesn't seem to ring true in this regard)
In the Marriot hack post-mortem, they shared that one of the tools they used (which successfully identified the attack) was IBM Guardium.
> Accenture told Marriott's IT staff that one of their security products, a database monitoring system called IBM Guardium, had detected an anomaly on the Starwood guest reservation database
Seeing large amounts of encrypted traffic leaving via a DNS tunnel during non-standard business hours for instance would be an example of such an anomaly. It's not always that easy to detect however.
Simply storing netflow data and graphing it would show it at a glance. Use a machine setup as a transparent bridge with only physical login if you are paranoid about the netflow data being modified.
Hiding on a box is easy. Hiding on the wire is hard.
Correct me if I’m wrong but stuxnet was designed for a purpose and it accomplished that purpose. Eventually being discovered was no doubt an understanding from the authors.
Compare that to unauthorized access to a machine and cleaning the logs behind you... One doesn’t have to be more brilliant than the authors of stuxnet to do something illegal without getting caught.
Given that the malware was seriously breaking shit, it wasn't all that hard to catch. I'm sure that at first they were looking for bugs, and thgen it became clear that it was too intentional.
Thats the belief but was it truly ever confirmed? I dont doubt it it sounds like a meme worthy of belief and I lean towards it but I dont recall ever finding a confirmation. Also saying they were caught implies the law caught them and arrested them.
As far as I know Stuxnet didn't break any US/Isreal laws. Of course it broke Iranian laws, though.
I think Obama said "no comment" to reporters, but then basically admits it by talking about how he regrets that this information got out into the public.
What would you consider as a confirmation? Without someone coming out and saying "we're the ones who did it", it's very unlikely that it'll be ever be confirmed.
The best you can do is to make some educated guesses (by looking at the timestamps, coding patterns, comments in the code, who might be interested in hacking the target, political connotation to the attacks etc.). That's usually how state-sponsored attacks get attributed.
For example, "Guccifer" used GTM+3 settings and attacked DNC a few hours after Trump publicly "hoped" that Russians will find the emails. That doesn't confirm that it was sponsored by Russia, but it makes it an educated guess.
