Attempts to locate an attack are meaningless. You can do it based on IP, but that doesn't work for obvious reasons (vpns, botnets, compromised machines elsewhere, anonymous vps's, tor). So instead they look at the type of scripts used and assume if it looks similar to scripts used by Russians then it must be Russians. The analogy they attempt is a claim that scripts have genetics that can be traced. The problem with that is if everyone knows what scripts are common to a geography sufficient to identify them, then everyone can use those scripts.
It could have been the CIA, Venezuela, Iran, China, Russia, a single pissed off dude in Greece. Hell, no one can confirm that Bill Gates didn't stage this attack.
Attempts to locate an attack are meaningless. You can do it based on IP, but that doesn't work for obvious reasons (vpns, botnets, compromised machines elsewhere, anonymous vps's, tor). So instead they look at the type of scripts used and assume if it looks similar to scripts used by Russians then it must be Russians. The analogy they attempt is a claim that scripts have genetics that can be traced. The problem with that is if everyone knows what scripts are common to a geography sufficient to identify them, then everyone can use those scripts.
It could have been the CIA, Venezuela, Iran, China, Russia, a single pissed off dude in Greece. Hell, no one can confirm that Bill Gates *didn't* stage this attack.
(post is archived)