As cyberwars between countries, corporations and organized crime groups heat up, correctly attributing the attacks becomes a priority: responses, obviously, must be tailored to the attribution. The U.S. government last year provided a good and a bad example of how attribution should be handled.
As Thomas Rid and Ben Buchanan of the Department of War Studies at King's College London point out in a recent paper, attributing a cyber attack is "an art as much as a science," requiring what Prussian King Friedrich the Great called military coup d'oeil.
It isn't enough, to find traces of a certain human language in the malicious code or determine that it was developed during business hours in a certain time zone: Such telltale signs could be designed to misdirect. Matching bits of malware to other attacks isn't conclusive, either: Code is available for sharing among hackers, and hackers contract out to take part in attacks or help each other on principle.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.