In-brief: forensic investigators are using language clues to help identify the source of sophisticated and targeted attacks, like those on Democratic Party committees and the campaign of Hillary Clinton.
There’s continuing news about the apparent efforts of hacking groups to infiltrate and influence the U.S. elections. In the last week, reports of a hack targeting the Democratic National Committee (DNC) in June have been followed by reports of attacks on the Democratic Congressional Campaign Committee (DCCC) and the campaign presidential candidate Hillary Clinton.
Reports from companies like Crowdstrike, Fidelis, ThreatConnect and others have pointed confidently to hacking crews with links to the government of Russian President Vladimir Putin. This, despite claims by the mysterious hacker using the handle Guccifer 2.0 that the hack and subsequent leak of e-mail messages from the DNC was his doing.
How do security companies help unravel truth from lies? Much of the work relies on compiling and analyzing technical clues from the hacks: domain names used, the type of malicious software used. But, increasingly, clues in language also help connect the dots between attack and attacker.
I wrote about this over at Christian Science Monitor, noting that forensic investigators can rely on a number of different linguistic analysis methods to derive important information from the clues that hackers leave behind.
From the article:
When it comes to investigating cyber crimes, techniques range from classical linguistic pursuits, such as word count analysis that examines patterns of language use, to more behavioral analysis that tries to identify unique patterns or behaviors using lexical analysis, says Steve Bongardt, a former agent in the FBI’s Behavioral Analysis Unit who now works with the firm Fidelis Cybersecurity.
Mr. Bongardt likens it to investigating a crime scene, with hacking groups or individuals falling back on well-worn modus operandi that govern how an attack is carried out and less regimented “rituals” that are just as suggestive of a particular actor.
Language clues hardly provide conclusive evidence behind a hack, forensic researchers told me, but they can contribute important pieces to the puzzle that is cyber forensices in the wake of sophisticated attacks.