One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the “cyber equivalent of fingerprints or DNA” that can identify even the best-cloaked hackers.
The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China, and it sure was sophisticated enough to come from a state military like China’s. But it’s hard to say conclusively that the People’s Liberation Army launched the strike.
It’s the kind of problem Darpa will try to solve with its “Cyber Genome” project. The idea “is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users,” the agency announced late Monday.
These “digital artifacts” will be collected from “traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’,” as well as “from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software – malware).”
Ultimately, Darpa wants to develop the “digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.”
“In other words,” The Register’s Lew Page notes, “any code you write, perhaps even any document you create, might one day be traceable back to you – just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive ‘fist’ with which they operated their Morse keys. Or something like that, anyway