False Flag Operations: When appearances deceive

False flag operations

False flag operations in the world of cybersecurity. The first question that comes to anyone's mind is: What are they exactly? Well, false flag operations are hacking operations in which an attribution to an external entity is intended, for a certain type of interest. In other words, certain clues are left to blame a third party, that actually has nothing to do with the attack.

The attribution of a security incident is something really difficult to do. What are the guarantees or evidence to be used, in order to point at an opponent? How can we be sure that the one who seems to be attacking us is really our attacker? This is where these false flag attacks, that we mentioned, come into action. It is very easy to leave false clues and blame a third party. We could refer to numerous examples such as Stuxnet, where there were words or phrases within the code that pointed to other nations, or the case of Careto.

The range of opponents is very wide and varied: it can range from a disgruntled employee to an intelligence service of a certain country. Obviously, between one and the other there are huge differences in terms of budgets and resources.

The attribution of this type of operations is one of the subjects that arises more interest within the industry, and that we at CounterCraft addressed in some of the main national and international cybersecurity events, in which we have participated in recent months.

In fact, last month, David Barroso, CounterCraft CEO and Founder, addressed the topic at the XI STIC Conference CCN-CERT. More than 2,000 people attended this event, one of the main national forums in the cybersecurity field, which had to hang the "sold out" sign this year. You can watch the video here.

Last October, false flag operations was also a theme addressed in one of the round tables of the 11th International Meeting on Information Security of INCIBE, where Barroso shared experiences and discussed the subject with Luis Fernández (INCIBE and moderator), Yaiza Rubio (ElevenPaths), Román Ramírez (Ferrovial) and Alfredo Pironti (IoActive).

It was a meeting of almost an hour, in which the subject was discussed in depth and really interesting conclusions were drawn, based on experiences of profiles as varied as those of the participants in the discussion.

We invite you to watch the full round table video:


Deception technology to counteract false flag operations

The truth is that there is still a long way to go, in order to be able to determine whether an attribution is real. Although it is very difficult, it is really important to be able to ascertain which evidence has been manipulated and attributes an incident to a third actor.

But even though attribution can be challenging for digital forensics, it is possible to counteract the impact of a false flag operation to a certain extent, and thus lessen the potential damages it can cause. For that purpose, it is fundamental to collect as much information as possible about the attackers.

Deception technology stands out as a powerful tool to mislead advanced adversaries with false clues and decoys and gather information about them, their origins and motivations. This helps organisations detect advanced attacks.

CounterCraft can help hinder false flag operations by gathering information about attackers. The deception platform automates counterintelligence campaigns across a wide variety of technical and non-technical assets. It collects high-quality intelligence about the real security environment within the organisation, based on real adversary activity. Using this valuable intelligence, companies are able to take the necessary countermeasures to improve their security levels.

If you want to know more about CounterCraft and how using deception technology can help fight against false flag operations, we invite you to contact us for a demo.

Like Jim Morrison said, this is the end. But you can...