WASHINGTON — U.S. military and law enforcement officials say the government has made significant strides in figuring out who is responsible for complex cyberattacks, a fundamental but elusive first step to determine whether the U.S. should strike back, whom to strike, and how hard.
U.S. authorities are using a mix of high-tech forensics and a greater emphasis on spying within the online world, although officials won't reveal exactly how they are ferreting out cybercriminals in the vast, often anonymous Internet universe.
Officials familiar with the issue say the escalating cybersecurity threat has triggered a greater government-wide emphasis on collecting intelligence related to computer crimes. The officials spoke on condition of anonymity to discuss intelligence gathering.
The broader approach includes spycraft methods from electronic surveillance and satellites to international cooperation and the everyday tactics and techniques that undercover agents use.
To date, most cyberattacks aimed at the Pentagon have involved espionage — efforts to steal data rather than attempts to take down the network or manipulate data or communications.
"Attribution is a difficult thing to do, but we're working very hard on it," said Gen. Kevin Chilton, who is retiring after four years at the helm of U.S. Strategic Command. He oversaw the creation of the military's new Cyber Command, which is housed with the National Security Agency at Fort Meade, Md.
"We're getting better," Chilton asserted, and that helps military leaders decide how to respond to individual incidents or attacks.
Whodunit has been the key for both the civilian and military probes.
"As recently as two to three years ago, there was this general perception in the cyberunderground that you could attack the U.S. and get away with it," said Shawn Henry, the FBI's executive assistant director. "It was very lucrative, and the chances of getting caught were pretty slim."
Now, with a number of high-profile cyberbusts under its belt, the FBI is seeing a deterrent effect.