A claim that Russia hacked a phone and leaked details about a UK politician’s £5 million gift has been challenged by digital forensics specialists. Reform UK sources say the politician believes Russian spies accessed his private communications after a phishing message and that only a small group knew the gift details. Outside counter-espionage experts reportedly analyzed the device and suggested Russia was responsible. A digital forensics professor said investigators would need markers such as the specific phishing message or malware used to exfiltrate data. He noted that email sources can be disguised and that malware code is often not unique to a particular attacker. He also said advanced intelligence services can obfuscate malicious code, making attribution difficult without stronger evidence.
"“It's obviously trivial to disguise the source of an email, so that doesn't help,” Sommer told The Register. “And the second thing is if you're talking about looking for hacking codes, hackers, whether they are juveniles or people in major SIGINT systems, are likely to be stealing from each other, so there's nothing unique about a code that would say where it comes from.”"
"“Whichever outfit was entrusted to carry out this work would have been looking for two different types of markers to prove Russia was involved.” “These would be either the phishing message Farage clicked on that allowed Russia to access his private communications or the malware code an attacker used to exfiltrate them.”"
"“Advanced intelligence powers have tools at their disposal to obfuscate the source of malicious code.” “The CIA's leaked Marble Framework supposedly had the ability to translate malicious code into any language, including those used by its chief adversaries.”"
"“Now, absent from that, how on Earth do you determine that this is a Russian hack?” Sommer asked."
Read at theregister
Unable to calculate read time
Collection
[
|
...
]