Anonymity and cyberwarfare

Overview
Perhaps the most challenging aspect of attribution of actions in cyberspace is connecting a cyberspace actor or action to an actual, real-world agent (be it individual or state actor) with sufficient confidence and verifiability to inform decision- and policymakers. Often this involves significant analysis and collaboration with other, non-cyberspace agencies or organizations. While cyberspace attribution (e.g., indentifying a particular IP address) may be enough for some actions, such as establishing access lists (e.g., "white" or "black" lists of allowed or blocked IP addresses), attribution equating to positive identification of the IP address holder may be required for others, such as offensive actions targeting identified IP addresses.

The nature of cyberspace, government policies, and international laws and treaties make it very difficult to determine the origin of a cyberspace attack. The ability to hide the source of an attack makes it difficult to connect an attack with an attacker within the cyberspace domain. The design of the Internet lends itself to anonymity.

Anonymity is maintained both by the massive volume of information flowing through the networks, and by features that allow users to cloak their identity and activities. Nations can do little to combat the anonymity their adversaries exploit in cyberspace; however, the same features used by terrorists, hackers, and criminals, strengthen state surveillance and law enforcement capability, in modified form. Actions of anonymous or unidentified actors are akin to an arms race. Illicit actors continually amaze those in global law enforcement with the speed at which they stay one step ahead in the technology race. Nevertheless, nations have the advantage of law and the ability to modify the technological environment by regulation.

Anonymity is a feature of the Internet because of the way information moves through it and the way it is governed. The underlying architecture was intended to be robust, distributed, and survivable. The anonymous nature of the Internet is literally written into the structure of the Internet itself and cannot be dislodged without physically destroying many networks. The Internet was also designed where the intelligence was placed at the ends of the network, not in the network itself. Routing tools, software applications, and information requests come from the ends, in contrast to a traditional telephone network in which the switches, routing protocols, etc., are in the network itself. The difference makes it much harder to trace individual bits of information once they are in the network. The Internet's governance structure reflects its design. This makes attribution a challenge.

Source

 * [[Cyberspace Operations: