THE U.S. GOVERNMENT wants to hack the
hackers—and be able to talk about it.
In an ambitious effort slated to begin in November, the
Defense Advanced Research Projects Agency (DARPA)
plans to delve into developing technologies and processes
that would allow authorities to access and then operate
inside the networks and systems of cyber
adversaries, says Angelos Keromytis, program manager in DARPA’s Information
The goal of DARPA’s Enhanced Attribution (EA) program is to create technologies that would generate “
operationally and tactically relevant information about multiple
concurrent independent malicious cyber campaigns, each
involving several operators, and the means to share such
information with any of a number of interested parties,” according to the Broad Agency Announcement. The
requirements for the research and development effort are
vast, including technologies from physical, engineering
and life science fields.
For the next four and a half years—the anticipated duration of the EA endeavor—researchers will seek to make
Gotcha! Program Looks
To ID Cyber Criminals
DARPA seeks a better way to
pinpoint and track malicious actors.
transparent the opaque world of cyber crime. They also
hope to increase the government’s ability to publicly reveal
hackers and their malicious activities without compromising sources or investigative methods, Keromytis explains.
“Attribution means many things to different people. From
my point of view, the goal is to find out who the bad guys
are. When I say ‘who,’ I actually mean their personal identities. I want to go that far—names, where they live, what they
do—that sort of thing. We also want to get as real time as
possible a picture of their activities when they are engaging
with us [and] when they are attacking us,” he says.
Cyber criminals and nation-state hackers operate with
little fear of being caught. If they are caught, rarely can
they be brought to justice because the U.S. government is
reluctant to publicly divulge how investigators managed to
track them, Keromytis says. “Right now, attribution is such
a hard and sort of hit-or-miss proposition that it is not
seriously considered in most cases. The goal is to be able
to tell a bigger story, or a full story, to any of our partners
at any level of detail without damaging our ability to continue telling the story,” he says.
Attributing nefarious Internet activities can be done,