Cyberattacks: Do Motives and Attribution Matter?

An anonymous reader writes: Whenever people think of APTs and targeted attacks, they ask: who did it? What did they want? While those questions may well be of some interest, a potentially more useful question to ask is: what information about the attacker can help organizations protect themselves better? Let's look at things from the perspective of a network administrator trying to defend an organization. If someone wants to determine who was behind an attack, maybe the first thing they'll do is use IP address locations to try and determine the location of an attacker. However, say an attack was traced to a web server in Korea. What's not to say that whoever was responsible for the attack also compromised that server? What makes you think that site's owner will cooperate with your investigation?

Of course motives matter

[msobkow]

If it's some script-kiddie, you have the little bastard locked up.

If it's a "professional" foreign intelligence agency, you sigh a heavy sigh and realize there is bugger all you can do about it.

Articles.

[Hognoxious]

Articles: should they have some actual content, or just a load of speculative waffle that two guys sipping beer could come up with?

Mod story down.

Mod parent up! And mod entire story down. This is so much a Trend researcher making an MBO or cash payout for blogging, with some marketing person checking that the wording is correct, but having no context to know if the content is blog-worthy.

I still think that moderators, en-masse, ought to be able to mod an entire story down.