> * One of the frameworks used by TAO that was forensically uncovered during the incident named “NOPEN” requires human operation. As such, a lot of the attack required hands-on-keyboard and data analysis of the incident timeline showed 98% of all the attacks occurred during 9am – 4pm EST (US working hours).
> * There were zero cyber-attacks on Saturdays and Sundays with all attacks centralised between Mon-Fri.
> * No attacks occurred during Memorial Day and Independence Day holidays which were unique American holidays.
> * No attacks occurred during Christmas.
It's surprising the NSA would be this sloppy and obvious, or maybe they don't care about attribution in this situation, or maybe someone else did it. But I've read attribution of Chinese attackers using work hours and thought the attackers were sloppy and obvious.
> A key observation from the Chinese case notes was the extensive use of big data analysis, particularly in tracking “hands-on keyboard” activity. This approach enabled Qihoo 360 to identify patterns, such as the alleged absence of activity on Memorial Day, and precisely documenting the operational hours of the attackers, allowing 360 to isolate activity to Monday-Friday, EST working hours.
If the blogger's claim of experience is true, they must know about the things I've read. I wonder what they are thinking of.
> * One of the frameworks used by TAO that was forensically uncovered during the incident named “NOPEN” requires human operation. As such, a lot of the attack required hands-on-keyboard and data analysis of the incident timeline showed 98% of all the attacks occurred during 9am – 4pm EST (US working hours).
> * There were zero cyber-attacks on Saturdays and Sundays with all attacks centralised between Mon-Fri.
> * No attacks occurred during Memorial Day and Independence Day holidays which were unique American holidays.
> * No attacks occurred during Christmas.
It's surprising the NSA would be this sloppy and obvious, or maybe they don't care about attribution in this situation, or maybe someone else did it. But I've read attribution of Chinese attackers using work hours and thought the attackers were sloppy and obvious.
> A key observation from the Chinese case notes was the extensive use of big data analysis, particularly in tracking “hands-on keyboard” activity. This approach enabled Qihoo 360 to identify patterns, such as the alleged absence of activity on Memorial Day, and precisely documenting the operational hours of the attackers, allowing 360 to isolate activity to Monday-Friday, EST working hours.
If the blogger's claim of experience is true, they must know about the things I've read. I wonder what they are thinking of.