[bradscarleton]

This is bogus. If the US really thinks that Russia did the hack, then it's not because of an originating IP or company in Russia.

The US probably has hacked Russian communications from somewhere else that actually points the finger. However, they would never give that information up.

Either that or they have hacked a huge chain of these proxy operations, but that seems like a tall order.

[rlucas]

Most of what I've heard of being used as support for attribution are "fingerprints" left behind on compromised devices. Things like characteristics of how variables were named in interpeted code, how binaries were compiled, specific attack vectors used, etc. I can't recall anyone recently pointing to first-hop originating IPs as being definitive evidence, in this age of cheaply traded botnets.

[ww520]

Code and tools can be bought and sold.

[ethanbond]

Arms dealers are still implicated into the crimes committed with said arms. Both the CIA and KGB/FSB should know that by now.