[meowface]

Of course; it happens all the time. False flags (in the form of routed connections and much more) are extremely common in cyberwar and among cybercriminals, naturally. But can you name a time US law enforcement or military fucked up and fell for a "cyber false flag" [1], and mistakenly took action against the framed party? It may have happened, and I wouldn't be shocked, but I haven't actually seen a publicized case of it.

From having some knowledge of some investigations like these (though not on behalf of any government), the investigators and forensics experts are constantly asking themselves "is this a false flag? is this piece of evidence deliberately planted, or an actual mistake?" Investigators obviously want to get the right people and not get the wrong people. And in the case of nation-states, they also have classified information they can use (like from NSA global spying, etc.).

[1] (I shudder at the term "cyber" as much as anyone else reading this, but that pretty much is the official term the government uses.)

[FireBeyond]

> But can you name a time US law enforcement or military fucked up and fell for a "cyber false flag"

SWATting via VoIP spoofing etc., could arguably fall entirely within the realm of this.

[meowface]

True, that's one key example. I should've clarified that I'm referring to arrests, prosecution, and imprisonment. Also, such hoaxes (and things like bomb threat hoaxes) did still happen before the popularity of the internet; they can be done from a payphone, for example. The internet definitely makes it a lot easier, though.

[tpolm]

> But can you name a time US law enforcement or military fucked up and fell for a "cyber false flag" [1], and mistakenly took action against the framed party?

Absence of evidence is not evidence of absence.

[meowface]

Of course. It absolutely may have happened, and if or when it has, I want those instances known. But if someone were to have been arrested wrongly, or some government blamed wrongly, this would be a huge deal, and I'd expect there to be a lot of public controversy and discussion about it.

Everyone should be subject to due process. If some organized crime ring in Ukraine is blamed for some particular ransomware attack and they get tricked into traveling somewhere that lets them be extradited and tried in a US court, the prosecution still needs to prove beyond a reasonable doubt at trial that they're the responsible party. Things get more complicated when an entire nation-state government is accused of launching ransomware attacks, but so far I think only North Korea has faced that (someone please correct me if I'm wrong), and they're kind of an outlier among all the other countries.

We should always be skeptical any time any government accuses any entity of a crime, of course. There should always be a presumption of innocence. But that's what the legal system and due process are for. The onus is on the government to prove their case.

[serial_dev]

I envy your optimistic view on this. When I look back at recent wars (including affairs with countries that are "just bombed", without military personnel on the ground), I'm not sure I can see through the same rose colored glasses.

The government alleges something that sounds terrible that would justify an invasion, both parties play along, media is pushing pro war propaganda, allies abroad go along as well. Twenty years later, still no consequences, no apologies from our politicians, and any time someone seriously considers pulling out the troops, mysteriously some dubious war story comes up that is supposed to distract us or justify the war.

[meowface]

I'm just as disgusted by the Iraq war as anyone, 100%. However, I do see the Iraq WMD intelligence failure/lie (depending on what one believes) cited every single time the US government says anything ever, and while in one sense they certainly deserve that skepticism for decades to come, it also happens in cases that aren't really paralleled.

During the Cuban missile crisis, US intelligence showed photographs to the world proving the existence of the missile launch pads. During the Mueller investigation, the FBI provided hundreds of pages of concrete evidence to support their claims, which was supported by all other agencies and all of private industry.

Prior to the Iraq war, US intelligence showed jack shit; they just told the public "take our word for it: Saddam has WMDs".

If there were a future situation where there was an attempt to justify a country invasion or war, I absolutely would demand the highest possible rigor.

However, I don't think that can really be compared to trying to extradite and prosecute some criminals accused of ransoming hospitals and other institutions. They're not accusing any government of being behind these ransomware attacks and I doubt they will be. The only government believed to have ever done something like that is North Korea's, but they're kind of a special circumstance and are already technically and pragmatically at war with much of the world in many ways.

I think it's not really fair to assume a priori that the US government is lying, or that they're telling the truth, when they make some accusation. Things have to be carefully evaluated on a case-by-case basis, and the concrete evidence they provide needs to be looked at impartially. If there's no public evidence besides "trust us", then I'd agree that doubt is the correct action.