[staticassertion]

> I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence.

Badly, I guess, because no one has mentioned evidence or a lack of evidence anywhere in the thread.

> How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities?

There are a lot of different ways. GEOIP is just one method. Examining the artifacts for code-reuse from other malware is another big one. Looking at the types of attacks is another ie: "this malware uses these techniques, and these are favored by groups 1,2,3".

There's a lot more to it than that, and not all of it is public. I've seen attribution done through backdoor channels that were not strictly legal.

> In reality, our cyber security agencies have no idea where these guys are coming from

No, more often than not we definitely do.