How do we know who is firing cyber-bullets? If we think we know, can we really retaliate with confidence that we do know who is attacking?
Just because someone claiming to be the Iranian Cyber Army claims responsibility in a Pastebin post for a targeted attack doesn't necessarily mean they did it – nor that the group boasting about the attack is really the so-called Iranian Cyber Army.
Welcome to the frustratingly deceptive age of hacking attribution. While the subterfuge is often all about a game of cat-and-mouse or to throw authorities off the trail of the real attackers, it can be an especially dangerous game when it comes to sometime attempting to incite conflict between the victim organization or nation, and the supposed attackers. Hackers posing as other hackers can basically encourage conflict among other nations or organizations, experts say, and sit back and watch.
Tip to Instapundit.
Not that this is necessarily new as a concept. That's why there is a term for it: false flag. Sure, it gets abuse because idiot 9/11 Truthers like to argue that terror attack was a false flag attack by elements of our own government, but as a concept it is real. Terrorism and submarines can be used to do the same thing.
But a lot more entities or individuals can participate when you throw in the Internet as a means of delivering cyber-weapons.