Navigating uncertainty in cyber conflict: incorporating false flags in the attribution process of offensive cyber operations
***
False flags aren’t noise in cyber conflict.
They’re a strategy.
In a new paper with Herbert Lin, we examine how deliberate deception is reshaping cyber attribution and why this matters for decision makers.
We used the 2018 Olympic Destroyer attack demonstrates how attackers intentionally planted misleading technical clues to shift blame to multiple states.
Early attribution was wrong, not because analysts failed, but because deception worked very well.
The case demonstrated that the most sophisticated adversaries don’t just breach networks; they manipulate our perception of reality.
The main takeaway:
Attribution isn’t an ‘Aha!’ moment. It’s a slow, grinding investigation.
The attribution process is a strategic judgment made under uncertainty, bias, and geopolitical pressure.
If decision-makers fail to consider false flags, public attribution risks fueling the wrong conflict.
The paper is available in the first comment (open access).
hashtag#falseflags hashtag#offensivecyber hashtag#deception
***
Abstract:
This paper examines false flag operations in cyberspace and their implications for attribution. While these operations are key to understanding cyber conflict, they are mostly understudied outside technical research.
We place deception and attribution challenges within the broader context of offensive cyber operations and international security, illustrating how manipulating identity and intent complicates forensic analysis and political decision-making.
The paper defines false flag cyber operations, assesses their strategic importance, and connects them to broader discussions of uncertainty, risk, and decision-making.
The 2018 Olympic Destroyer incident is used as a case study to illustrate how attackers intentionally added misleading signals to hide their responsibility and influence attribution.
This example highlights the risks of misjudgment when early assessments are misled by deception.
Beyond the technical sphere, the study situates false flag operations within the dynamics of renewed great-power competition, showing how deliberate misattribution can undermine crisis stability and heighten escalation risks among rival states.
