Comment by squigz
3 days ago
If it's a known avenue of identification, one would think a state-sponsored group would have policies in place to combat that sort of fingerprinting. All of that would also be trivial to spoof/plant so as to distract from the real source.
> That's why they talk about high confidence.
I don't think "Just trust us" is good enough, not when there are various groups - the companies reporting these hacks included - with incentives to blame China.
> If it's a known avenue of identification, one would think a state-sponsored group would have policies in place to combat that sort of fingerprinting.
It relies on people not being perfect and not caring that much. So far, it's working pretty well and the identification leaks are consistent for years.
How do we know? Is China like, "Oops, yeah, haha, that's us. gg"
[dead]