US intelligence officials have determined that Russia was behind the cyberattack on the Olympics opening ceremony. The attack, which launched ‘Olympic Destroyer‘ malware, caused significant disruption to operations just before the ceremony began. However, it fell far short of taking down the event. While it’s not completely clear what led officials to their conclusion, they also believe that Russia attempted to frame North Korea for the job, using what’s called a ‘false flag.’

The term alludes to covert operations designed to give the appearance that another party is responsible. In this case, the attack left an array of ‘fingerprints’ that suggested China or North Korea could be responsible. One angle involved routing traffic through North Korean IP addresses. Another involved using specific code and functionality associated with two different Chinese hacker groups.

Nevertheless, officials still saw enough reason to link the attack to Russia. Andy Greenberg from Wired reports, “It (Russia) had already declared its intent to meddle with the games in response to the International Olympic Committee’s (IOC’s) decision to ban its athletes for doping violations. The known Russian military intelligence hacking team Fancy Bear had been attacking Olympics-related organizations for months, stealing documents and leaking them in retaliation for the IOC’s ban.”

Researchers believe the use of false flags is evolving, and becoming a common tactic. It serves to sow confusion and shifts the focus from the incident itself to blame and accountability. As if tracking cybercriminals isn’t hard enough….

Read the full story at Wired.