Attribution is hard. It’s as much art as it is science. It’s also very misunderstood.
So, as part of my public service initiative, I created and then unintentionally crowdsourced the most definitive collection of reality-based constructs reflecting the current state of this term of art.
Here you go:
- Faptribution => The process of trying to reach PR climax on naming an adversary before anyone else does
- Pattribution => The art of self-congratulatory back patting that goes along with attributing an actor(s) to a specific campaign or breach.
- Flacktribution => The process of dedicating your next press release to the concept that, had the victim only used $our_software, none of this would have happened. (Per Nick Selby)
- Maptribution => when you really just have no fucking idea and play “pin the tail on the donkey” with a world map. (Per Sam Johnston)
- Craptribution => The collective negative social media and PR feedback associated with Snaptribution (Per Gunter Ollmann)
- Masturbution => When you feel awesome about it, but nobody else gives a flying f$ck (Per Paul Stamp, but ‘betterized’ by me)
- Snaptribution => naming the threat actor so quickly you can’t possibly be right but you are first. Also known as premature faptribution. (Chris Wysopal)
May you go forth with the confidence to assess the quality, scope and impact of any attribution using these more specific definitions.