As cyberwars between countries, corporations and organized crime groups heat up, correctly attributing the attacks becomes a priority: responses, obviously, must be tailored to the attribution. The U.S. government last year provided a good and a bad example of how attribution should be handled.
As Thomas Rid and Ben Buchanan of the Department of War Studies at King's College London point out in a recent paper, attributing a cyber attack is "an art as much as a science," requiring what Prussian King Friedrich the Great called military coup d'oeil.
It isn't enough, to find traces of a certain human language in the malicious code or determine that it was developed during business hours in a certain time zone: Such telltale signs could be designed to misdirect. Matching bits of malware to other attacks isn't conclusive, either: Code is available for sharing among hackers, and hackers contract out to take part in attacks or help each other on principle.