The Christian Science Monitor on how mercenary hackers are proving to be an elusive, and challenging foe:

One reason it’s so difficult to attribute breaches such as the Office of Personnel Management or the Anthem hacks to a particular country – China being suspect in both of those cases – is because freelance hackers are skilled at carrying out attacks that leave behind little direct evidence connecting them to their sponsors.

It’s gotten to the point where the talent is so plentiful online that many nation-states, militant groups, and organized crime syndicates don’t actually need to train or develop their own teams of skilled hackers. The “talent” can be outsourced from around the world.

“North Korea doesn’t need to use hackers that even set foot in North Korea,” says Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University. “Bright young talent can be contracted online, and this attack vector can be fully conducted remotely and paid by the operation.”

As I have said many times before, attribution is very tricky.