The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.
FBI Interview Notes from Hillary Clinton E-Mail Investigation for Mishandling of Classified Information
On July 10, 2015, the Federal Bureau of Investigation (FBI) initiated a full investigation based upon a referral received from the US Intelligence Community Inspector General (ICIG), submitted in accordance with Section 811 (c) of the Intelligence Authorization Act of 1995 and dated July 6, 2015, regarding the potential unauthorized transmission and storage of classified information on the personal e-mail server of former Secretary of State Hillary Clinton (Clinton). The FBI’s investigation focused on determining whether classified information was transmitted or stored on unclassified systems in violation of federal criminal statutes and whether classified information was compromised by unauthorized individuals, to include foreign governments or intelligence services, via cyber intrusion or other means.