Documenting misinformation in the infosecurity space, focusing particularly on malware analysis and forensics.
Created by @maldr0id
The following claim is used to undermine attribution of a malware attack:
it’s impossible to attribute an IP address to a country
The claim is considered: FALSE
While attributing an IP address to a specific person ranges from extremely difficult to impossible1, attributing it to a specific country is much more straightforward. Internet Assigned Numbers Authority (IANA) is responsible for global coordination of the Internet Protocol addressing systems and provides pools of IP addresses to Regional Internet Registry (RIR)2. They handle IP address pools and distribute them among autonomous systems.
For example, RIPE NCC - the RIR responsible for countries in Europe, the Middle East and parts of Central Asia - provides a database of autonomous systems (IP pools) and the contact details for each entity responsible for this particular pool3. Therefore attributing IP address to a specific country where the responsible entity operates is much easier than attributing an IP address to a specific person. For example, already mentioned RIPE NCC provides country code which is maintained by the RIPE NCC based on the legal registration of the resource holder4. This should not be confused with the geolocation of the IP address, which is a different idea of locating exact geographical coordinates of the networking equipment which has the IP address assigned (and is a much more complex issue).
The websites below repeat the claim. This is not a full list of websites.
The misinformation campaigns below have used this claim.