Malware misinformation

Documenting misinformation in the infosecurity space, focusing particularly on malware analysis and forensics.

Created by @maldr0id

View the Project on GitHub maldroid/misinformation.tech

Claim ID: 00006

The following claim is used to undermine attribution of a malware attack:

it’s impossible to attribute an IP address to a country

The claim is considered: :x: FALSE :x:

Why is it false?

While attributing an IP address to a specific person ranges from extremely difficult to impossible1, attributing it to a specific country is much more straightforward. Internet Assigned Numbers Authority (IANA) is responsible for global coordination of the Internet Protocol addressing systems and provides pools of IP addresses to Regional Internet Registry (RIR)2. They handle IP address pools and distribute them among autonomous systems.

For example, RIPE NCC - the RIR responsible for countries in Europe, the Middle East and parts of Central Asia - provides a database of autonomous systems (IP pools) and the contact details for each entity responsible for this particular pool3. Therefore attributing IP address to a specific country where the responsible entity operates is much easier than attributing an IP address to a specific person. For example, already mentioned RIPE NCC provides country code which is maintained by the RIPE NCC based on the legal registration of the resource holder4. This should not be confused with the geolocation of the IP address, which is a different idea of locating exact geographical coordinates of the networking equipment which has the IP address assigned (and is a much more complex issue).

Statement sources

The websites below repeat the claim. This is not a full list of websites.

Campaigns

The misinformation campaigns below have used this claim.

Footnotes

  1. What is an IP address? A definition + how to find it 

  2. IANA: Number Resources 

  3. RIPE Database 

  4. Country Codes in the RIPE Database