The problem of attributing responsibility for cyber-attacks is almost as old as cyberspace itself, yet it remains one of the most troublesome issues of that domain. It is often impossible to uncover direct evidence that would reveal the identities of the attackers.
Investigators must therefore rely on other, more indirect avenues of proof. The aim of this exploratory study is to develop a basic categorisation of indirect evidence that can be used to attribute state responsibility for cyber-attacks in international relations.
To do so, the article works with international legal concepts but transposes them into the analysis of international relations. The categorization of indirect proof is based on the Russian-Georgian conflict of 2008, which provides one of the richest arrays of this kind of evidence.
The analysis identifies four kinds of indirect evidence: level of coordination, level of preparedness, state relations with the national hacker community, and state conception of cyber-security.