I think it's also informative to look at how attribution was viewed in the past. We as a tech community used to almost pride ourselves on our skepticism, as can be seen in this Bruce Schneier post[0] on Stuxnet.
In the post (written in 2010), he points out that attributing Stuxnet to the US Government is "almost entirely speculation", that ties to the Bushehr nuclear power plant were "rumors" at the time, and that "Once a theory takes hold, though, it's easy to find more evidence".
It took years months of more research, technical similarities to the Flame virus, video of an Israeli intelligence official joking about the virus, and much more before the tech community accepted the theory that Stuxnet was a US Government creation.
I'm not saying there's a perfect solution, but surely we as a tech community have lost our skeptical tone and no longer see it as important to question the government's technical claims as we once did.
I have a feeling if the roles were reversed, and it were Trump crying foul about Russian hacking, that's exactly what we'd be doing.
Isn't the Stuxnet story actually a good example of the tech community maybe taking their scepticism too far?
I'm also really sceptical of what, if anything, the government could provide as evidence that people would accept. If the evidence is technical, that doesn't only prevent non-technical people from evaluating it. It also means it's susceptible to being called "fake" when it isn't.
Say, for example, the NSA has log data from a bunch of switches across the world, and maybe the Russians also tapped into a few honeypots. All the NSA then has is IP addresses and other system logs–all of which could easily be faked.
Concerning your last point: Yes, we would treat the reverse different. And there's nothing wrong with judging some information by their record: If I read something on a website that open 6 pop-ups for porn, and that I have never seen before, I'm going to trust it less than the New York Times, which has, contrary to popular myth, an excellent track record of trying their best and making it public when they fail.
I think it's also informative to look at how attribution was viewed in the past. We as a tech community used to almost pride ourselves on our skepticism, as can be seen in this Bruce Schneier post[0] on Stuxnet.
In the post (written in 2010), he points out that attributing Stuxnet to the US Government is "almost entirely speculation", that ties to the Bushehr nuclear power plant were "rumors" at the time, and that "Once a theory takes hold, though, it's easy to find more evidence".
It took years months of more research, technical similarities to the Flame virus, video of an Israeli intelligence official joking about the virus, and much more before the tech community accepted the theory that Stuxnet was a US Government creation.
I'm not saying there's a perfect solution, but surely we as a tech community have lost our skeptical tone and no longer see it as important to question the government's technical claims as we once did.
I have a feeling if the roles were reversed, and it were Trump crying foul about Russian hacking, that's exactly what we'd be doing.
[0] https://www.schneier.com/blog/archives/2010/10/stuxnet.html