U.S. Discussing “Hacking Back” At Cyber Trouble Makers

.

Depositors trying to use Shinhan Bank A.T.M.’s on Wednesday in Seoul, South Korea during March, 2013. AP Photo by Ahn Young-Joon

AFP

WASHINGTON —After a seemingly endless barrage of cyberattacks, debate is heating up on hitting back at hackers where it hurts.

Amid calls for ways to punish and deter hackers without sparking a so-called “cyber war,” a panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said in a report Monday that U.S. policies should be eased to allow “active defense” measures by both the government and private sector.

However, it stopped short of endorsing the idea of “hacking back” to disable systems used by attackers.

The panel envisioned measures such as taking down “botnets” that disrupt cyberspace, freeing data from “ransomware” hackers and “rescue missions” to recover stolen data.

The report follows a wave of high-profile attacks against US companies and government databases, and after Washington accused Russia of using cyberattacks to attempt to disrupt next week’s presidential election.

It comes after President Barack Obama called for a “proportional” response to Russia, while leaving unanswered whether this would mean a cyber attack or measures such as diplomatic or economic sanctions.

Former national intelligence director and GWU task force co-chair Dennis Blair said the U.S. has been moving too slowly in its response to cyberattacks.

“We are shooting so far behind the rabbit that we will only hit it if the rabbit makes another lap and comes back to where it was,” he told a conference presenting the report.

Some analysts argue that hackers and states responsible for attacks should get a taste of their own medicine, and that US laws should be amended to allow for hacking back at the cyber criminals.

Some proposals call for private security firms to be “deputized” to carry out legally sanctioned hack-back operations when private firms are victimized.

“Department stores hire private investigators to catch shoplifters rather than relying only on the police. So too private companies should be able to hire their own security services,” said a Hoover Institution paper written by scholars Jeremy Rabkin and Ariel Rabkin.

“There should be a list of approved hack-back vendors from which victims are free to choose.”

Juan Zarate, a former White House national security advisor who now works with the Foundation for Defense of Democracies, said such a model for action could be based on the early days of the republic when Congress issued “letters of marque and reprisal” for private merchant ships to bring in maritime pirates.

In an essay last year, Zarate called for a “cyber-privateering regime that rewards, enables, and empowers the private sector to help defend itself in concert with government.”

Others warn of the dangers of empowering private actors to engage in reprisals.

Nuala O’Connor, president of the Center for Democracy and Technology and co-chair of the GWU panel, argued of unintended consequences of authorizing companies to break into outside computer networks.

“I believe these types of measures should remain unlawful,” she wrote, adding that it remains difficult to be sure of cyberattacks’ sources.

“The risks of collateral damage to innocent internet users, to data security, and to national security that can result from overly aggressive defensive efforts needs to be better accounted for.”

Steve Grobman, chief technical officer at Intel Security, also questioned whether private entities should be allowed to take counter-measures.

Because hackers can easily disguise their attacks, Grobman said a questionable retaliation could create an ugly situation.

“What I worry about is a terrorist entity creating an attack that appears to come from a nation state that creates a public push for some hack back and that leads to a live shooting cyber war,” he said.

James Lewis, senior fellow at the Center for Strategic and International Studies, said the United States has pledged to its international partners to steer clear of these kinds of acts in cyberspace.

“We’ve told people the internet should be based on the rule of law, and (hacking back) would undercut that,” he said.

“The question you always want to ask is whether this would make cyberspace more or less stable. This would make it less stable.”

Patrick Lin, who led a study this year for California Polytechnic State University on the ethics of hacking back, said there is “a moral case for hacking back, but an under-developed case for its legality and effectiveness.”

In the report, Lin wrote that while it is difficult to know whether hacking back has deterrent value, “doing nothing, as seems to be the case now, certainly offers no deterrence and likely encourages cyber-attackers to continue preying on others.”

Related:

 (March 2013)

 (December 2014)

 (June 2015)

Related articles prior to June 2015:

China's newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military's F-22 Raptor

China’s newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military’s F-22 Raptor

.

.

.
.
.
.

 (China has a pattern of silencing or censoring critics)

Tags: , , , , , , , , , , , , , , , , , , , ,

One Response to “U.S. Discussing “Hacking Back” At Cyber Trouble Makers”

  1. daveyone1 Says:

    Reblogged this on World Peace Forum.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: