June 20, 2012
Hacked companies fight back with controversial steps (Reuters)
More proof that our present is a cyberpunk future. Reuters reports that companies, frustrated with outdated laws against sophisticated hacking attacks, are now looking for more “active” forms of defense against hackers. Not content with react-and-repair plans, they are now looking for offensive responses:
Known in the cybersecurity industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant’s own systems.
One such “contractor” is CrowdStrike, a “A Stealth-mode Security Start-up” that offer services such as “an on-demand retainer service that empowers your enterprise through experienced and professional tactical response teams” (what some may call “mercenaries”). They can also use more common tactics like honeypots (fake files to keep an intruder’s attention while he’s being traced).
A slippery slope. With such security breaches becoming more commonplace, it would seem that an escalation in hacking countermeasures was inevitable. But such escalation is not without risks:
Henry (Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined CrowdStrike) and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent’s computers, but they say the private sector does need to fight back more boldly against cyber espionage.
Of course, that fight-back mentality can lead to mercenary groups who can go world-wide to track and “neutralize” a hacker with a “fuck your laws” mentality.
Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage.
Who’s really to blame? Hackers are getting more aggressive with their attacks and more silent with their invasions, but are they the bored teen in his/her bedroom looking for lulz, or other corporations and governments looking for an advantage? To underscore the real threat, an example of the recently discovered to be American/Israeli made Flame rootkit is cited as a major failure:
Mikko Hypponen, the well-regarded chief research officer at Finland’s F-Secure Oyj, told the Reuters Summit his company had a sample of Flame in 2010 and classified it as clean and later missed another virus called Duqu that was suspected of being backed by Western governments.
“These are examples how we are failing” as an industry, Hypponen said. “Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets.”
Because some national governments are suspected in attacks on private Western companies, it is natural that some of the victims want to join their own governments to fight back.
Armed responses from corporate militias are more of a colorful afterthought for now, but with the Pentagon wanting to use military force on hackers and recent reports of Obama wanting to use drones for domestic surveillance, corporate militias may not be that far off.