Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

U.S. Mulls New Tactics to Stem Wave of Cyberattacks

WASHINGTON – As hacking attacks reach epidemic proportions, the US cybersecurity community is looking at new ways to step up defense, including counterattacking the hackers themselves.

WASHINGTON – As hacking attacks reach epidemic proportions, the US cybersecurity community is looking at new ways to step up defense, including counterattacking the hackers themselves.

US cybersecurity firms have begun unprecedented levels of cooperation to shore up America’s key computer networks, and some experts argue in favor of “hacking back,” or using offensive tools to improve defense.

Last month, dozens of cybersecurity firms and partners pooled resources in an effort to root out malware believed to originate from a Chinese state-sponsored group, dubbed Axiom.

“We wanted to make absolutely sure we did something that caused them some level of pain,” said Zachary Hanif at iSight Partners, one of the cybersecurity firms involved in the operation.

Although the operation stopped short of “hacking back,” the coordination aimed to “throw a large wrench into their engine,” according to iSight’s Brian Bartholomew, by coordinating defense to remove malicious software from and fortify defenses.

The group cleaned up some 43,000 infections over two weeks. Some experts argue tougher defense is not enough, and that some kind of offensive action is needed to halt the worst attacks in cyberspace.

Stewart Baker, a former assistant secretary of homeland security who now practices law in Washington, argues that limited “hacking back” could be justified, even though the legal issues are unclear.

Morally justified?

Advertisement. Scroll to continue reading.

Baker said any actions a company takes outside its own network could be viewed as illegal, but there is a strong case to be made for reaching out to networks of third parties used by hackers to transit stolen data.

“I think you are morally justified for sure” in taking such actions, Baker told AFP. “And I think the probability of being prosecuted is very low.”

Baker said if a firm can locate its stolen data and has a way to recover it, “they would be crazy not to.”

“They can’t wait for the government to get a court order. By the time that happened, everything is going to be gone.”

But going beyond that, such as seeking to take out a hacker network, would mean “taking on risks” of legal liability.

US Justice Department guidelines caution against any retaliation.

Baker said the guidelines “don’t quite say it’s illegal, they say it’s a bad idea.”

A 2013 presidential commission report on intellectual property theft suggested some types of retaliatory actions should be legal.

“Without damaging the intruder’s own network, companies that experience cyber-theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information,” the report said. American firms wrestle with legal and other implications of any type of cyber-retaliation.

“We have the capability to hack back,” said Jody Denner, a cybersecurity and digital forensics consultant for Hewlett-Packard who has worked with government agencies and the corporate sector.

“The same open-source tools that are available to these state-sponsored groups are also available to everyone else.”

Denner said he is aware of some “cyber-bandit” firms that will take offensive measures, keeping the matters quiet.

In the meantime, other governments are active on this front.

“The services of such ‘mercenaries’ are actively purchased by third-world governments like Pakistan and Nigeria,” said Denis Makrushkin of the security firm Kaspersky.

‘A lot like counterespionage’

Kristen Eichensehr, a national security law specialist at the University of California-Los Angeles and former State Department adviser, said private firms appear to be expanding their range of actions.

“The terms ‘hacking back’ or ‘active defense’ are used to describe a variety of actions ranging from planting fake data to ‘beaconing’ proprietary data so that it can be tracked if taken off a corporate network,” she said on the Just Security blog.

“Depending on where on the spectrum a ‘hacking back’ action is, the private entity’s actions could look a lot like counterespionage, law enforcement, or even military action.”

The US military’s Cyber Command charged with protecting the country’s “critical infrastructure,” which includes computer networks for finance, utilities and transportation, often gets blamed when there are gaps in cyber defenses.

Admiral Mike Rogers, who heads the Pentagon’s Cyber Command as well as the National Security Agency, said recently the military is eyeing a policy of “deterrence,” the same concept used for avoiding nuclear war.

Rogers said that as part of his role leading Cyber Command, he wants potential cyber-attackers to know there are consequences for their actions and that the US holds powerful weapons it can use.

But James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, said deterrence is unlikely to work.

“The idea of a deterrent effect is not plausible because you can’t deter espionage and crime,” Lewis said.

“What is the threat to get them to stop breaking into banks? There is no threat.” American officials are hesitant to carry out an offensive cyberattack “because what happens if they accidentally turn off the electricity at a hospital and kill a dozen people?”

With no easy answers, Lewis said improving cybersecurity will require not only better hardware, software and coordination, but diplomatic measures.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...