Almost every year large multi-national corporation’s lose billions of dollars due to hacking attack. Most of them have a same feeling of Revenge against the hackers.
Robert Clark, operational attorney for the U.S. Army cyber command, met these unfortunate business tycoons and later said in an interview ““I’ve been involved in this field in-depth for 10 years, and the first thing everybody asks is, ‘How do I hack back? I want to smack somebody,’” he said in an interview. “And my response is always the same: Why? Because you’re mad? What do you want to get out of it?” Robert Clark is also a speaker at Black Hat conference.
In today’s world everybody wants to go offensive with hackers, they want revenge for the damage caused by Hackers. Shawn Henry, President of CrowdStrike, former FBI cyber-crime official, is currently working to assign blame for attacks. CrowdStrike has received $26 million in first-round funding from private equity firm Warburg Pincus and is planning to release technology later this year.
Some security experts believe that America and Israel jointly developed stuxnet in order to destroy Iran nuclear project. New York Times reports” Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
Later Washington Post reported that The United States and Israel are jointly developing a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.
The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials. It is said that Flame is 20 times the size of Struxnet.
Many security experts consider these attacks from USA and Israel as an act of self-defense.
Some companies are even planning to put a tracking code in data files which are at risk of being stolen, but it is not 100% legal to do so. To point it out Robert Clark gave an example of a 1992 case where a driver working for the U.S. Postal Service was caught stealing envelopes stuffed with money on his route. The driver, Ervin Charles Jones, pleaded guilty but argued that investigators’ use of a small transmitter to track one of the envelopes — the key to making the arrest — led to an unlawful search of his van. The courts disagreed, and Jones was sentenced to 11 months in prison.
He said “Planting malicious software on attackers’ machines would violate anti-hacking laws but Placing fake blueprints or software code in a place where hackers could steal them could be a legal, effective diversion.
He also showed some limitations of Self-defense which can be implemented in the cyber world “The case involved Iowa landowners, Edward and Bertha Briney, who rigged a shotgun to fire on anyone who entered a bedroom in a vacant farm house that was being repeatedly burglarized. An intruder broke in to scavenge old bottles and fruit jars and had most of his leg blown off. A jury awarded the intruder $30,000 in damages, which would be more than $200,000 in today’s dollars.”
This is a matter of serious concern as cyber-attacks can now cause damage in the physical world. As the attackers are not only targeting personal computers, but also computers that run water facilities to automobiles, insulin pumps and power stations.
Today’s need is to set criteria for calling it a self-defense case. Self-defense can only be justified where personal safety and security is in danger. So to start a counterattack against the attacker large corporations would have to come with up very strong reasons to prove that their action is completely OK with the level of the threat. Else you would be ending up in court.
Author: Naveen Singh
Originally Published in Hacker5 Magazine