Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 06, 2016, 08:14:30 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Luxembourg cybersecurity team takes on China's hacker unit - and wins!  (Read 3109 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
In an very well-written article posted over at the Volokh Conspiracy website (which is not about what you think  :mrgreen:), Stewart Baker looks at the issue of hack-backs, and offers up a disturbing discussion about US government sponsored cybersecurity agencies - and how little they apparently do to protect the general public. And more disturbingly  - how increasingly adamant they are becoming about not allowing the general public to protect itself.

Quote
   

Luxembourg: The Steve McQueen of Cybersecurity

Stewart Baker • April 12, 2013 8:45 pm

Here’s the scant good news on cybersecurity It’s getting harder for attackers to hide.  The same security weaknesses that bedevil our networks can be found on the systems used by our attackers. A shorter version is something I call Baker’s Law: “Our security sucks.  But so does theirs.”

That’s good news because, with a little gumption, we can exploit hacker networks, gather evidence that identifies our attackers, and eventually take action that will make them regret their career choices.

Unfortunately, the United States has been sitting out this attribution revolution.  Our vaunted CyberCommand may be energetically exploiting hacker networks, but it isn’t helping private victims of cyberespionage. Foreign governments are hacking US companies, law firms, activists, and individuals with abandon, but our government seems unable or unwilling to stop the attacks or identify the attackers.  In fact, hacking victims who want to gather evidence against the bad guys are being warned off, told that conducting a private investigation could put them at risk of prosecution.  As an anonymous Justice Department recently told the press,

“Arguments for or against hack-back efforts fall into two categories: law and policy,” the DOJ spokesman told BNA. “Both recommend against hack-back. Under current law, accessing a computer that you do not own or operate without permission is likely a violation of law. And while there might be something satisfying about the notion of hack-back on a primal level, it is not good policy either.”

Actually, the spokesman could have stated the Department’s policy even more concisely: “We don’t know how to protect you, but we do know how to keep you from protecting yourselves.”

Justice wants to cut off the debate over hacking back...

<Read the full article here.>

The article goes on to discuss the actions taken by two private computer security entities residing in Luxembourg who successfully hacked-back the shadowy cyberwarfare group Unit 61398 of the Chinese Army and came away with a wealth of information on exactly who they are, and how they operate. Something that "would likely be illegal" for a US entity to do. At least as far as our ever watchful Department of Justice is concerned.

Well worth a read, both as a cautionary tale, and also for the techno-geek laughs it provides.

---------------------------

Note: the article author Stewart Baker spent "3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy" before returning to private law practice. So his insights are especially interesting since he approaches the topic with the dual perspective of someone who was both a former DHS government 'insider' and is now a private attorney. (Read his work bio here.)

Good stuff!  :Thmbsup:

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,120
    • View Profile
    • Donate to Member
Great article!

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,550
    • View Profile
    • Donate to Member
Even "Unit 61398 of the Chinese Army" is chilling! I can barely remember that number! It's like it's picked to have no mnemonic value ever!

P.S. Yay Luxembourg, the most "forgettable nice country ever" for getting into the news!

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
  The government won't allow hack-backs because they're afraid you'll find confidential information they stole from the U.S.. [sarcasm on] Can't have that information in the hands of the average citizen, now can we?  [sarcasm off]

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
 The government won't allow hack-backs because they're afraid you'll find confidential information they stole from the U.S.. [sarcasm on] Can't have that information in the hands of the average citizen, now can we?  [sarcasm off]

Also kind of hard to scream about China not doing enough about stopping its so-called college 'hack clubs' if you allow your own non-government entities to do the same.

If cyberwarfare - or state sponsored hacking - is just another form of assault (or violence), then it almost makes sense in that every government ever created insists on having an exclusive monopoly on the use of force. That is almost the single best defining characteristic of 'government' no matter what form the government ultimately takes. It alone holds the 'legal' authority to resort to violence to accomplish its goals.

sword

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 200
    • View Profile
    • Donate to Member
I can barely remember that number!


613/June 13 1792/China Tsunami 8.6
6+1+3=10
10 9 8 /countdown

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,282
    • View Profile
    • Donate to Member
That is almost the single best defining characteristic of 'government' no matter what form the government ultimately takes. It alone holds the 'legal' authority to resort to violence to accomplish its goals.

Concur most enthusiastically  :up:!.  And if you resist or defend against such, you are guilty of treason by definition.

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member

  I say let'em hack back, but don't let the government in with it's SOPA Crap....

Quote
U.S. urged to let companies 'hack-back' at IP cyber thieves
05.23.2013 1:20 PM

U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.

http://www.pcworld.c...p-cyber-thieves.html