Main Area and Open Discussion > Living Room

Luxembourg cybersecurity team takes on China's hacker unit - and wins!

(1/2) > >>

40hz:
In an very well-written article posted over at the Volokh Conspiracy website (which is not about what you think  :mrgreen:), Stewart Baker looks at the issue of hack-backs, and offers up a disturbing discussion about US government sponsored cybersecurity agencies - and how little they apparently do to protect the general public. And more disturbingly  - how increasingly adamant they are becoming about not allowing the general public to protect itself.

   

Luxembourg: The Steve McQueen of Cybersecurity

Stewart Baker • April 12, 2013 8:45 pm

Here’s the scant good news on cybersecurity It’s getting harder for attackers to hide.  The same security weaknesses that bedevil our networks can be found on the systems used by our attackers. A shorter version is something I call Baker’s Law: “Our security sucks.  But so does theirs.”

That’s good news because, with a little gumption, we can exploit hacker networks, gather evidence that identifies our attackers, and eventually take action that will make them regret their career choices.

Unfortunately, the United States has been sitting out this attribution revolution.  Our vaunted CyberCommand may be energetically exploiting hacker networks, but it isn’t helping private victims of cyberespionage. Foreign governments are hacking US companies, law firms, activists, and individuals with abandon, but our government seems unable or unwilling to stop the attacks or identify the attackers.  In fact, hacking victims who want to gather evidence against the bad guys are being warned off, told that conducting a private investigation could put them at risk of prosecution.  As an anonymous Justice Department recently told the press,

“Arguments for or against hack-back efforts fall into two categories: law and policy,” the DOJ spokesman told BNA. “Both recommend against hack-back. Under current law, accessing a computer that you do not own or operate without permission is likely a violation of law. And while there might be something satisfying about the notion of hack-back on a primal level, it is not good policy either.”

Actually, the spokesman could have stated the Department’s policy even more concisely: “We don’t know how to protect you, but we do know how to keep you from protecting yourselves.”

Justice wants to cut off the debate over hacking back...

<Read the full article here.>
--- End quote ---

The article goes on to discuss the actions taken by two private computer security entities residing in Luxembourg who successfully hacked-back the shadowy cyberwarfare group Unit 61398 of the Chinese Army and came away with a wealth of information on exactly who they are, and how they operate. Something that "would likely be illegal" for a US entity to do. At least as far as our ever watchful Department of Justice is concerned.

Well worth a read, both as a cautionary tale, and also for the techno-geek laughs it provides.

---------------------------

Note: the article author Stewart Baker spent "3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy" before returning to private law practice. So his insights are especially interesting since he approaches the topic with the dual perspective of someone who was both a former DHS government 'insider' and is now a private attorney. (Read his work bio here.)

Good stuff!  :Thmbsup:

kyrathaba:
Great article!

TaoPhoenix:
Even "Unit 61398 of the Chinese Army" is chilling! I can barely remember that number! It's like it's picked to have no mnemonic value ever!

P.S. Yay Luxembourg, the most "forgettable nice country ever" for getting into the news!

Tinman57:
  The government won't allow hack-backs because they're afraid you'll find confidential information they stole from the U.S.. [sarcasm on] Can't have that information in the hands of the average citizen, now can we?  [sarcasm off]

40hz:
 The government won't allow hack-backs because they're afraid you'll find confidential information they stole from the U.S.. [sarcasm on] Can't have that information in the hands of the average citizen, now can we?  [sarcasm off]
-Tinman57 (April 13, 2013, 08:42 PM)
--- End quote ---

Also kind of hard to scream about China not doing enough about stopping its so-called college 'hack clubs' if you allow your own non-government entities to do the same.

If cyberwarfare - or state sponsored hacking - is just another form of assault (or violence), then it almost makes sense in that every government ever created insists on having an exclusive monopoly on the use of force. That is almost the single best defining characteristic of 'government' no matter what form the government ultimately takes. It alone holds the 'legal' authority to resort to violence to accomplish its goals.

Navigation

[0] Message Index

[#] Next page