The new National Intelligence Estimate (NIE) on Cyber Espionage (the first NIE ever to address cybersecurity specifically), which is compiled by the office of the Director of National Intelligence (currently James R. Clapper), concludes that the United States is the target of a “major espionage campaign”, and fingers China as one of the leading offenders.
This is providing a marketing opportunity for a new breed of services: organizations that will go out on the offensive for your company, basically hacking the hackers on your behalf, and essentially striking back at those attacking your network with a counter-strike. In fact, one such company calls itself “CrowdStrike”.
Holy spy versus spy, spyman!
It’s an interesting concept – going on the offensive to wipe out the cybersecurity threats who are DOSing, infiltrating, or otherwise hacking your network. Explains CrowdStrike, “Through hunting operations, including host-based detection, threat-specific network analysis, and victim threat profiling, we identify the adversary and find out what they are after.”
What one does with that information is, of course, one of the big questions, along with “Is it legal?”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
And of course the answer to that last question depends in large part in what you ultimately decide to do. For example, leaving a poison pill on your own network (say, bundled malware, or an intentionally misleading document), and waiting for the hacker to grab that file, is going to be a whole lot more legal than would inflitrating their network.
But even the “bait and wait” startegy can have its pitfalls. If you leave malware on your own network designed to damage theirs should they steal the file, they may still have grounds for a legal action against you.
Of course, the odds are that if you are a target, your attackers are quite likely in another country, which certainly doesn’t negate the legal concerns, but it does muddy them. And if you are being illegally hacked or DOSed, the offending party (or country) is not as likely to levergae a legal claim against you as they are to..well, retaliate and escalate.
Which brings us to the question: is counter-attacking really the wisest way to go about dealing with a cyber-attack?
We’re not saying that it isn’t. But we’re not saying that it is.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!