Hackers who attack defense or commercial computers in the US and UK in the future may be in for a surprise: a counterattack, authorized and carried out by the police and defense agencies that aims to disrupt and even knock them off the Internet.
The secret plans, prompted by the explosion in the number of computer-crime incidents from East Asia targeting commercially or politically sensitive information, are known as “strikeback” and are intended to target hackers’ computers and disrupt them, in some cases involving “denial of service” attacks.
According to well-placed sources, work on “strikeback” has already begun in the UK, with the Serious Organised Crime Agency (SOCA) and London’s Metropolitan police’s (the Met) e-crime unit working to deploy teams.
The measures are being adopted because of the unprecedented level of attacks being suffered from hacking groups in China, Russia and North Korea, which are suspected of being state-sponsored. Among intelligence circles in Washington, the idea of hitting back at foreign hacking groups is being described as the hottest topic in cyberspace.
“This is considered to be a key activity,” said a former CIA officer actively involved in the debate. “We are being penetrated and it is not in our tradition to sit back and do nothing.
“This is a huge, huge deal in Washington and it is a high priority discussion. What it means is that if we can identify who is doing this to us, then we can return fire with a payload that takes them out. That’s a very big priority,” the CIA officer said.
Amid rhetoric reminiscent of the Cold War, it is clear the US has run out of patience following blatant cyberattacks such as Titan Rain — an attempt to breach Western defense systems with the aim of stealing defense and commercial secrets.
While on the campaign trail last July, US President Barack Obama identified cybersecurity as one of the biggest challenges facing the US.
“As president, I’ll make cybersecurity the top priority that it should be in the 21st century,” he said.
He has also equated cyberthreats with nuclear and biological weapons.
Last week saw the results of Obama’s cybersecurity concerns, with the publication by the White House of the Cyberspace Policy Review written by Melissa Hathaway, a senior director at the National Security Council who is widely tipped to become Obama’s cybersecurity chief.
In this review of the US’ computer security problems, carried out over the past 60 days, Hathaway broadly recommends more cooperation and education and maintaining the US’ technological lead.
The document also states: “The Communications Act of 1934 authorized the President, if he deems it necessary in the national security or defense and the requisite threshold condition exists, to use, control, or close communications services, systems, and networks under the jurisdiction of the Federal Communications Commission in conditions ranging from ‘state of public peril’ to ‘war’.”
Many involved in the “strikeback” discussions in the US think it must be deployed immediately to develop a “defensive offensive capability.”
“At a high level this has to do with a cyberwar threat discussion. If we can confirm who has attacked us, we have to have an offensive strikeback,” the former CIA officer said.
Less bellicose but equally specific definitions are now in force in Britain.
“The UK, like many other nations, has an offensive capability, which is for defense only,” a UK intelligence source said. “There is a growing willingness to strike back against some of the more obvious threats.”
One of the stated aims of the Met’s e-crime unit is to “disseminate target-specific intervention and prevention advice, and conduct intelligence-led disruption activity.”
It all sounds very hawkish but it is a policy that is exciting controversy. How do you hit someone back without causing damage to someone else on the way, or taking out the servers of an ISP that the attack was routed through?
“People were talking about this six years ago,” said Rik Ferguson, a senior security adviser for the computer security company Trend Micro. “This is a very bad idea, due to the issues surrounding collateral damage.”
But the hawks say this concern is outmoded since conventional computer-security procedures and the methods used by security firms are proving ineffective at stemming the attacks. And, according to some in the industry, targeting is possible.
“We know of a couple of hundred individuals in China and Brazil, a hundred in Russia and similar numbers in North Korea,” said Brian Grayek, vice president of product development for CA, a company specializing in tools to identify the origin of attacks. “We can put tracking tools on the attackers’ computers so we know who they are, where they are coming from, where they are going and when they are doing it.
“We can pinpoint to street and location, there are a number of times we can identify individuals and I would be fairly sure the US government has the same capability,” he said.
That leaves the problem of who carries out the counterattacks.
“We were approached by SOCA and asked if we were prepared to carry out denial of service attacks and trace routes back to known IP addresses,” a security specialist working in the City of London said.
According to Len Hynds, former head of the National High-Tech Crime Unit, targeting and disruption of hacking groups such as the Russian Business Network has long been a topic of discussion at SOCA.
“SOCA was looking at it as a target, but the stumbling block for them was legal issues,” he said.
For many this means that outsourcing the response is the name of the game. Just as groups such as the RBN and the students operating from Guangdong in China are suspected of working with the collusion of their governments, so many think the hunter-killers of cyberspace will operate on an outsourced basis as paid vigilantes.
“Anything that the UK would do would be deniable,” says Pat Tyrrell, a former high-ranking official at the Ministry of Defence who drafted the UK’s first assessment of the potential for cyberwarfare. “Doing things this way would not surprise me; I always thought the only way to deal with this was, quote, ‘illegally.’”
“You can either do nothing, which leaves you open to attack, or you can do something and accept there might be a risk downstream. One of the risks is that you do something and get caught, but the people attacking us are already doing that,” said Tyrrell, adding that drastic steps were now necessary to deal with the scale of the problem.
“There are Chinese manufacturers of telecoms equipment who are known to have put backdoors into them, which is why their technology is banned from use in the US, even though it is significantly cheaper. This isn’t just about hacking,” he said.
Asked to comment for this article, a SOCA spokeswoman said: “I’ve spoken with our e-crime team. All we can really say on this is that SOCA uses a range of techniques within the available legal frameworks, appropriate to each investigation. We don’t comment on the detailed use of individual tactical options.”
From May 31 to June 2, 37 ministers of defense attended the 21st International Institute for Strategic Studies Shangri-La Dialogue in Singapore, including Chinese Minister of National Defense Dong Jun (董軍). Anyone who tried to separate Taiwan from China would be “crushed to pieces,” he said during the premier defense summit. In response to the threat, US Indo-Pacific Commander Admiral Samuel Paparo revealed the US military’s “Hellscape” strategy, with the aim of thwarting a potential Chinese invasion of Taiwan. The strategy involves turning the Taiwan Strait into an “unmanned hellscape” before Chinese forces can cross it, Paparo said in an
Since Nvidia Corp chief executive officer Jensen Huang’s (黃仁勳) arrival in Taiwan on May 26, he has dominated headlines across multiple local news outlets. Rather than speaking English, he has been seen several times conversing with locals in Hoklo (commonly known as Taiwanese), a local language no longer commonly used by the public. Due to his growing popularity and use of Hoklo, issues surrounding the preservation of native languages have resurfaced. Contrary to the stigmatizing belief that Hoklo is merely a language spoken by the uneducated, Huang’s actions have inspired many of his fans to revive their respective mother tongues. Unfortunately, even
The pro-China camp in Taiwan is apparently displeased with Nvidia Corp founder and CEO Jensen Huang (黃仁勳), and an Internet celebrity even searched for and disclosed his personal information online. Such disapproval was not only due to Huang using the word “country” to describe Taiwan or his praise for the nation’s technology industry, but also because his very existence implies support for Taiwan. After reforms in the Tang (唐) and Song (宋) dynasties, the class system of the “four occupations” — academic, farmer, worker and businessperson — took shape in China. Prior to the changes, businesspeople held influential roles in China. The
Beijing’s goals in last month’s China-Japan-South Korea Ninth Trilateral Summit were to repair and strengthen its relations with Seoul and Tokyo, as a way of counterbalancing US influence. In a climate where public sentiment is shifting against the Chinese Communist Party, Chinese President Xi Jinping (習近平) is attempting to break up the US alliances in Asia and Europe. The outcome of the trilateral summit is more symbolic than substantive, as both South Korea and Japan remain under threat from Beijing and are unlikely to pivot away from the US. This was evidenced by a statement after the US-Japan-South Korea Trilateral Ministerial