Legal Clarity Recommended for Understanding Cyberthreat Offense and Defense
January 2, 2017
Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,
“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.
Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.
Megan Feil, January 2, 2017
Cybersecurity Technology and the Hacking Back Movement
December 19, 2016
Anti-surveillance hacker, Phineas Fisher, was covered in a recent Vice Motherboard article called, Hacker ‘Phineas Fisher’ Speaks on Camera for the First Time—Through a Puppet. He broke into Hacking Team, one of the companies Vice called cyber mercenaries. Hacking team and other firms sels hacking and surveillance tools to police and intelligence agencies worldwide. The article quotes Fisher saying,
I imagine I’m not all that different from Hacking Team employees, I got the same addiction to that electronic pulse and the beauty of the baud [a reference to the famous Hacker’s manifesto]. I just had way different experiences growing up. ACAB [All Cops Are Bastards] is written on the walls, I imagine if you come from a background where you see police as largely a force for good then writing hacking tools for them makes some sense, but then Citizen Lab provides clear evidence it’s being used mostly for comic-book villain level of evil. Things like spying on journalists, dissidents, political opposition etc, and they just kind of ignore that and keep on working. So yeah, I guess no morals, but most people in their situation would do the same. It’s easy to rationalize things when it makes lots of money and your social circle, supporting your family etc depends on it.
The topics of ethical and unethical hacking were discussed in this article; Fisher states the tools used by Hacking Team were largely used for targeting political dissidents and journalists. Another interesting point to note is that his evaluation of Hacking Team’s software is that it “works well enough for what it’s used for” but the real value it offers is “packaging it in some point-and-click way.” An intuitive user experience remains key.
Megan Feil, December 19, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
