Posted by: Ken Harthun
Cybercrime, Hacker, Security
Forgive my alliteration; one should avoid alliteration always. But, I came across an interesting report that seems to suggest–though not necessarily advocate–retaliation against suspected copyright abusers. The report, entitled “The Report of the Commission on the Theft of American Intellectual Property,” and published by the US IP Commission. The report is rather sobering as summarized in the Key Findings:
The annual losses are likely to be comparable to the current annual level of U.S. exports to Asia—over $300 billion. The exact figure is unknowable, but private and governmental studies tend to understate the impacts due to inadequacies in data or scope. The members of the Commission agree with the assessment by the Commander of the United States Cyber Command and Director of the National Security Agency, General Keith Alexander, that the ongoing theft of IP [Intellectual Property] is “the greatest transfer of wealth in history.”
Where the report really gets interesting is in the concluding Chapters 13 and 14 entitled “Cyber Solutions” and “Potential Future Measures,” respectively. They come right out and suggest the use of what would amount to legally sanctioned ransomware:
Support efforts by American private entities both to identify and to recover or render inoperable intellectual property stolen through cyber means.
. . .
…software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account.
And here is the “hack the hackers” section:
While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.
Food for thought…