Tag Archives: hacking

Support for Retribution and Active Defense Increases

By Stewart Baker on May 22, 2013 Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Chinese hacking continues to build anger in American business and government circles. As a result, private companies may be encouraged to do more than passively defend their networks as evidenced by the recent report of a commission headed by two Obama appointees, former US Ambassador to China (and minor GOP Presidential candidate) Jon Huntsman and… Continue Reading

Lessons From the New York ATM Heist

By Jason M. Weinstein on May 10, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

The announcement yesterday of charges in New York against eight members of a cybercrime ring that stole $40 million from ATMs in 24 countries, all within 10 hours, is the latest in a series of episodes that illustrate the constant threat of cyber attacks against our corporate networks. This case should be a wake-up call… Continue Reading

Amendments to CISPA a Threat to Cybersecurity?

By Stewart Baker on April 10, 2013 Posted in Cybersecurity and Cyberwar, Privacy Regulation

In response to some of the privacy criticisms of the Cyber Intelligence Sharing and Protection Act (CISPA), the House Intelligence Committee is proposing amendments to the bill. Politico’s Tony Romm reports on some of the likely amendments: Still another amendment specifies clearly that CISPA won’t allow companies to “hack back” their hackers in pursuit of… Continue Reading

The Question of ‘International Law of Cyberwar’

By Stewart Baker on March 22, 2013 Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

Will international law and diplomacy limit cyberwar? Those who believe in international “norms” for cyberwar usually argue that cyberattacks on financial institutions are beyond the pale. For example, Harold Koh has declared the State Department’s view that cyberwarriors “must distinguish military objectives … from civilian objects, which under international law are generally protected from attack.”… Continue Reading

Cyberattacks Ranked As Top Global Threat To US National Security

By Michael Vatis on March 12, 2013 Posted in Cybersecurity and Cyberwar

Ten to fifteen years ago, some of us on this blog (well, both of us) were called fear-mongers, and worse, for trying to raise the alarum about the threat to our security posed by cyberattacks. Times certainly have changed—or at least attitudes. Today, Director of National Intelligence James Clapper, in testimony before the US Senate,… Continue Reading

Hacking Hollywood

By Stewart Baker on March 7, 2013 Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

That might sound like breaking news from 1983, but this time we’re not talking movie plots, we’re talking business. Specifically how Chinese cyberespionage could affect Hollywood’s bottom line. The Hollywood Reporter asked me to talk about that impact in a guest column, out this week. Here’s some of what I said: Hollywood might be blinded… Continue Reading

The Hackback Debate Revisited

By Stewart Baker on March 4, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Last fall, Orin Kerr and I engaged in an online debate over the Computer Fraud and Abuse Act — specifically whether it is lawful for the victim of computer crime to follow his stolen data into networks controlled by the thief. The debate spread across several posts and into the comments, but it’s been pulled… Continue Reading

Found: The PLA’s University of Hacking

By Stewart Baker on February 19, 2013 Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Bloomberg Businessweek has a remarkable story about the identification of another Chinese hacker. It’s a long, tangled, and fascinating tale of good sleuthing by several researchers, but the trail ends with Zhang Changhe, a digital entrepreneur and teacher — at a People’s Liberation Army school that is suspected of training PLA hackers. In the denouement,… Continue Reading

A Soft Counterattack on Private Counterhacks

By Stewart Baker on February 14, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Herb Lin of the National Research Council has launched the first, soft counterattack on those who think victims of cyberespionage should have greater leeway to respond directly to intrusions. Herb always strives for some balance in his work, but it’s clear that he’s a skeptic, concluding “It is not clear that the use of offensive… Continue Reading

Up the Ladder We Go

By Stewart Baker on February 13, 2013 Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Once again, Ellen Nakashima of The Washington Post has broken a cybersecurity story: A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report. The National Intelligence Estimate identifies China as the country… Continue Reading

Corporate Network Defense: When Seconds Count, the FBI is Years Behind

By Stewart Baker on January 4, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

The Washington Post’s Ellen Nakashima wrote another cutting-edge article on innovative approaches to network defense. I’ve blogged before about honeytokens, deceptive files that leave hackers with false data while flagging the intrusion to defenders. The article suggests that their use is growing, as other defensive techniques prove ineffective: Brown Printing Co…began planting fake data in… Continue Reading

Why Do the Feds Care About Officials’ Private Emails?

By Michael Vatis on December 6, 2012 Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

For those who have wondered why the feds cared about what former CIA Director David Petraeus was doing on his private email account, recent reports on hacks into the personal computers of former Chairman of the Joint Chiefs of Staff Mike Mullen provide at least a clue. Mullen’s personal computers, which he used while working… Continue Reading

More on Cybersecurity and Attribution: Si Chuan University and Tencent

By Stewart Baker on December 5, 2012 Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Previously, I told the story of how Trend Micro identified “Luckycat,” a Chinese hacker who had attacked the Dalai Lama, aerospace firms, and other targets. Based on what we know so far, the likely hacker is Gu Kaiyuan, formerly a student at Si Chuan University’s Information Security Institute and currently employed by the large Chinese instant… Continue Reading

The Importance of Cybersecurity

By Stewart Baker on December 5, 2012 Posted in China, Cybersecurity and Cyberwar, International

For those who think I’m a little paranoid on the subject of cybersecurity, I share this story – a nightmare made in China for a small US businessman. Brian Milburn’s parental control software was pirated and used in a China’s infamous Green Dam software. When he sued, hackers tied to the Chinese government attacked his networks… Continue Reading

The Hackback Debate

By Steptoe on November 2, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The vulnerability of computer networks to hacking grows more troubling every year. No network is safe, and hacking has evolved from an obscure hobby to a major national security concern. Cybercrime has cost consumers and banks billions of dollars. Yet few cyberspies or cybercriminals have been caught and punished. Law enforcement is overwhelmed both by… Continue Reading

Good News for Cybersecurity and Attribution?

By Stewart Baker on October 8, 2012 Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

How should the US respond to massive state-sponsored cyberespionage? Right now, policymakers are intent on improving network security, perhaps by pressing the private sector to improve its security, or by waiving outmoded privacy rules that prevent rapid sharing of information about attackers’ tactics and tools. This would improve our network security, but not enough to alter… Continue Reading

Rethinking Cybersecurity, Retribution, and the Role of the Private Sector

By Stewart Baker on September 19, 2012 Posted in Cybersecurity and Cyberwar, Security Programs & Policies

In upcoming testimony before the House Homeland Security Committee, I’ll be assessing the Department of Homeland Security, with particular focus on cybersecurity. Probably the most important point I’ll be making is a simple one: We will never defend our way out of the current cybersecurity crisis. That’s because putting all the burden of preventing crime… Continue Reading

The Cybersecurity Act of 2012; Hacker Protection

By Stewart Baker on July 24, 2012 Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

A revised draft of the cybersecurity bill contains information sharing provisions that were heavily negotiated between the Obama administration and privacy groups. This effort at compromise has prompted the usual ambiguous praise from privacy groups. The Electronic Frontier Foundation, though “pleased” with the progress, complained that the measure still “contains broad language around the ability… Continue Reading

The First Circuit and Cybersecurity

By Stewart Baker on July 5, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Can you hear the legal ground shifting under the feet of the banks? Many small businesses are now infected by keylogging software. Hackers use it to steal banking credentials and make wire transfers. It is very difficult to keep the hackers out, at least for small businesses. The most promising way to defeat such fraud is for… Continue Reading

Taking the Offense to Defend Networks – Another Perspective

By Michael Vatis on June 22, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation

One can certainly understand the frustration of private companies that are repeatedly subject to cyberattacks, and seem to have little ability to keep the intruders out or to get overstretched law enforcement agencies interested in investigating. But the idea of changing the law to authorize “hacking back” is a dangerous one, and unlikely to fix… Continue Reading

Taking the Offense to Defend Networks

By Stewart Baker on June 19, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation

Joseph Menn has an interesting Reuters article on a growing sentiment within network security circles: Frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants, an increasing number of US companies are taking retaliatory action. Known in the cyber security industry as “active defense” or “strike-back” technology, the reprisals… Continue Reading

Can Chinese Hackers Self-Police?

By Michael Vatis on March 29, 2012 Posted in China, Cybersecurity and Cyberwar, International

Chinese hackers call for “self-discipline” and an end to commercially motivated cybercrime. The Wall St. Journal (subscription required) suggests it’s because former hackers have grown up and become security professionals. But does it occur to anyone that the Chinese government might be worried about the rising tide of complaints about Chinese hacking, particularly cyber espionage against the… Continue Reading