The Active International Response to Cyber Crime

The international cyber-security versus cyber-crime battle is gathering pace and what we’re seeing is the formation of international alliances to fight this rising scourge. However, the online world is unlike any other, it will take more than a defensive mindset to win this battle.

On 11 March in a US Department of Justice blog post by Assistant Attorney General for the Criminal Division, Leslie Caldwell, noted that the Obama Administration wanted existing laws to be updated to go further than the current capability for a civil injunction to be issued to stop the “ongoing commission of specified fraud crimes or illegal wiretapping, by authorising actions that prevent a continuing and substantial injury.”

Caldwell claims that civil injunction process played a “crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014” but is limited by current laws to certain fraud and illegal wiretapping, whilst also leaving botnets to “steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers.”

In an effort to increase powers against cyber-crime Caldwell states “the [Obama] Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware”).”

Redefining the current law to increase the Obama Administration’s power to tackle the scourge of botnets is a reasonable step to take because it will permit law enforcement to identify, infiltrate and ultimately take down the infrastructure used for cyber-crime.

The Electronic Frontier Foundation (EFF) is concerned that the amendment could overreach the original law’s intentions and that the Obama Administration needed to demonstrate how the current laws are failing in the fight against botnets.

Whilst the EFF is arguing against giving law enforcement unfettered powers that might impact on privacy and security, even the EFF must acknowledge that there is a need to find the right legislative balance to bring more criminals to justice, and this does not mean waiting for a crime to be committed before acting against infrastructure and systems that are obviously used with criminal intent.

To take an active response against cyber-threats there is a need to build the strategies and systems that will be employed, and there is a need for the legislative and regulatory environment to consider how an active response to cyber-threats will occur.

To sit back and adopt a defensive posture is ridiculous, regardless of the legal restrictions and technical limitations under which an active response would occur.

There is no doubt that [xref:|critics]] of an offensive posture have valid arguments when we consider the state of national readiness to deal with cyber-threats, and this extends to business and industry which continues to adopt a head in the sand approach rather than forming relationships with government intelligence and law enforcement agencies.

Most of the arguments against taking an active response are reasonable when you consider that most nations don’t have the fundamental tools and trained personnel necessary to achieve anything like a successful outcome.

The question of whether we should attempt to “hack the hackers” is naïve and gives the wrong impression of what an active response should entail.

There are those that argue that an active response could be illegal because it might impact on the privacy and security of the individuals and organisations that are often unwittingly assisting the cyber-criminals when their computers are turned into robots or ‘bots’.

This argument is nonsense because only a few nations have the legislative and regulatory framework necessary for cyber-events that include international participation from non-friendly nations.

For this reason there is nothing to prevent an active response action from gathering intelligence by targeting computers, infrastructure, finances and internet traffic that passes through unfriendly nations or nations that refuse to participate in reasonable law enforcement action against cyber-criminals.

First and foremost the goals of an active response include identification, isolation, infiltration, asset seizure and legal proceedings. This process should not include direct frontal assaults on the computing systems used by criminals as part of their activities as this is likely to warn the criminals that they’ve been identified.

Timely action to gain intelligence and take down criminal botnets enhances the opportunity to identify cyber-criminals that can then be asset stripped and hunted down so that they can be brought to justice.

Read more: Peeling back the darknet

It is important to understand that the prevalence of cyber-crime and cyber-security events is rising, and examples of the devastating outcomes are found everywhere today, even reaching into new areas—a recent cyber-attack caused massive damage to a blast furnace at a Germen steel mill (detailed in a report titled ‘The State of IT Security in Germany 2014’ by the German Government’s cyber-security authority Bundesamt für Sicherheit in der Informationstechnik).

Governments cannot sit back and adopt an approach that will leave a country unable to defend itself against cyber-security and cyber-crime events. To do so would be in itself an act that citizens should not forgive. There is a valid argument for an active response posture to be adopted because the world’s digital networks are a fluid battlefield that necessitates an innovative and broad multi-nation approach in the fight against cyber-security and cyber-crime events.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags hack the hackerscriminal botnetsObama Administrationcyber crimeAssistant Attorney GeneralCSO AustraliaInternational ResponseDDoS attacksLeslie Caldwellcyber-securityEFF

More about CSODepartment of JusticeEFFElectronic Frontier FoundationEnex TestLabIT SecurityUS Department of Justice

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gregory

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place