Cyber attacks against the US – the empire strikes back

John Carlin is an Assistant Attorney General at the Department of Justice in the US and runs the National Security Division. He is responsible for prosecuting cyber criminals in the United States that threaten the interests of the country. It was the first new litigation division created in 50 years and came from a recommendation of the 9/11 Commission and pulled together several different government entities that, until then, didn’t share information easily.

During a Q and A session at RSA Conference 2015 he addressed several important issues surrounding the policies and practices undertaken by the federal US government. In particular, it was clear that the US is taking a more aggressive stance in defending against cyberterrorism and prosecuting cybercriminals in order to establish and clarify what it sees as the boundaries of appropriate online behaviour – particularly when it comes to actions between nation states.

In 2014, the Department of Justice indicted five members of the Chinese People’s Liberation Army. They even issued wanted posted for the five officials. They were charged with the theft of intellectual property from US companies.

“We got really good at seeing the acts of nation states, [we’d] watch them and track them going into US companies and see the data exfiltrating out. We knew that day in, day out we were losing billions of dollars worth of information to China and others,” said Carlin.

The National Security Division asked itself what it was doing to prevent cyber attacks and found that they weren’t doing enough to disrupt their actions. Although it was understood that even a well resourced company lacked the resources to defend against a dedicated and motivated nation state who was determined to execute a cyber crime a message needed to be sent.

“It means improving what we do on the defensive side,” said Carlin. “But it also means doing what we do in every other [crime] and making it clear that it’s not OK to stela from American companies”.

Carlin said it didn’t matter where the evidence led. Whether it led to a gang in Eastern Europe or a nation state, there would not be any “free passes”.

A significant challenge in the PLA case was a balance between diplomatic interests, political realities and criminal actions.

Carlin said the President Obama was in talks with China and told them he knew they were involved in the theft of data putting continuing foreign trade was in jeopardy and the actions were outside acceptable norms of behaviour.

The other element of the decision to issue the indictments was establishing the criminal case in order to send a message that the theft was a criminal act. In the past, such cases were not raised and it was felt not prosecuting a case was establishing a norm where such acts would go unpunished.

“We need to increase the cost – it can’t be a cost-free environment. And to do that it means you have to do three things. One – you have to figure out who did it. Two – when we figure out who did it, when it’s a nation state in particular, we can’t be afraid of saying who did it. And three, after figure out who did it and day who did it, there needs to be costs. That cost might be a criminal indictment. It might be other sanctions. It might be diplomatic cost,” said Carlin.

In the case of the Sony hack, once the National Security Division established North Korea as the perpetrator, President Obama publicised that finding and then used an existing Executive Order to increase sanctions against the attacker.

Carlin was asked during the Q and A whether he could imagine a situation where US Special Forces could be deployed, as they have been in other criminal cases, to bring an indicted individual into the United States, under force, to face charges for a cybercrime. He said he could see that as a possible outcome although he noted the extradition process had been used successfully in some cases.

When asked about encryption and the way it had been deployed by Apple, Google and other parties, it was noted the US government was still grappling with the issue. “The top threats to the privacy of users, right now, are crooks, spies, to lesser extent terrorists, unsafe business and places that are unregulated,” he said. “Part of that defence is making sure we have the best encryption and using it to protect the users of your system and what you value most… from those that would steal it or destroy it”.

Although encryption was seen as important tool for users and businesses, Carlin pointed out parties acting illegally are using it as a weapon. However, finding a balance where the rights of individuals for privacy and the needs to obtain data within an appropriate legal framework – Carlin noted court orders were required – was proving a challenge.

Debate around this in the US has focussed on the provision of a “backdoor” that would allow law enforcement to access encrypted data. The counter argument to this is rogue parties could exploit a backdoor. But Carlin was optimistic a technical solution could be found.

“The best minds in the world are here and are working on technical plans and coming up with things that seem like miracles people have talked about that we have now fifteen years ago. I’m confident that, at the end of the day, the best technical minds will figure something out”.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attackscyber criminalsEastern EuropeRSA Conference 2015John CarlinPresident Obama#RSACational Security Divisioncyberterrorism

More about AppleDepartment of JusticeGoogleQRSASony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts