The international cyber-security versus cyber-crime battle is gathering pace and what we’re seeing is the formation of international alliances to fight this rising scourge. However, the online world is unlike any other, it will take more than a defensive mindset to win this battle.
On 11 March in a US Department of Justice blog post by Assistant Attorney General for the Criminal Division, Leslie Caldwell, noted that the Obama Administration wanted existing laws to be updated to go further than the current capability for a civil injunction to be issued to stop the “ongoing commission of specified fraud crimes or illegal wiretapping, by authorising actions that prevent a continuing and substantial injury.”
Caldwell claims that civil injunction process played a “crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014” but is limited by current laws to certain fraud and illegal wiretapping, whilst also leaving botnets to “steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers.”
In an effort to increase powers against cyber-crime Caldwell states “the [Obama] Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware”).”
Redefining the current law to increase the Obama Administration’s power to tackle the scourge of botnets is a reasonable step to take because it will permit law enforcement to identify, infiltrate and ultimately take down the infrastructure used for cyber-crime.
The Electronic Frontier Foundation (EFF) is concerned that the amendment could overreach the original law’s intentions and that the Obama Administration needed to demonstrate how the current laws are failing in the fight against botnets.
Whilst the EFF is arguing against giving law enforcement unfettered powers that might impact on privacy and security, even the EFF must acknowledge that there is a need to find the right legislative balance to bring more criminals to justice, and this does not mean waiting for a crime to be committed before acting against infrastructure and systems that are obviously used with criminal intent.
To take an active response against cyber-threats there is a need to build the strategies and systems that will be employed, and there is a need for the legislative and regulatory environment to consider how an active response to cyber-threats will occur.
To sit back and adopt a defensive posture is ridiculous, regardless of the legal restrictions and technical limitations under which an active response would occur.
There is no doubt that [xref:http://globalriskinfo.com/2014/05/22/active-responses-to-cyberattacks-are-losing-propositions/|critics]] of an offensive posture have valid arguments when we consider the state of national readiness to deal with cyber-threats, and this extends to business and industry which continues to adopt a head in the sand approach rather than forming relationships with government intelligence and law enforcement agencies.
Most of the arguments against taking an active response are reasonable when you consider that most nations don’t have the fundamental tools and trained personnel necessary to achieve anything like a successful outcome.
The question of whether we should attempt to “hack the hackers” is naïve and gives the wrong impression of what an active response should entail.
There are those that argue that an active response could be illegal because it might impact on the privacy and security of the individuals and organisations that are often unwittingly assisting the cyber-criminals when their computers are turned into robots or ‘bots’.
This argument is nonsense because only a few nations have the legislative and regulatory framework necessary for cyber-events that include international participation from non-friendly nations.
For this reason there is nothing to prevent an active response action from gathering intelligence by targeting computers, infrastructure, finances and internet traffic that passes through unfriendly nations or nations that refuse to participate in reasonable law enforcement action against cyber-criminals.
First and foremost the goals of an active response include identification, isolation, infiltration, asset seizure and legal proceedings. This process should not include direct frontal assaults on the computing systems used by criminals as part of their activities as this is likely to warn the criminals that they’ve been identified.
Timely action to gain intelligence and take down criminal botnets enhances the opportunity to identify cyber-criminals that can then be asset stripped and hunted down so that they can be brought to justice.
Read more: Peeling back the darknet
It is important to understand that the prevalence of cyber-crime and cyber-security events is rising, and examples of the devastating outcomes are found everywhere today, even reaching into new areas—a recent cyber-attack caused massive damage to a blast furnace at a Germen steel mill (detailed in a report titled ‘The State of IT Security in Germany 2014’ by the German Government’s cyber-security authority Bundesamt für Sicherheit in der Informationstechnik).
Governments cannot sit back and adopt an approach that will leave a country unable to defend itself against cyber-security and cyber-crime events. To do so would be in itself an act that citizens should not forgive. There is a valid argument for an active response posture to be adopted because the world’s digital networks are a fluid battlefield that necessitates an innovative and broad multi-nation approach in the fight against cyber-security and cyber-crime events.
This article is brought to you by Enex TestLab, content directors for CSO Australia.