“Hacked Firms Quietly Talk About Fighting Fire With Fire”
The Washington Post, October 10, 2014, p.A1
“The recent rash of cyberattacks on major U.S. companies has highlighted the scant options available to the victims, who often can do little more than hunker down, endure the bad publicity and harden their defenses in hopes of thwarting the next assault. But behind the scenes, talk among company officials increasingly turns to an idea once considered so reckless that few would admit to even considering it: Going on the offensive. Or, in the parlance of cybersecurity consultants, ‘hacking back.’ The mere mention of it within cybersecurity circles can prompt a lecture about the many risks, starting with the fact that most forms of hacking back are illegal and ending with warnings that retaliating could spark full-scale cyberwar, with collateral damage across the Internet. Yet the idea of hacking back — some prefer the more genteel-sounding ‘active defense’ — has gradually gained currency as frustration grows about the inability of the government to stem lawlessness in cyberspace, experts say. The list of possible countermeasures also has grown more refined, less about punishing attackers than keeping them from profiting from their crimes. … A popular metaphor in these discussions is the exploding dye pack that bank tellers sometimes slip into bags of cash during old-fashioned bank robberies. The cyberspace equivalent, called a ‘beacon,’ potentially could be attached to sensitive data, making it easier to both spot the stolen loot and determine who spirited it away across the Internet. Other ideas include tricking hackers into stealing a fake set of sensitive data, then tracking its movements across cyberspace.”
Quickie Analysis: Interesting look at how private cybersecurity might evolve into a less reactive and more proactive function.