Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security experts caution against corporate hack-backs

James Hutchinson and Christopher Joye (via AFR) | July 30, 2013
Security experts have warned private companies not to retaliate against cyber attackers, amid fears conflicts could escalate without government involvement.

"I personally would not be into a self-retaliatory process. I just don't see how you could control the consequences of your actions," he said. "Some criminals will just push and push and push. It's like the door with five locks and the door with no locks."

Mr Randall pointed to a 2007 letter sent by then director-general of ­Britain's MI5 national security force, Jonathan Evans, to 300 private companies as evidence of attempts by government authorities to warn the private sector of their potential weakness to cyber attacks, particularly those allegedly sponsored by states like China.

Authorities have stepped up those warnings in recent months.

The Financial Review revealed in January that ASIO director-general David Irvine had similarly met with local chief executives to notify them of potential weaknesses.

The government also announced a new reporting network on Monday in a bid to collect more information on potential threats.

In February, US President Barack Obama issued an executive order directing authorities to share unclassified intelligence identifying companies as potential targets.

"Law enforcement is definitely stepping up the game globally to do that," said Greg Clark, chief executive of ­security firm Blue Coat.

Mr Clark said he knew of financial services companies deliberately leaving false or misleading information for would-be attackers to take.

He had similarly directed parts of his company to work without internet ­connections to prevent theft of sensitive data.

But he argued many companies lacked the forensic data to help governments in any meaningful way, or the expertise to undertake sophisticated attempts at halting attacks.

"For normal, everyday organised crime, it's definitely intriguing to make it more expensive for them to be successful - give them bad information, bad credit cards, put honeypots out there that are going to work, that kind of thing - all of those methods are in some case being deployed," he said.

"Really I think the right way to think about it is, when it becomes too expensive and too risky, it'll quiet down, but in order to do that they have to have a solid fear that they'll get caught.

"If you come back to the middle of the boat, the Fortune 10,000, it's expensive to do that," he said.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.