No More Mr Nice Guy?

Security analysts believe the US should clarify the repercussions of cyberattacks following sustained hacks from China.  It is also believed that the Chinese attacks are carried out by as few as 12 groups directed, for the most part, by the Chinese government. During the cyberattacks, the Chinese groups have stolen billions of dollars' worth of intellectual property and information from US companies and government agencies, according to online security experts.

Thanks to advances in technologies and increasing knowledge amongst experts, more cybercriminals are being identified by their ‘digital fingerprint’. The distinguishing characteristics of each attack is monitored by US experts enabling them to link individuals to particular groups of hackers, and sometimes where they are, or who they are. These techniques have, according to US security experts, shown an intensifying pattern. This escalating issue has sparked the recent concern amongst industry experts. As James Cartwright, a retired Marine general and former vice chairman of the Joint Chiefs of Staff puts it, "If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me."

The problems the US has in confronting the issue are the same as any other country has: firstly it is very hard to prove exactly who carried out the attack, and secondly both countries must have mutual agreements on such a situation. Mr Cartwright went on to say that the US "needs to say, 'if you come after me, I'm going to find you, I'm going to do something about it.' It will be proportional, but I'm going to do something ... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you."

The question is, how should the US proceed? Due to the nature of what is being stolen, the response is pretty much unanimous from  US government campaigners: a clear and firm message must be sent to those breaking the law. Online security specialist, Tero Pollanen, agrees Cartwright that "the US needs a clear policy on dealing with cyber attacks, and the countries through which the attacks are routed. This way, when an attck is apparent, the US can request the country to stop the attack. If the request is refused, the US then has the right to stop the computer server from sending the attack. "

The problem is, he goes on, "there is no international police force. Enforcing laws in another territory is always going to be tricky to manage."

This article is by Tero Pollanen; an online security and fraud prevention specialist. For the latest online security and financial news, tips and more, check out his blog: http://tero-pollanen.blogspot.com/