Just recently, nCircle conducted a survey of 181 IT security professionals at Blackhat’s annual conference.
That survey found that 36 percent of those surveyed admitted to returning cyber fire. That is out-right retaliatory hacking! But that should not be a surprise to anyone involved in this area.
Back in 2010 I brought this issue to light and based on the stats coming from Blackhat it has continued to grow in frequency. During a presentation back then I was asked if the 2nd Amendment gave private citizens and private companies the right to bear cyber-arms and if someone or some business was attacked, do they have the right to return cyber-fire in self defense. Now add in the UN’s recently proposed conventional Arms Treaty that I covered here a few weeks ago.
In fact in 2011 during an investigation a specific retaliatory strike came to light. It took place in the financial services sector that had some potential international implications that would be significant if the country that was the target of the retaliatory strike uncovered this incident. This was at a level that federal authorities were contacted and alerted to the incident. The attack traffic experienced by the financial services organization was most likely routed through a compromised server in that foreign country and was an unwilling participant in the cyber attack.
One subject matter expert called cyber space “the wild West.” I am sure we all know what that means. Could a retaliatory cyber strike from an individual or private business trigger a cyber exchange between countries? Could an event like this cause an escalation in tensions between two nation states? The answer is yes, it is a clear possibility!
The right of cyber self defense is a complex issue that has yet to be decided in a court of law. At the heart of this issue is the right to bare cyber arms and use them in self defense to protect your computer assets. It is easy to see where this is leading – to the Supreme Court and to the International Court of Justice. Let’s all hope that General Alexander’s, who also heads the U.S. Cyber Command, comment (asking hackers for their help) at DefCon, is not misinterpreted and the retaliatory strikes escalate.