YOU ARE HERE: LAT HomeCollections
(Page 2 of 2)

A new brand of cyber security: hacking the hackers

Irvine start-up CrowdStrike is pioneering a confrontational approach to cyber security. It identifies hackers and uses their own techniques to prevent theft.

December 04, 2012|By Ken Dilanian, Los Angeles Times

"You don't want the Internet to resemble Somalia," said one cyber expert who did not want to be identified because it could jeopardize his friendships with CrowdStrike's founders.

Some experts believe CrowdStrike and other companies should be able to "hack back" by, for example, disabling servers that host cyber attacks, whether they are in the U.S. or abroad.

The Justice Department said hacking back may be illegal under the Computer Fraud and Abuse Act, a 1996 law that prohibits accessing a computer without authorization. Many lawyers liken it to the principle that a person can't legally break into his neighbor's house, even if he sees his stolen television in the neighbor's living room.

"We will not break the law, but there's a lot organizations can do behind their own firewall on their own networks to make life difficult for the adversary," Henry said.

Others, including Stewart Baker, former NSA general counsel, said the law does allow hacking back in self-defense. A company that saw its stolen data on a foreign server was allowed to retrieve it, Baker argued.

In the post 9/11 world, airline passengers would almost certainly tackle and restrain an unruly passenger who rushed the cockpit, and they wouldn't be charged with assault and kidnapping even though they technically had committed those offenses, said Steven Chabinsky, who retired this year as the FBI's top cyber lawyer and became CrowdStrike's chief risk officer.

But it's different when you are breaking into someone else's property, said Daimon Geopfert, a former Air Force cyber crimes investigator who now heads cyber security services for consulting firm McGladrey in Chicago.

Often, he said, servers that host cyber attacks belong to innocent third parties that have themselves been hacked. "It's not only legally wrong, it's morally wrong," he said.

Critics also worry that to the extent CrowdStrike runs offensive operations against hackers controlled by the Russian or the Chinese governments, it risks creating an international incident.

"Why isn't it an international incident when China steals our intellectual property?" Alperovitch said. "If the government would say, 'We're actually going to stand up to China,' that would be great; we'd go back to doing defense only. But they are not saying that."

Los Angeles Times Articles