Fighting back in cybercrime

Last year I discussed the economics of spam and suggested:

Seen in that light perhaps we should see [spam] as criminal entrepreneurship. What is great about that is we know a lot about how to encourage entrepreneurship and innovation and so to deal with spam we just need to throw that into reverse. Countermeasures make spamming costly. If spammers had great alternative opportunities — this time Wall Street may actually help in an appropriate allocation of talent — criminal entrepreneurship would be reduced. Maybe the whole mobile app revolution has already had this impact.

Finally, counter-attacks might reduce spam returns. A few years back I contacted Yahoo and Google with an idea to counter spammers. What if for each spam email that they picked up, they responded — perhaps entering details into phishing forms? This would overwhelm spammers and they would not be able to find ‘legitimate’ responses from the gullible few. That would really alter their returns. Unfortunately, it was explained to me that such a measure would constitute an attack by a US corporation and, apparently, that is against US law.

Today, the Wall Street Journal considers the ‘fight back’ option with respect to cyber-theft.

As companies weather a spate of high-profile computer attacks, support is growing for an option that for now is probably illegal: fighting back.

The Justice Department has long held that if a company accesses another party’s computer network without permission, for whatever purpose, it is breaking the law.

But the idea of allowing the private sector to retaliate against hackers, euphemistically known as “hacking back,” has gained momentum as U.S. companies wake up to the pervasive threat of cybercrime.

A commission led by Dennis C. Blair, President Barack Obama’s first director of national intelligence, and Jon M. Huntsman Jr., the former U.S. ambassador to China, said last month that “without damaging the intruder’s own network, companies that experience cybertheft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.”

Apparently, there seems little traction for this in Congress. The issues are complex because you are permitting use of a weapon and, let’s face it, private law enforcement isn’t what we regard as good practice. That said, there is an issue as to whether some form of response — and rapid response — may assist. This would require a careful public-private effort that certainly looks worth investigating.

[HT: Jay Zagorsky]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s