Feeds

US: We'll drag cyber-spies into COURT from their hideouts

'And Iran to prosecute American programmers for Stuxnet?'

Top 5 reasons to deploy VMware with Tegile

The US Department of Justice has floated a plan to advance criminal prosecutions against cyber-spies.

This is after the department's agency, the Defense Security Service (DSS) reported* this week that the number of foreign cyberattacks aimed at snaffling US tech, intellectual property, trade secrets and classified information rose by 75 per cent in 2010-11.

Report after report has alleged that state-sponsored hackers from China are trying to steal intellectual property from US high-tech firms. China routinely denies this but nobody believes it and the truth is probably every other country with the capability is almost certainly at it.

Congressional reports decrying hacking from China and Russia combined with diplomatic offensives by the State Department have failed to have much effect on cyber-espionage attacks against defence contractors and others. Offensive cyber retaliation is legally fraught, especially if directed against countries with business and economic ties to the US. In the absence of any better idea, filing indictments seems to have become a popular option.

"We are having people look at bringing one of these cases, it’s there to be brought, and you’ll see a case brought,” John Carlin, the principal deputy assistant Attorney General in the Department of Justice’s national security division told Defense News.

Carlin added that up to 100 prosecutors are being specially trained in cyberespionage prosecution, under a programme dubbed the National Security Cyber Specialist, or NSCS, network. Individual hackers could be charged with offences in much the same way that conventional spies acting within a US territory can be charged with offences.

The big difference, of course, is that hacking attacks can be carried out anywhere in the world. Carlin said the DoJ may file indictments that name government officials or governments blamed for sponsoring hacking attacks. He added that indicting a government isn't unprecedented. He told the paper that in 2011, an Iranian Al Quds official was charged with conspiring to kill Saudi Arabia’s ambassador to the US. Even though there's no expectation that the case will be heard, such lawsuits can have a warning effect, the idea goes.

More plausibly Carlin suggested the most likely target for prosecution could be a foreign company that makes use of stolen technology.

“Whether it is a state-owned enterprise or a state-supported enterprise in China — if you can figure out and prove that they’ve committed the crime, charging the company means they can’t do business in the US, or in Europe,” Carlin told Defense News. “It affects their reputation and that then causes them to recalculate: 'Hey, is this worth it?’,” he added.

While the main responsibility for co-ordinated response to cyber attacks falls under the responsibility of the US Department of Homeland Security, the FBI and the DoD’s Cyber Command also have a role. The Defense Department is mainly tasked with defending military networks but can be drafted in to help address problems with civilian networks, in response to requests from US cabinet officers.

Reactions to the DoJ plan from cyber-security experts have been lukewarm. Richard Bejtlich, chief security officer at Mandiant, and a retired black hat instructor, commented: "What happens when the other side decides to prosecute US, etc?"

Mikko Hypponen, chief research officer at Finnish anti-virus firm F-Secure, added: "Next: Iran to prosecute US Contractors behind Stuxnet and Flame?" ®

Bootnote

Espionage may be frowned upon, but international agreements implicitly accept it as a natural political activity - and every country with the capability is engaged in it.

And, of course, cyberspying is often illegal in the "victim country" and legal in the "aggressor country" - and one man's filthy, underhand (cyber) spy is another man's brave fighting hero risking life and limb behind enemy lines (firewalls), to paraphrase Black Adder's General Melchett:

CAPTAIN DARLING: So you see, Blackadder, Field Marshall Haig is most anxious to eliminate all these German spies.

GENERAL MELCHETT: Filthy Hun weasels, fighting their dirty underhand war!

CAPTAIN DARLING: Fortunately, one of our spies...

GENERAL MELCHETT: Splendid fellows, brave heroes risking life and limb for Blighty!

* (Targeting US Technologies: A Trend Analysis of Reporting from Defense Industry/PDF)

Remote control for virtualized desktops

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.