US retaliation strategy against hackers

The year started very difficult for the U.S. government, its networks have been constantly hit by hackers that for different reasons have tried to steal sensitive information and intelligence secrets.

The principal menaces against US come from state-sponsored hackers and hacktivists, in the last months we have read of many cyber attacks, mainly for cyber espionage purpose,  that involved also US infrastructures and offices.

The US governments is facing with one of the most aggressive cyber campaign against its cyber resources, and exactly as any other countries is working to definition of a series of countermeasure to mitigate the risks related cyber threats.

As anticipated the attacks aren’t exclusively political motivated, hacker group Anonymous represents a constant menace to its systems, the collective recently proved that gained access to State Department’s website and its database during Operation Last Resort and probably it will not be the only one.

The group exposed personal information of State Department consular and staff members to protest against US authorities being allegedly responsible for the suicide of young internet activist Aaron Swartz.

Anonymous has also announced that has possession of key codes to unlock encrypted files named after the nine Supreme Court justices, they were widely distributed January 25 when Anonymous hacked the US Sentencing Commission website , which allegedly contain highly sensitive government information.

Is clear that this type of attacks are a great menace for the government that need to reinforce its cyber security and to find the way to persecute every cyber actors that violate its cyberspace.

We are in the middle of a cyberwar which is going on between multiple actors, in which the actors are mixed and there aren’t clear rule of engage. Every governments despite global economic crisis is investing in both defense and offense sectors, most active countries are China, U.S., Israel, Iran, North Korea and Russia which are pushing militarization of cyberspace.

The espionage is become cyber espionage and instead of explicit attacks many countries prefer to explore to cause sensible damage to adversary hitting its critical infrastructures using a cyber weapon.

In recent weeks  Obama has signed an Executive Order on cyber security to define a set of actions required to contain “growing threat from cyber-attacks”. The order extends  the concept of cyber threats including acts such as “website defacement, espionage, theft of intellectual property, denial of service attacks, and destructive malware,”, obviously any operations of hacktivism is also  considered as an attacks against government assets.

During RSA conference on Thursday, Feb. 28 by White House Cybersecurity Coordinator Michael Daniel announced that U.S. government is considering other measures such as  visa restrictions and financial sanctions against hackers or governments that might hack national networks.

It’s first time specific retaliation methods have been mentioned by the White House,  is difficult to imagine how the government can take legal action against hackers operating in the country, but especially for those who attack US from the outside.

“It’s really a question that we’re still debating and debating vigorously, and we need to debate within the government and as a society,” “What I can say is that once we decide a federal response is warranted though, there’s still a broad spectrum of actions we could take.”

While the government studies how to implement its retaliation strategy, one after another U.S. IT giants (Apple, Microsoft, Facebook, Twitter) have fallen under cyber attacks of yet unidentified hackers, due this reason US will employ military action to respond to further hacks.

Principal security firms consider Chinese state sponsored hackers responsible for the attacks, Chinese cyber units are accused of conduct  “thousands” attacks daily, Governments need to further strengthen its infrastructures and to act also on diplomatic way to hack to foreign governments such us China to monitor hacking activities that offend US.

[this may include the U.S. leveraging its diplomatic powers to] “push countries to crack down on hacking activities from within their borders.” Daniel said.

Despite US intentions are clear their realization is very hard and delicate under diplomatic point of view with meaningful implications, retaliating against foreign hackers it’s difficult and must be done with due care are as reiterated by Daniels.

“The risk of missed attribution, missed calculation and escalation in cyberspace are very real,” “As a government, any action we take in cyberspace must be considered against its possible foreign policy implications and our desire to establish international norms of acceptable behavior in cyberspace.”

The road is steep, full of difficulties and it is interesting to study how the U.S. Government intends to follow it and what will be the repercussions.

Pierluigi Paganini

(Security Affairs – Cyber security)