Hackers outside US will be financially punished after United States launches a cyber sanctions program
The fightback by authorities against individual hackers and hacking collectives is growing, with the US launching a punishment scheme usually reserved for terrorist organisations and rogue states.
The US sanctions program is the first time ever that sanctions will be used to financially punish individuals and groups outside the United States who are involved with malicious cyber attacks.
The American President Barack Obama, created the new sanctions scheme after he signed an executive order, declared such activities a “national emergency”.
By doing so, the US Treasury now has the power to freeze assets and bar other financial transactions of entities engaged in cyber attacks. This means that hackers who conduct commercial espionage in cyberspace can now be listed on the official sanctions list of specially designated nationals.
The decision by the Obama administration to target hackers with financial sanctions is a sign of the throwing threat cyber attacks pose to the American economy, as well as the scale of attacks nowadays. Recent damaging cyber attacks have hit Sony Pictures Entertainment, Home Depot, as well as a number of major US healthcare organisations, to name but a few recent victims.
“Cyber threats are at the top of the President’s list of security concerns,” wrote Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, on the White House website.
“This new executive order is specifically designed to be used to go after the most significant malicious cyber actors we face,” wrote Monaco. “It is not a tool that we will use every day. Law-abiding companies have absolutely nothing to worry about; for them, it’s business as usual.”
“We will never use it to try to silence free expression online or curb Internet freedom. Nor will this authority be used to go after legitimate cybersecurity researchers or innocent victims whose computers are compromised,” wrote Monaco. “It is designed to be used in conjunction with our other authorities – including law enforcement and diplomatic efforts – to help deter and disrupt the worst of the cyber threats that we face.”
“The increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” said President Obama.
Meanwhile at least one security expert has labelled the American sanctions scheme as a “very big deal”.
“Today the White House is making yet another huge leap forward in the effort to raise the cost to our cyber adversaries and establish a more effective deterrent framework to punish actors engaged in serious intentional destructive or disruptive attacks that present a threat to national or economic security, as well as anyone engaged in economic espionage for commercial benefit or theft of financial information on a massive scale,” wrote Dmitri Alperovitch, co-founder and CTO of the cyber security firm Crowdstrike on the company’s blog.
“While it remains to be seen how often these powers are used by the US government and who might end up on the receiving end of these sanctions, I cannot understate the momentous impact of this action,” Alperovitch wrote.
Last May for example, the US took the unprecedented step of filing criminal indictments against members of Unit 61398 of the Chinese People’s Liberation Army (PLA).
China has denied those charges, and said that it is America that is guilty of carrying out massive cyber espionage campaigns against Chinese firms.
Are you a security pro? Try our quiz!