US ‘Should Consider Hacking Back’ To Recover Billions From China Cyber Spies

IP theft is costing US billions so hacking back might help alleviate the losses, ex-US government officials claim

Yet more claims have emerged from the US that China’s cyber spies are stealing intellectual property worth billions from American businesses, as former government officials said the US should let affected companies hack back.

A report from the Commission on the Theft of American Intellectual Property has called for support for “American companies and technology that can both identify and recover IP stolen through cyber means”.

The Commission is co-chaired by Dennis Blair, President Obama’s former director of national intelligence, and includes technology executives, such as ex-Intel CEO Craig Barrett.

“Without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information,” the report read.

“While not currently permitted under US law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilise a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorised network.

“Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken.

China © Stephen Finn, Shutterstock 2012

“Almost all the advantages are on the side of the hacker; the current situation is not sustainable… entirely defensive measures are likely to continue to become increasingly expensive and decreasingly effective.”

The European Commission has also been called on by US security companies, McAfee and Symantec, to open discussions about hacking back too. But it appears to be unwilling to talk about so-called “offensive security”.

The Dutch are currently debating a bill that would give greater powers to law enforcement to hack suspected criminal infrastructure, even where servers are based abroad.

Blame China cyber spies

In general, the scale of IP theft affecting US firms is “unprecedented”, according to the Commission. The Commission said over $300 billion (£199bn) was likely being lost every year because of IP theft, with between 50 and 80 percent of it stolen by Chinese sources.

Tellingly, however, the report admits the “exact figure is unknowable”. It based the $300 billion figure on a comment from 2010 from commander of the US Cyber Command and director of the National Security Agency, General Keith Alexander, so it has not carried out its own data-based research.

Just yesterday, TechWeekEurope reported on how the UK government backs reports that make erroneous use of data to exaggerate the cost of cyber crime.

But the report contains more tough rhetoric from the US, which is increasingly frustrated by Chinese cyber spies’ hacking of US businesses, allegations the Asian country has refuted.

In April, US security supplier Verizon said China was behind 96 percent of cyber espionage campaigns the firm had seen over the last year. It said 19 percent appeared to have been sponsored by the Chinese government.

“National industrial policy goals in China encourage IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice,” the report reads.

“China’s approach to IPR is evolving too slowly. The improvements over the years have not produced meaningful protection for American IP, nor is there evidence that substantial improvement is imminent. Indeed, cyber attacks are increasing.

“Network attacks, together with other forms of IP attacks, are doing great damage to the United States, and constitute an issue of the first order in US-China relations.”

The report called on top US officials to push China “beyond a policy of indigenous innovation toward becoming a self-innovating economy”, and to set up IP “centres of excellence” on a regional basis within China and other “priority countries”.

The report names other culprit nations in addition to China. “Russia, India, and other countries constitute important actors in a worldwide challenge. Many issues are the same: poor legal environments for IPR [intellectual property rights], protectionist industrial policies, and a sense that IP theft is justified by a playing field that benefits developed countries.”

What do you know about Internet security? Find out with our quiz!