US ‘Should Consider Hacking Back’ To Recover Billions From China Cyber Spies

Yet more claims have emerged from the US that China’s cyber spies are stealing intellectual property worth billions from American businesses, as former government officials said the US should let affected companies hack back.

A report from the Commission on the Theft of American Intellectual Property has called for support for “American companies and technology that can both identify and recover IP stolen through cyber means”.

The Commission is co-chaired by Dennis Blair, President Obama’s former director of national intelligence, and includes technology executives, such as ex-Intel CEO Craig Barrett.

“Without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information,” the report read.

“While not currently permitted under US law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilise a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorised network.

“Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken.

“Almost all the advantages are on the side of the hacker; the current situation is not sustainableentirely defensive measures are likely to continue to become increasingly expensive and decreasingly effective.”

The European Commission has also been called on by US security companies, McAfee and Symantec, to open discussions about hacking back too. But it appears to be unwilling to talk about so-called “offensive security”.

The Dutch are currently debating a bill that would give greater powers to law enforcement to hack suspected criminal infrastructure, even where servers are based abroad.

Blame China cyber spies

In general, the scale of IP theft affecting US firms is “unprecedented”, according to the Commission. The Commission said over $300 billion (£199bn) was likely being lost every year because of IP theft, with between 50 and 80 percent of it stolen by Chinese sources.

Tellingly, however, the report admits the “exact figure is unknowable”. It based the $300 billion figure on a comment from 2010 from commander of the US Cyber Command and director of the National Security Agency, General Keith Alexander, so it has not carried out its own data-based research.

Just yesterday, TechWeekEurope reported on how the UK government backs reports that make erroneous use of data to exaggerate the cost of cyber crime.

But the report contains more tough rhetoric from the US, which is increasingly frustrated by Chinese cyber spies’ hacking of US businesses, allegations the Asian country has refuted.

In April, US security supplier Verizon said China was behind 96 percent of cyber espionage campaigns the firm had seen over the last year. It said 19 percent appeared to have been sponsored by the Chinese government.

“National industrial policy goals in China encourage IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice,” the report reads.

“China’s approach to IPR is evolving too slowly. The improvements over the years have not produced meaningful protection for American IP, nor is there evidence that substantial improvement is imminent. Indeed, cyber attacks are increasing.

“Network attacks, together with other forms of IP attacks, are doing great damage to the United States, and constitute an issue of the first order in US-China relations.”

The report called on top US officials to push China “beyond a policy of indigenous innovation toward becoming a self-innovating economy”, and to set up IP “centres of excellence” on a regional basis within China and other “priority countries”.

The report names other culprit nations in addition to China. “Russia, India, and other countries constitute important actors in a worldwide challenge. Many issues are the same: poor legal environments for IPR [intellectual property rights], protectionist industrial policies, and a sense that IP theft is justified by a playing field that benefits developed countries.”

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

3 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

4 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

4 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

4 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

5 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

5 hours ago