The US and UK governments are believed to be preparing
attacks against hackers intent on stealing national and commercial
secrets.
The Serious Organised Crime
Agency (Soca) and the
Police Central
E-Crime Unit are preparing to attack and disrupt
information-stealing activities from outside the UK, mainly in the
Far East and China,
The Guardian reported.
These attacks could include placing malware such as Trojans on
offending computers and setting up denial of service
counter-attacks on spying botnets.
The new policy, known as "Strikeback", is a result of an
"explosion" in the number of surreptitious online searches for
commercial or politically sensitive information, the paper
said.
A spokeswoman for Soca said only that Soca used a range of
techniques within the available legal frameworks, appropriate to
each investigation. "We don't comment on the detailed use of
individual tactical options," she said.
The directors of MI5 and GCHQ have warned of hacks on UK
computers that were believed to be sponsored by China and Russia.
Some 300 firms who run parts of the critical national
infrastructure
received a letter in late 2007, warning them to improve their
computer security.
The UK has two computer early response teams that detect attacks
and warn enterprises. But they are not offensive operations. As
government spokesmen interviewed by The Guardian made clear,
offensive action would need to be deniable for legal reasons. This
meant the counter-attackers would have to outsource their action to
maintain "deniability".
Two recent cases in the US highlight other difficulties with
counter-attacks. The Federal Trade Commission had to go to court
for an
order to close down 3FN, a rogue internet service provider
which it alleged was run for criminal purposes.
And ISPs Global Crossing and Hurricane Electric were persuaded
to cut off the McColo
website after companies it hosted, including botnets controlled
by Srizbi and Rustock, were discovered to be responsible for half
the spam on the internet. Spamhaus, which monitors spam traffic,
reportedly finds 1.5 million computers infected with either Srizbi
or Rustock sending spam in an average week.
Axel Pawlik, managing director of
Ripe NCC, one of the world's
five regional internet address registries, said it was very
difficult technically to identify offending IP addresses to
deregister them. Also, there was little to prevent the owner of an
offending IP address to move the operation to another address
instantly.
"It is like the postal service," he said. "You don't arrest the
postman for delivering pornography, you go after the sender."
Effective action to close down criminal IP addresses required a
level of diplomatic, legal and law enforcement cooperation that is
still not in place, he said. But he was optimistic that forums such
as the Internet Governance Forum would help to share understanding
of practical solutions.