News Analysis

Cyber cops face legal and diplomatic hurdles

Ian Grant

The government's announcement last week that it will set up hacker teams to fight cyber attackers is the first public acknowledgment that crime on the internet is running out of control.

Robert Hannigan, the prime minister's security adviser, says the government can no longer rely on defensive measures alone to protect itself against cyber attacks, especially when it suspects that some attacks are sponsored by other governments.

The move coincides with a similar project in the US, where the US military plans a special unit to develop cyber-weapons to defend military networks and help safeguard civilian systems.

But the idea of launching counter attacks breaks new legal ground. In the past, UK law enforcement agencies have worked with the FBI on sting operations, such as Dark Market, which trapped hundreds of would-be hackers. Hannigan declined to speculate on other tactics that might be used.

Robert Carolina, a lawyer who has specialised in cyber law, says, "It was probably inevitable that governments would develop an offensive capacity in cyberspace." The problem is how the UK can do it without violating the Computer Misuse Act, he says.

Some practical steps, such as making firewalls query suspect servers in a reverse distributed denial of service attack would be illegal if those servers were on UK soil. Law enforcement officers would have to develop relationships with offshore jurisdictions that would permit such counter-attacks or even pre-emptive attacks, says Carolina.

Those are not the only problems. The government recognises that identifying a hostile attacker is difficult.

The problem, says penetration tester Peter Wood, is that most attackers hide behind networks of compromised PCs, known as botnets. These are sometimes made-up of thousands of PCs, usually home-based, that have been turned into "zombies" by malware collected while visiting compromised websites.

Wood says few people have the time or skills to protect their home PCs adequately. "There is nothing wrong with commercial anti-virus and firewalls, but they do not protect against internal threats such as Trojans. Most people would find it hard to set up a firewall that gave good protection."

Wood is concerned that retaliation could result in "collateral damage" to innocent computer users. But Philip Virgo, spokesman for Eurim, the parliamentary/industry group which has been lobbying for the government to take action against computer criminals, was more sanguine.

He says the world would tolerate "internet brown-outs" if some compromised servers were taken off the net to preserve its overall well-being. "This has been the elephant in the room. Now it is out in the open we can start to tackle it in earnest."

The new Cyber Security Operations Centre (CSOC) is to be housed at the government's electronic surveillance centre at GCHQ. Wood says he hopes it will provide the public with better information on how to do more to protect their home PCs, especially against sophisticated "blended attacks".

"And it's not just PCs," he says. "Apple and Linux machines are just as much at risk."

Website owners are also to blame. "Too many of them are sloppy [with security]," he says. This allows criminals to compromise them and then to infect unsuspecting visitors to the site.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy