UK and US prepare counter-attack against hackers

The US and UK governments are believed to be preparing attacks against hackers intent on stealing national and commercial secrets.


The US and UK governments are believed to be preparing attacks against hackers intent on stealing national and commercial secrets.

The Serious Organised Crime Agency (Soca) and the Police Central E-Crime Unit are preparing to attack and disrupt information-stealing activities from outside the UK, mainly in the Far East and China, The Guardian reported.

These attacks could include placing malware such as Trojans on offending computers and setting up denial of service counter-attacks on spying botnets.

The new policy, known as "Strikeback", is a result of an "explosion" in the number of surreptitious online searches for commercial or politically sensitive information, the paper said.

A spokeswoman for Soca said only that Soca used a range of techniques within the available legal frameworks, appropriate to each investigation. "We don't comment on the detailed use of individual tactical options," she said.

The directors of MI5 and GCHQ have warned of hacks on UK computers that were believed to be sponsored by China and Russia. Some 300 firms who run parts of the critical national infrastructure received a letter in late 2007, warning them to improve their computer security.

The UK has two computer early response teams that detect attacks and warn enterprises. But they are not offensive operations. As government spokesmen interviewed by The Guardian made clear, offensive action would need to be deniable for legal reasons. This meant the counter-attackers would have to outsource their action to maintain "deniability".

Two recent cases in the US highlight other difficulties with counter-attacks. The Federal Trade Commission had to go to court for an order to close down 3FN, a rogue internet service provider which it alleged was run for criminal purposes.

And ISPs Global Crossing and Hurricane Electric were persuaded to cut off the McColo website after companies it hosted, including botnets controlled by Srizbi and Rustock, were discovered to be responsible for half the spam on the internet. Spamhaus, which monitors spam traffic, reportedly finds 1.5 million computers infected with either Srizbi or Rustock sending spam in an average week.

Axel Pawlik, managing director of Ripe NCC, one of the world's five regional internet address registries, said it was very difficult technically to identify offending IP addresses to deregister them. Also, there was little to prevent the owner of an offending IP address to move the operation to another address instantly.

"It is like the postal service," he said. "You don't arrest the postman for delivering pornography, you go after the sender."

Effective action to close down criminal IP addresses required a level of diplomatic, legal and law enforcement cooperation that is still not in place, he said. But he was optimistic that forums such as the Internet Governance Forum would help to share understanding of practical solutions.

Read more on IT legislation and regulation