Panel: Use Hack-Back to Mitigate IP Theft

Chinese Blamed for More than Half of Intellectual Property Theft
Panel: Use Hack-Back to Mitigate IP Theft

A variation of hack-back - in which a victim of a cyber-attack assaults the assailant's computer or network - could be used to mitigate the theft of intellectual property. That's one of the takeaways of a just-released report from the Commission on the Theft of American Intellectual Property, a private group.

See Also: Deception-Based Threat Detection: Shifting Power to the Defenders

A major recommendation of the report, issued May 22, is that the federal government and business impose economic penalties against those accused of profiting from pilfered intellectual property. But the commission - co-chaired by former U.S. ambassador to China Jon Huntsman and former National Intelligence Director Dennis Blair - also suggests that the government be supportive of American companies that can identify and recover pilfered intellectual property through cyber means. Simply, the victims break into their assailants' computers to recover their intellectual property or disable it.

"Without damaging the intruder's own network, companies that experience cybertheft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information," the report says.

***

See Legal Merits of Hack-Back Strategy and To Hack-Back or Not?

***
The report, which blames the vast majority of intellectual property theft on the Chinese, points out there are increasing calls to create a more permissive environment for active network defense that allows companies to aggressively retrieve stolen information, alter it within the intruder's network or destroy the information within an unauthorized network. The commissioners says they disapprove of additional measures that would include photographing hackers using their own systems' camera, implanting malware in hackers' networks or even physically disabling or destroying hackers' own computer or networks.

Collateral Damage Concerns

"Part of the basis for this bias against 'offensive cyber' in the law includes the potential for collateral damage on the Internet," the report says. "An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network systems of an innocent third party."

The commission doesn't recommend specific revisions to the law, at least not now. But, the report says, "informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken."

Most of the commission's recommendations do not deal with cybersecurity, but it recommends:

  • Implementing prudent vulnerability-mitigation measures to provide a summary of the security activities that ought to be undertaken by companies. "Activities such as network surveillance, sequestering of critical information and the use of redundant firewalls are proven and effective vulnerability-mitigation measures," the report says.
  • Reconciling necessary changes in the law with a changing technical environment. Technology and law must be developed to implement a range of more aggressive measures that identify and penalize illegal intruders into proprietary networks, but do not cause damage to third parties. "Only when the danger of hacking into a company's network and exfiltrating trade secrets exceeds the rewards will such theft be reduced from a threat to a nuisance," the report says.

Chinese Policy Encourages IP Theft

The report says the vast majority of intellectual property theft emanates from China, which its authors contend accounts for 50 percent to 80 percent of the problem. They see China's national industrial policy goals as encouraging intellectual property theft, adding that an extraordinary number of Chinese in business and government entities engage in this practice.

There are also weaknesses and biases in the Chinese legal and patent systems that lessen the protection of foreign intellectual property. In addition, the report says, other policies weaken intellectual property rights, from requiring technology standards that favor domestic suppliers to leveraging access to the Chinese market for foreign companies' technologies.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.