430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts believe US Cyber Command it the only entity that can carry out ‘hack backs’

The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector. The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military’s hacking unit should hit […]

Command Center

Analysts prepare for the Cyber Storm III, a three-to four-day drill at the National Cybersecurity & Communications Integration Center (NCCIC) just outside Washington, DC in Arlington, Virginia, September 24, 2010. The United States is launching its first test of a new blueprint for responding to an enemy cyber blitz, including any aimed at vital services […]

The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector.

The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military’s hacking unit should hit back, this is what three experts said at a panel organized by APCO.

The three experts with experience in the private sector, intelligence community and military, agreed that the private organization victims of cyber attacks have to delegate the response against the attackers to the US Cyber Command.

“I think if it’s going to happen, it’s best in the hands of the government,” said Sean Weppner, chief strategy officer at NISOS Group and a former DOD cyber officer.

The experts highlighted that private companies have no intelligence abilities to attribute the attacks to a specific threat actor and have no specific offensive capabilities to conduct hack backs.

Private companies not only have no capabilities to conduct hack backs, they are not legally authorized to do it.

“The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector, and when appropriate, the military’s hacking unit should hit back, three experts said Monday.reported CyberScoop.

“The controversial idea entails taking the fight to nefarious actors by attacking their computer network in-kind, probing for exfiltrated data and employing measures to retrieve or destroy stolen information.”

Alex Bolling, the former chief of operations at the CIA’s Information Operations Center, approached the problem of cyber attacks against critical infrastructure that in most of the cases are owned by private entities.

The response of attacks against critical infrastructure operated by private organizations must be delegated to the US Government.

In the majority of the cases, attacks against critical infrastructure are powered by persistent attackers and for this reason, a response requests specific cyber skills and the US CYBERCOM has them.

Speaking of the CYBERCOM Bolling said it is the “agency that is best resourced to respond to threats to [U.S.] national interests…[and] critical infrastructure in the energy, finance and wider commercial space,” 

Hack backs the Air Force

Private companies cannot carry out hack backs if we want to avoid a digital far west. A private company that decides to target its attackers is anyway a serious threat to the overall digital community.

“For one, companies venturing out into foreign networks would run the risk of disrupting existing U.S. intelligence or military operations.” continues CyberScoop.

According to Edward Amoroso, CEO of Tag Cyber, the US CYBERCOM should isolate the specific target to hit and attack it limiting the risk of any collateral damage.

“I’d like to think there’s a lot of human intelligence and spy-craft that provides a really good view” to the government, said Amoroso.

Experts warn of the risk of hack back non-responsible party due to a wrong attribution of the attack.

Of course, every threat must be properly approached especially the ones that daily target the U.S. private sector. The three experts urge a proper cyber hygiene to mitigate the risks of cyber attacks and limit the necessity to carry out hack backs.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – hack backs, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]