Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director

Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.

And here is a different idea

[gweihir]

Maybe have IT security that is not cheapest possible, but actually works? That would also have the advantage that China may actually be stopped. "Hacking back" is still the most stupid idea possible in this space. But especially for China, has this person forgotten that the Chinese have their whole country behind a big firewall?

Re:View on China Needs to Change

[Virtucon]

You didn't mention the BGP attacks they've been conducting lately. They're a bad actor in terms of Internet trust and it's time to cut them off.

Re:Right...

It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.

Are you trying to claim China DOESN'T have an organized, state-sponsored dedicated cyberwarfare unit?

And that the intelligence and law envforcement agencies of the US, UK, Australia, Canada, and others can't track at least some of that unit's activities?

If you can't credibly claim all that, you're just an ignorant blowhard trying to confuse things.

White hat here - lol no. Cops breaking in doesn't

[raymorris]

Finding vulnerabilities and warning the vulnerable companies is what I do for a living. What we do is in no way a substitute for deterrence.

Instead of putting muggers in jail, why don't our good guys try mugging people and alert victims that they're vulnerable?

Instead of killing bin Laden, why don't our good guys just ram planes into all the buildings and then we'll know which buildings are vulnerable?

Having cops break into the people's houses won't make burglary stop.

The main benefit of vulnerability assessment, what I do for a living, is that when we make Lockheed Martin a more difficult target, the attackers focus more on Northrop Grumman, because it's an easier target. That's an advantage to Lockheed.

We will never come anywhere close to making our county impenetrable. If we magically did, which would require a police state, two days Microsoft would release a new version of some software and we'd all be vulnerable again. Every time somebody installs anything connected to a network, there are opportunities for it to be configured poorly, and that happens a million times a day. We will never be secure. We can only make YOU a harder target than your neighbor.

"Instead of starting a cyber war" - LOL! We're *in" a cyber war. Pur adversaries spend billions of dollars every year attacking us, and we're losing. Ignoring it and pretending it's not happening won't make it go away. The way to make a country (or a person) stop attacking you is to make it hurt them to continue, to exact a high price. If someone is swinging a knife at me, knowing I'm vulnerable doesn't solve the problem. You stop their attack by shooting them. That's what solar the problem.