Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director

Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.

View on China Needs to Change

[sycodon]

China is not really our friend in any sense.

They steal intellectual property

They use state subsidies and subpar working conditions to undercut our products

Their, "students" are usually tools of the Government.

While it is doubtful the US and China will ever engage in some kind of ground war, it is probably inevitable that some kind of air/sea conflict occurs. Given the tremendous economic entanglements, it will be a very bizarre conflict.

Re:View on China Needs to Change

[Virtucon]

You didn't mention the BGP attacks they've been conducting lately. They're a bad actor in terms of Internet trust and it's time to cut them off.

Better Idea

[alvinrod]

Instead of starting some kind of cyber war, why not have our guys act as white hats and target Anerican firms and government organizations. Find breaches and alert the concerned parties so they can get filled in.

It gives our guys practical experience and helps protect American citizens and businesses. It even affords a good job opportunity for the kind of mischievous minds that might otherwise cause some of that trouble.

Re:Right...

It's a good thing it's not possible for hackers to spoof their origin to make it look like it's their competitors doing the hacking.

Are you trying to claim China DOESN'T have an organized, state-sponsored dedicated cyberwarfare unit?

And that the intelligence and law envforcement agencies of the US, UK, Australia, Canada, and others can't track at least some of that unit's activities?

If you can't credibly claim all that, you're just an ignorant blowhard trying to confuse things.

Attack what exactly? Defense is what we need!

[Opportunist]

What do you want to attack? Want to steal back the trade secrets they got from us? How do you steal from someone who has nothing that you could possibly want? What kind of deterrent is it when you throw a nuke into a mostly void desert? It costs you a nuke and doesn't bother your enemy at all.

Instead get your defense up to speed! The itsec situation in most companies is atrocious. And I'm not talking about irrelevant mom'n'pop shops, we're talking large and very juicy targets for international criminal actors. If anything, the FBI should start treating sloppy IT security as what it is: A criminal offense.

But no, wait, we can't do that! Then our corporations would have to do something about their IT security! That could cut into their bottom line! No, let's instead wage a silly "cyber" war we can't win on taxpayer money. One silly, useless and unwinnable war that we get to foot the bill for more or less, who cares?

Re:And here is a different idea

[pr0fessor]

This goes right a long with governments that want to have back doors to fight terror and crime but somehow magically it's only going to work for them and the bad guys will never be able to use it against us.

In the end we have aloud the uninitiated to set policies for something they don't understand and the resulting mess is going to be hard to clean up.

White hat here - lol no. Cops breaking in doesn't

[raymorris]

Finding vulnerabilities and warning the vulnerable companies is what I do for a living. What we do is in no way a substitute for deterrence.

Instead of putting muggers in jail, why don't our good guys try mugging people and alert victims that they're vulnerable?

Instead of killing bin Laden, why don't our good guys just ram planes into all the buildings and then we'll know which buildings are vulnerable?

Having cops break into the people's houses won't make burglary stop.

The main benefit of vulnerability assessment, what I do for a living, is that when we make Lockheed Martin a more difficult target, the attackers focus more on Northrop Grumman, because it's an easier target. That's an advantage to Lockheed.

We will never come anywhere close to making our county impenetrable. If we magically did, which would require a police state, two days Microsoft would release a new version of some software and we'd all be vulnerable again. Every time somebody installs anything connected to a network, there are opportunities for it to be configured poorly, and that happens a million times a day. We will never be secure. We can only make YOU a harder target than your neighbor.

"Instead of starting a cyber war" - LOL! We're *in" a cyber war. Pur adversaries spend billions of dollars every year attacking us, and we're losing. Ignoring it and pretending it's not happening won't make it go away. The way to make a country (or a person) stop attacking you is to make it hurt them to continue, to exact a high price. If someone is swinging a knife at me, knowing I'm vulnerable doesn't solve the problem. You stop their attack by shooting them. That's what solar the problem.