When you are being bullied, your first reaction may be to fight back. In the online world, can the victim of the attack take the same countermeasures?
the answer is negative. At present, most countries have not formulated relevant laws to support enterprises or organizations to launch counterattacks against hackers. "Prohibiting anyone from hacking into other people's computers without authorization" is the consensus of almost all national laws, which means that counterattacking hackers is just like hacking, and it is also an illegal act. In other words, you can close the door, but you can't open the door of someone else's house, regardless of whether there is a criminal organization behind the door.
Does it sound fantastic? In real life, as long as the procedures are legal, the police can choose to break in and arrest criminals, but this is absolutely not the case in cyberspace. The difficulty in realizing "catch you along the network cable" lies in legality, not technicality.
Perhaps it is precisely because the offense and defense are in an asymmetrical position that global cyber attacks are intensifying. In 2022 alone, the number of global cyber-attacks will increase by 38%, causing substantial business losses, including financial and reputational damage. Even more so with ransomware attacks.
Sangfor released the "2022 Ransomware Situation Analysis Report", pointing out that with the maturity of the RaaS (Ransomware as a Service) model, the threshold for ransomware attacks is getting lower and lower, and more and more unskilled people can join in ransomware attacks In the industry, and the probability of successful attacks is getting higher and higher, the data can be restored through analysis and decryption is becoming less and less. Attackers no longer simply encrypt data, and more blackmail attacks begin to steal sensitive data from victims, and hang it on their own "official website" for double blackmail to obtain greater profits.
As cyber attacks have become more and more rampant in recent years, the call for legalization of counter-hackers has become increasingly strong. Recently, Australia, which has been deeply troubled by cyber attacks, announced that it will adopt government-level measures to counterattack hackers who target organizations in the country, which has aroused industry concerns. Space brings more risk and chaos?
declare war on hackers
On November 12, 2022, Australian Prime Minister Anthony Albanes announced a joint initiative of the Australian Federal Police and the Australian Signals Directorate to "investigate, target and disrupt cybercriminal groups, prioritizing ransomware threat groups" .
The reason why the Australian government made such a decision is largely related to the two major cyber attacks against the country. In September 2022, the Australian telecommunications giant Optus exposed sensitive data of nearly 10 million users due to a ransom attack, and was extorted for a ransom of US$1 million; and only one month later, hackers attacked the Australian health insurance company Medibank, all of its 390 Millions of users' data were compromised. According to statistics, the number of people affected by the two incidents exceeded one-third of the total population of Australia, causing serious social impact, especially after Medibank refused to pay the demanded $10 million ransom, hackers leaked records including abortion The medical records of the medical records have aroused strong anger and concern in the society.
From this point of view, the counterattack against hackers is to a certain extent an act that complies with public opinion in Australia, and the government will give priority to those hacker organizations that pose a major threat to national interests. According to the British "Guardian" citing Australia's Minister of the Interior and Cyber Security, Claire O'Neill, she will unswervingly hunt down the "scum" who launched the attack day after day, and the country will send the smartest and most tenacious people Go Hacking.
Australian Home Affairs and Cyber Security Minister Claire O'Neill
With Australia's tough stance, a series of new measures are coming, but it is unclear to what extent the government will go beyond conventional measures to launch countermeasures, especially from cyber threats from outside its jurisdiction. Bugcrow founder and chief technology officer Kathy Ellis said that while cybercriminal groups often enjoy a state of "impunity," they are also vulnerable to interference from law enforcement operations, and argue that being proactive is the way to go, as in Ransomware groups such as Cont and REvil have been cracked down by law enforcement agencies, and Australia's approach is aimed at taking stricter measures.
Why should anti-hackers proceed with caution?
As stated at the beginning of this article, real anti-hacking is difficult to implement in some countries because there are no laws to support such counter-attacks. For example, U.S. lawmakers have tried several times to pass related bills to provide some legal support for organizations fighting back against cyber attackers, but all failed.
After all, if two people fight and one fights back, the target of the counterattack is definitely another person with a clear target, but cyber attacks are different. "In general, it's very difficult to really pinpoint the source of an attack," said Rapid lead researcher Eric Galinkin. This means that cyber attackers can use multiple meat machines as springboards for distributed attacks. In other words, attackers are good at using victims to attack other victims, and when victims fight back, they are actually targeting another unknown innocent person. Although there have been successful cases of dismantling ransomware organizations such as Conti and REvil in the world, such special operations often require months of investigation and analysis by a professional team, and the operation is carried out only after the target is locked with a high degree of precision. If such powers are devolved and civil society is allowed to take reckless or more aggressive countermeasures, the consequences of their abuse can be imagined.
This also involves who is the first person to shoot on both sides. A typical example is the 2017 US "Active Cyber Defense Certainty Act" (ACDC), which states that "as long as another entity is hacked in an 'active defense' legal liability." That is, under the ACDC Act, companies and individuals will be able to use "active defense" to identify, destroy or even destroy their stolen data. Once the bill was proposed, it was opposed by many people in the Republican Party, the scientific and technological circles, and even the legislative circle. For example, "active defense" is difficult to explain in a specific or clear situation, that is, how to determine who took the first attack action, There is therefore a risk of abuse. For example, breaking into a suspect's computer to determine whether there are stolen account passwords stored in the system, these passwords can be used for unauthorized access. If this type of behavior is proven to be a misjudgment, it may easily constitute a suspected violation of privacy and endanger the information security of others. If it is authorized by the state and acts against other countries, it will trigger international incidents.
U.S. Republican Rep. Tom Graves vehemently opposes ACDC bill
In 2021, another bill called the "Cyber Attack Response Options Research Act" requires the US Department of Homeland Security to evaluate and revise the current "Computer Misuse Act" to seek appropriate rules and benefits for attackers who counter hackers, but this The bill also went down the drain amid controversy.
The general trend of security defense - from "defense" to "attack"
There is no doubt that Australia's cyber security strategy is in the process of constant change recently. In April 2022, Australia announced that it will formulate a data security framework that will "pave the way" for the next 10 years, and plans to invest more than 9 billion Australian dollars in total. Build national network security. Although Australia has suffered several major cyber attacks so far, under the general framework, the trend from "defense" to "offensive" has become more and more obvious.
Strategic upgrade: strengthen the nature of attack
On August 31, 2022, the Australian Department of Defense officially released the country's first dedicated defense cybersecurity strategy - the "Defense Cybersecurity Strategy" (2022), outlining planned measures to strengthen cybersecurity capabilities in the next 10 years. The strategy is considered to be a further upgrade since the 2016 National Defense Strategy White Paper and the 2020 National Defense Strategy Update, and the emphasis on network security is gradually increasing. In the 2016 version of the strategy, network security was only regarded as a new threat to national defense security, but in the 2022 version of the strategy, network security has been placed at the height of the necessary conditions for the completion of national defense missions, and it is regarded as the future. A possible precursor to, and a key factor in, conflict, the deciding factor in Australia's success or failure.
In terms of network offensive capability building, the 2016 version of the strategy mainly emphasizes the construction of defense systems such as intelligence, surveillance, and reconnaissance, while the 2022 version of the strategy begins to strengthen the building of offensive network capabilities to improve deterrence and promote national defense transformation. The strategy proposes to support shaping deterrence and response capabilities, shaping the cybersecurity environment by setting standards and strengthening industrial partnerships, improving deterrence capabilities by increasing the visibility of adversary activities, enhancing cybersecurity posture monitoring and restricting adversary cyber activities. Strengthen coping skills.
Comprehensive reform: trying to achieve the so-called 2030 vision
According to a report by the ABC in February this year, Australia will comprehensively reform the US$1.7 billion cybersecurity plan formulated by the previous government. This reform is derived from the 2023-2030 Australian Cybersecurity Strategy announced on December 8, 2022. Make Australia the safest country online by 2030. In response to the cybersecurity challenges faced in the event of a data breach, the government is committed to working with industry to create a nationally consistent cybersecurity framework, according to public discussion papers. The government also announced it would appoint a national cybersecurity coordinator "to ensure a centrally coordinated approach" to government cybersecurity responsibilities.
Discussions also touched on the need for further amendments to the Security of Critical Infrastructure Act 2018 (SOCI Act), under which the government has "last-in-last-resort" powers to deal with critical cyber threats associated with critical infrastructure areas, critical infrastructure assets security incident. But O'Neill thinks those powers are currently too limited and narrowly defined to actually help. In an interview with ABC, O'Neill even stated that "(now) this law is useless at all, and when it is actually used in cyber incidents, it is not worth being printed on paper." It is foreseeable that the reform will enhance the government's ability to intervene in the face of security incidents, especially in the aftermath of major cyber incidents and the management of consequences. After the two major data breaches of Optus and Medibank, the government began to consider prohibiting the payment of ransoms to the attackers by the victim companies. If the ransom payment is violated, it will be considered an illegal act.
Role Reversal: Seeking Independence in Collaboration
Australia has always relied heavily on the United States, the United Kingdom and other countries in its cyber threat defense system. It has participated from the earliest Five Eyes alliance to the Indo-Pacific strategy proposed by the Biden administration in 2022. However, Australia has begun to try to improve its independence and autonomy in dealing with cyber security risks. For example, the 2022 version of the strategy mentioned that "how the Department of Defense responds to cyber threats and ensures its capabilities are protected from adversary attacks requires a consistent and coordinated effort across the defense system, from the Australian Defense Force (ADF) and Australian Public Service (APS) to Defense industry partners and supply chain. Every part of the system plays a role in ensuring cybersecurity. There is a need to integrate the defense supply chain and increase autonomy in the defense supply chain to ensure defense cybersecurity.”
In international cooperation affairs, Australia is also seeking to shift from a participant role to an autonomous leadership role. On January 27, 2023, with Australia serving as the first chairman, the International Anti-Ransomware Working Group, including 36 member states including the United States, the United Kingdom, France, and Germany, officially began to operate, aiming to destroy, combat and defend against increasingly Increased ransomware threat.
With the continuous trauma caused by cyber threats to Australia, this sparsely populated southern hemisphere power is trying to show its iron fist against hackers. As for how strong it is, whether it will make the international cyber environment more complicated and severe remains to be seen. Watch how it takes the next step on its way back.