Attackers have invaded corporate networks to steal sensitive data and use them as staging grounds to attack other corporate networks \u2014 and IT managers detecting these invaders may find yet another surprise: law enforcement lurking in their networks monitoring it all as part of a cyber-sting. “There may be law enforcement watching it,” said Charles Shugg, retired Brigadier General of the Air Force who once headed the U.S. Air Force Cyber Command, and spoke yesterday on a panel at the RSA Conference on the topic of how far IT managers can go to “hackback” against network attackers they happen to detect. But you might be stepping into something bigger than you know, because “an undercover agent may witness crimes taking place and not stop them in hopes of getting them,” said Shugg. It’s just another wrinkle in the world of cybercrime that’s invaded corporate networks, whether it be suspected Chinese spies stealing important intellectual property, remotely-controlled botnets and cybercooks from everywhere making off with what they can, or hacktivists out to score political points.<\/p>\n","protected":false},"excerpt":{"rendered":"
For one thing, any counterstrike against what might be thought to be the lair of the attacker may in reality simply be just another corporate network that’s been compromised. An IT manager that wants to take steps to definitely stop certain actions is proceeding into an area that’s immediately dominated by legal and insurance considerations.<\/p>\n
It would be a better world if IT managers could reach out across corporate boundaries and one could tell another about what’s perceived to be an attack based on malware coming from the other’s network and quickly snuff it out. … Instead, it’s the company lawyers that will be needed to try and resolve serious problems that seem to emanate from other corporate networks.<\/p>\n
Serge Jorgensen, CTO at Sylint Group, the Sarasota, Fla., firm that provides incident response and remediation services, pointed out that one legal option would be seeking a temporary restraining order (TRO) from a judge against what is seen as the offending entity where the cyber-attack appears to originate.<\/p>\n
Link: http:\/\/www.networkworld.com\/news\/2013\/030113-rsa-cyberattacks-267279.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,13],"tags":[],"class_list":["post-1276","post","type-post","status-publish","format-standard","hentry","category-news","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1276"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1276\/revisions"}],"predecessor-version":[{"id":3763,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1276\/revisions\/3763"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}