In my previous post, http://blog.hiddenharmonies.org/2013/02/how-to-hack-a-human-brain-from-experts-of-hacking/, I discussed the many flaws in the Mandiant Report on hacker group designated APT1.
Mandiant has responded to some of the criticisms, with the usual generalized responses of “we released our conclusion based on what we had.”
In other words, flaws are admittedly due to their jumping to conclusions.
Indeed, the Report from Mandiant read like a simple Conspiracy Theory, in that the only evidence of the Conspiracy is in circumstantial evidence.
By the same logic, virtually everyone can be found guilty of conspiracy of murder and theft, simply because there are murders and thefts near where they live.
As a law professor once said in a class, “Every complaint should follow with a demand.” So it appears quickly what the actual Demand came from the Mandiant Report.
In Obama’s speech recently, the Demand came in the form of a near Declaration of War on Hackers. In his speech, “hacktivists” are lumped into the category of “cyber criminals”.
On this position, I do not disagree with Obama’s logic. By hacking, “hacktivists” are knowingly committing crimes, and they shouldn’t be excused merely for their self-professed noble political purposes. Afterall, if one wishes to, virtually every crime can be boiled down to politics. Is a petty thief doing it merely for the money, or as a form of protest against banks? Who is to say? Whose words to take?
And if a government is behind some of the hacking, isn’t that ultimately really for politics? Does that mean governments themselves can be “hacktivists” too and be excused?? It’s a slippery slope.
(On the other hand, Hacktivists do have a point. Afterall, most governments do hack and spy on people. Why aren’t the government officials being prosecuted for “hacking for politics”?)
As they say in law, if you are going to do the crime, you should do the time. But as the cynics would say, governments are criminals.
So, where is Obama and the Western governments moving toward to? What is this “War on Hackers“? And why?
The problem is ultimately not any particular country. It is world wide. I think deep down even US governments acknowledge that.
If the Western governments can’t even shut down their own hackers like Anonymous and Lulzsec, (not completely), then they can’t expect China to put much of a dent into their hacker problem. (If US and China start to trade a list of hackings traced to each country, what can US do in return for China’s cooperation, or vice versa?)
Another problem? US doesn’t even have much of an extradition treaty with China. Which means, hackers of both sides will have plenty of legal loop holes to hide behind. If China comes to US with a list of hackers wanted for hacking crimes, would US hand them over?
US and Obama knew that, and have apparently started to go after the problem from the US side. This may be generally a good thing, but there are some severe problems.
(1) a general declaration of War on Hackers is simply too political. There are already the failed War on Drugs, War on Terrorism. Hackers may become another endless war.
(2) Going after political hackers is too unpopular with the growing “hack chic” culture in the West that is sensitive to “privacy” issues. Hacker groups have become culturally popular icons, like Anonymous, other countries have their own popular hackers.
(3) Broad reaching laws to fight cyber crimes may be unpopular with even large corporations. CEO’s may not be very thrilled about the idea of government agencies getting total access to their emails to see if hackers have stolen any thing.
Already CISPA is rumored to be brought back to life to become law.
Mandiant may have blown some discretions with this report, and while it may have brought Mandiant some marketing in the Media, in the long run, the corporate clients may hesitate to deal with a company that exposed their privacy to the US government.
And let’s face it, American CEO’s may not want China to read their emails, they certainly don’t want Uncle Sam to rummage through them!
And it really does come down to those who are screaming the loudest, really do have things to hide. (Anonymous may hack for political reasons, but I bet they do end up with some Intellectual Properties. They just usually end up releasing every thing to the public, which DESTROYS IP’s. Case in point: They released emails of HBGary, containing some confidential reports of their clients. This in part caused HBGary’s financials to take a dive.) So whether a company gets hacked for “politics” or not, by “state actors” or not, the damage would be similarly severe.
And if a company let’s US government to rummage through its files, that’s not protection, that’s equal to “cutting one’s nose to spite one’s face.”
What to do then about Cyber crimes?
Unless you are willing to expose your own privacy, you are not going to be able to reveal the private information about hackers.
That’s the deal that you need to consider, when the Devil comes knocking.
And when hackers are popular cultural icons, there will be more hackers.
If you put your trust in government to handle the problem, then you may have even less control than before. You will likely still get hacked, but you just can’t control it any more.