The Los Angeles Times reports on a new online security company called CrowdStrike
founded by the former chief technology officer at McAfee Inc., George
Kurtz. Also joining CrowdStrike is the former head of the FBI's
Cyber Crimes Division, Shawn Henry.
CrowdStrike
is at the forefront of a novel business model for cybersecurity, one that
identifies sophisticated foreign attackers trying to steal U.S. intellectual
property and uses the attackers' own techniques and vulnerabilities to thwart
them. The firm is marketing itself as a private cyber intelligence agency,
staking out networks to catch infiltrators, assembling dossiers on hackers and
fooling intruders into stealing bogus data.
CrowdStrike,
which employs Chinese linguists and former U.S. government agents, also
has identified Chinese hackers using clues in their malware. It then
profiles them — complete with real names and photos — using information
gathered from a variety of sources.
That
has helped the company, for example, identify a Chinese hacker who targeted financial institutions and tends to seek merger and acquisition information.
Profiles enable a more targeted defense by helping CrowdStrike know when
an attacker is likely to strike, how he communicates, what malware he uses and
how he tries to take the stolen data.
Some
experts believe CrowdStrike and other companies should be able to "hack
back" by, for example, disabling servers that host cyber attacks, whether
they are in the U.S. or abroad. But this approach is not without critics,
who worry how far companies might go down the road of cyber vigilantism.
The Justice
Department has said hacking back may be illegal under the Computer Fraud and
Abuse Act, a 1996 law that prohibits accessing a computer without
authorization. Many lawyers liken it to the principle that a person can't use "self-help" to legally break into his neighbor's house, even if he sees his stolen television
in the neighbor's living room.
But what happens when the authorities themselves are unable, or unwilling, to cope with the threat that such hackers present?
Critics worry that third party servers may be affected, or that attacks on Chinese or Russian-controlled computers could trigger an international incident. What do you think?