In a new report, Congress was advised to allow revenge-hacking of Chinese attackers that have been stealing information and data from US companies and government agencies. These attacks are typically state-backed by China and have been responsible for distributing stolen trade secrets from America.
The U.S.-China Economic and Security Review Commission released its 2015 report Tuesday, according to The Associated Press, and examined the problem of cyber attacks aimed to steal important data. The report noted that current US policies don’t allow for counter-attacks saying:
U.S. law does not allow retaliatory cyber attacks by private citizens and corporations, nor does it appear to allow counterintrusions (or ‘‘hack backs’’) for the purpose of recovering, erasing, or altering stolen data in offending computer networks.
It then went on to suggest Congress assess this choice saying, “International law has not kept up with developments in cyber warfare, and no international consensus exists on how to attribute or appropriately respond to cyber attacks.”
Later in the report, the commission went on to list solutions to the cyber espionage problem recommending:
Congress assess the coverage of U.S. law to determine whether U.S.-based companies that have been hacked should be allowed to engage in counterintrusions for the purpose of recovering, erasing, or altering stolen data in offending computer networks. In addition, Congress should study the feasibility of a foreign intelligence cyber court to hear evidence from U.S. victims of cyber attacks and decide whether the U.S. government might undertake counterintrusions on a victim’s behalf.
The Associated Press reported that China views itself as a victim of hacking, and that the cyber intrusion problem has long been a point of tension between the two countries. The AP said that the Security Review Commission is normally very critical of China.
This isn’t the first time China has taken information illegally from the U.S. The Intellectual Property Commissions Report estimated that China was between 50 percent and 80 percent of the problem with international IP theft from the US.
“Stolen corporate software—from basic computer and network operating systems and office technology to sophisticated design algorithms— allows companies to cut costs unfairly,” the report stated. “The problem is rampant in many countries around the world, but in the People’s Republic of China (PRC), a country to which so many overseas supply chains extend, even ethical multinational companies find themselves complicit.” (RELATED: Fool Me Twice… China Attacks Seven Companies After US Cyber Truce)
The report also cited a study conducted in 2011 by the US International Trade Commission that found,” if IP protection in just China were improved to a level comparable to that in the United States, the U.S. economy would obtain an estimated $107 billion in additional annual sales and net U.S. employment could increase by 2.1-million jobs.”
Chief security strategist of American network security company FireEye, Richard Bejtlich, told the AP, “We need to get our hackers to go after their hackers to put pressure on them and disrupt their operations. We need to start with more government pressure, not put the private sector in that role.”