Computerworld - ARLINGTON, Va. -- Google Inc.'s revelation last month that attacks out of China resulted in the theft of some of its data drew attention to the broader question at the Black Hat conference here over what can be done to the villains.
Cyberattacks give rise to anger and a very human desire to strike back, but pursuing attackers in ways that matter isn't accomplishing much. The number of people who are arrested and convicted for any of the phishing attacks, intrusions and thefts is tiny.
Several countries -- Russia and China in particular -- don't want to cooperate on cybersecurity enforcement, said Andrew Fried, a security researcher at the nonprofit Internet Systems Consortium, and a former special agent at the U.S. Treasury Department. "The reality is they don't want to do squat to help anybody," he said, on a panel at the cybersecurity conference today.
After an attack, such as the China-Google incident, there's always interest in establishing "attribution" -- identifying the source of the attack. But Jeff Moss, the founder of Black Hat and director of the conference, questioned whether too much emphasis is placed on that effort. Moss also serves on the Department of Homeland Security's security advisory council.
"We should be spending more energy on dealing with the containment of an attack, reducing the effects of an attack," Moss said. "I don't think we will ever be able to stop the attack."
Techies can argue over the source of the Google attack, Moss said, but "is China ever going to extradite anybody? No," he said. "Are we going to go to war over it? No. So we should probably have a mechanism, a strategy in place, for mitigating, minimizing these attacks."
Last month, after revealing the attacks, Google said it was considering pulling out of China.
In a recent speech on Internet freedom, Secretary of State Hillary Clinton offered an impassioned defense for the "freedom to connect." But Moss questioned whether Clinton was proposing a U.S. policy for the Internet akin to the "freedom of seas model."
"The U.S. Navy spent a lot of time beating up pirates," Moss said. "Is that a call for us to go police the cyber seas ... or does it mean something else, because I don't think that we've got the capability [to defend] the world's cyberspace and keep it free."
Google's battle with China in some ways is little more than a sideshow compared with what some companies are dealing with. Take GoDaddy.com Inc., for instance, the world's largest domain registrar with more than 38 million domain names. Ben Butler, director of network abuse at GoDaddy, said his department's 19-member staff conducted 232,000 investigations last year over a range of abuses, including spam, phishing and copyright infringement.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
