The entertainment industry has been working with the Commission on the Theft of American Intellectual Property for some time now. They have been very active in pushing for solutions to piracy, and lately have begun suggesting lobbying for permission to hack back when their databases are attacked.
The Commission on the Theft of American Intellectual Property is composed of a wide variety of representatives from different sectors. What they have in common is high interest in putting a stop to peer-to-peer piracy. Led by cries from the content industry, the organization has drawn up in 84 pages why Congress should allow them to use malware to retaliate against suspected intellectual property pirates. It is interesting to see how the entertainment industry has conceded to resort to guerilla tactics to secure their intellectual property.
The proposed software to be developed if legalized would detect illegal copying of protected material. Once loaded onto users’ computers, it would be capable of executing a number of functions. Examples of punishments for piracy include altering, destroying or retrieving the stolen files, taking photographic evidence of the user from the device’s webcam, and disabling or damaging the device and/or network used for the illegal download and/or sharing.
Software of this type already exists, called ransomware, and has been most recently used by Russian hackers.This prototype would be developed to allow only authorized access to copyrighted material. When illegal access is detected, the malware can executesa lockdown, holding all files on the device hostage until the crime is confessed. A password to release the device would be provided by police upon confession of the crime. Other proposed software development for hack backs includes rootkits, spyware, and Trojans developed by cybercriminal rings.
The group says that the malware would be used only to punish illegal downloading and sharing, but the side effects of mass deployment are unknown. This move by the content industry shows that they are unaware of the potential damage that hacking back can cause. Security experts have warned of this before, saying that they are not prepared to deal with the consequences. Hacking requires a great deal of programming knowledge and flexibility. It is likely that if attempts are made to retaliate using malware, hackers will escalate. The danger is that with their experience and expertise, hackers are better equipped to launch a damaging attack that the industry is not equipped to defend against.
Support from the government for this hack back move is not likely to materialize. The government has not been able to manage its own hacking issues, and is fully aware of the dangers of extortion tools and malware-based defense tactics. Similar malware has long been used in attacks on US top secret information by countries like Armenia, Yemen, Iran, Syria, Uzbekistan, the UAE, Vietnam, Ethiopia, Saudi Arabia, Bahrain, Burma, Turkmenistan, and China. In light of the recent talks between Obama and Jinping, the US government is unlikely to publicly support the use of any hacking software known to be employed in the attacks they are focused on stopping. Moreover, the proposal aims to target alleged pirates, with no explanation of how they intend to determine that an illegal download was in fact executed, and who committed the crime. Support from other sectors is also unlikely, as opposition to so-called “dictatorial tactics” has been strongly opposed in the past, for instance the scrapped SOPA.
independent and bipartisan initiative of leading US representatives from the private sector, public service in national security and foreign affairs, academe, and politics.