Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government Security The Military Technology

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io) 69

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
This discussion has been archived. No new comments can be posted.

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech

Comments Filter:
  • by cayenne8 ( 626475 ) on Thursday May 25, 2017 @05:47PM (#54487813) Homepage Journal
    While I understand fully the thoughts behind doing something like this....I just think "Wow...what could possibly go wrong here...?"

    I'm guessing that large businesses could get in on this too? If not now, just wait....

    And, we've seen how well just take down notices work....often not even justified, but still...the party acted upon is now guilty till proven innocent.

    What constitutes a valid victimization? Telling someone you don't like them? They small bad? That allows them to infiltrate your computer, destroy information...etc?

    This sounds like a real pandora's box being opened here.

    • by Anonymous Coward on Thursday May 25, 2017 @05:57PM (#54487863)

      "What constitutes a valid victimization?" ICMP the wrong port and they can say you're trying to penetrate their services? Mmmm, Beacon.

    • by LifesABeach ( 234436 ) on Thursday May 25, 2017 @06:21PM (#54487967) Homepage
      Given Toms "a child of 8 year old heat of the moment mentality" what could possibly go wrong? And is the DOJ so fucking bloated that going after the bad guys to much for them?
    • by AHuxley ( 892839 ) on Thursday May 25, 2017 @08:28PM (#54488491) Journal
      A group moving data around the world would use a series of unexpected holding or staging servers with fast networks to mask their final ip.
      This will not be a move of data from a company direct to a "home" "desktop" computer with some dial up modem.
      Once the "owner" detects their data and sends the code?
      That data could be sitting on any random fast network around the world without been noticed. Strange computers sending to code to and altering a computer to do something to data on that network?
      The resulting intrusion and clean up will be very expensive and disruptive to any third party.
      • by currently_awake ( 1248758 ) on Thursday May 25, 2017 @10:50PM (#54488987)
        1-Evil Hacker hacks into Facebook network. 2-Use to launch attack against Microsoft. 3-Microsoft detects attack, traces to Facebook, launches counter attack and searches for their data. 4-Facebook detects intrusion, traces to Microsoft, launches counter attack and searches for their data. 5-Evil Hacker finishes downloading data, sits back and eats popcorn while Cyber WW3 erupts.
        • by AHuxley ( 892839 )
          Think of the fun a well funded third party clandestine service could induce the USA to do.
          They find a US beacon effort in the wild and alter its mission just a bit.
          Place it in nations they don't get along with and watch as the US reports "hacking" from a list of other nations flood in.
          The US has 100% evidence and proof that "other nations" are evil and the special secure beacon code was running in their networks and ip ranges.
          Special citations and commendations for that clandestine service as the USA so
        • by AmiMoJo ( 196126 )

          Large companies like Facebook and Microsoft will just call each other's security departments. The danger will be when foreign companies get involved.

          Imagine Facebook incorrectly traces the attack back to some company in China, and starts hacking them. Chinese government notices and decides to destroy Facebook, deploying state level hacking and zero day exploits to wipe them out.

          • by ( 4475953 )

            I agree with you but your example is a bit unfortunate. The problem with this bill seems to me that the counter-attack will be completely illegal in almost every other country in the world. This creates all kinds of legal problems for US companies and also many practical problems for police forces, prosecutors and security companies in other countries. In any case developers of 'counter-attack' software ought not be surprised if they are arrested once they leave the US.

    • It's "Stand Your Ground" for nerds. Because that always works well ...
  • Time to hire some in house hackers and install the black ICE on the servers.
  • by WolfgangVL ( 3494585 ) on Thursday May 25, 2017 @05:54PM (#54487843)

    I was just "destroying my hacked data"

    Facebook had hacked my browsing data...
    The FCC was hosting my stolen data...
    The "agencies" had hacked my communication devices....
    Linkedin...
    Tumbler...
    Myspace...
    IRS...

  • So this bill empowers me to attack Microsofts and Googles servers to destroy my data that they have taken?

  • Hmmmm (Score:5, Funny)

    by JThundley ( 631154 ) on Thursday May 25, 2017 @05:59PM (#54487871) Homepage

    So I have to tell the FBI that I'm going to hack the NSA to destroy my data?

    • by zlives ( 2009072 )

      i am sure if you don't the NSA will anyway, so in this particular instance it would be necessary.

  • AC/DC Act (Score:5, Insightful)

    by PopeRatzo ( 965947 ) on Thursday May 25, 2017 @06:00PM (#54487883) Journal

    The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March

    Republicans have seen too many Hollywood hacker movies. They want people to believe that after someone steals their personal information, they'll be able to click a big red EXECUTE button on the screen and it will launch a counterattack and steal back their data.

    In reality, the people who are victims of this type of data theft aren't going to have access to these "Beacon" tools. But copyright trolls and malware thugs almost certainly will. In the end, this will be just another corporate giveaway.

    The cyber is hard.

    • by zlives ( 2009072 )

      the lobbyist that wrote this bill for him probably showed him that movie, however its probably for content providers to destroy computers of people pirating rather than try to bring them to court, since that takes forever and costs money and maynot result in any profits. just wait till they update the TOS to include a missile strike if not in compliance.

      • by rtb61 ( 674572 )

        Meh, who cares, mountain out of a mole hill. News at eleven corrupt lobbyists and corrupt politician attempt to write constitutional challenged laws that would empower corporations to enslave and attack citizens, the flaw, something to do with search warrants and how they are carried out, you know, no search warrant, no search, no removal, no nothing. Also affects possession laws, with no proof required of right of possession to denies others the active possession. What could possibly go wrong with writing

        • by zlives ( 2009072 )

          i would only say that this would go hand in hand with the licensing law as in you don't own any property its all just a license. so no stand your ground... also probably not work with stand your ground as this reprisal would require walking to the said office...

    • Republicans have seen too many Hollywood hacker movies.

      speaking of movies...

      In reality, the people who are victims of this type of data theft aren't going to have access to these "Beacon" tools. But copyright trolls and malware thugs almost certainly will.

      Yup, the movies are definitely going to be the thing best protected by this act.

      Movie shown in theater tends to be fingerprinted. (the purpose being to try to trace back where a copy was first leaked).
      This act basically gives authorization to the industry to install a backdoor (either forced through legislation, or unknowingly deploy in the style of Sony root-kit), that will nuke an user computer if it ever detects such type of fingerprints.
      (and make it also report back to the MPAA moth

  • Foolishness. (Score:5, Interesting)

    by Gravis Zero ( 934156 ) on Thursday May 25, 2017 @06:04PM (#54487899)

    What this is going to enable people to do is destroy zombie computers and devices under the guise of retribution. While this may seem good at first, it's just going to be the moms and pops of the world losing all their data because they got infected with a virus and somebody unleashed hell on their machine. It seems like it would be far more helpful to require ISPs to detect a DoS in progress and cut off the infected customer. A scorched Earth campaign will do little to change the world.

    • This case ("infected by a virus"..."unleash hell") isn't covered by the proposed bill.
  • So just exactly which tools will John Q Public be using to track and delete their data?
    The "easy" tools, meant for the people who still have VCR's blinking midnight?
    "Alexa, find and destroy all my hacked data!". thank you.
  • by Josuah ( 26407 ) on Thursday May 25, 2017 @06:29PM (#54488007) Homepage

    The analogy is if you suspect someone of stealing your wallet, you are allowed to break into their house, search through it to find and take back your wallet, destroy a few things here and there to prevent them from pickpocketing in the future, and then call in the police to arrest the guy.

    Oh, but if you made a mistake and destroyed some random person's stuff, well, you were still acting within the law.

    • For an attack in progress, I'd say it's more like you're being mugged and the attacker has managed to grab your wallet by the time you start fighting back.

      You have a right to self-defence in the physical world, usually with a limit of 'reasonable force' (Texas excluded). To extend that to the digital world, if your system is attacked you should have the right to damage the attacking system to the point it can no longer continue its assault... and you should be able to take back your data if you can do so.

      A

      • by Anonymous Coward

        Except, a more effective self defense is just telling your network to stop accepting the guy's packets.

        Anything else is unnecessary use of force.

        Kind of like rendering the mugger harmless and then kicking him and maybe his family and friends while he's down.
        And the mugger you are going after may be some harmless smuck who got his computer hacked.

      • by DarkOx ( 621550 )

        Alright, lets play pretend.

        1) You have webserver with say a JBoss deserialization vulnerability.

        2) I get remote code execution and set myself up some persistence but otherwise leave your site alone, you don't know anything is wrong.

        3) I use your system as pivot to attack Bob's network. I break into Bob's systems and start dumping data.

        4) Bob spots the attack and sees its coming from you. Oh did I mention outbound connections from the server I compromised don't leave from the same IP that servers inbound o

    • by TiggertheMad ( 556308 ) on Thursday May 25, 2017 @10:00PM (#54488803) Homepage Journal
      I am curious how this is going to not constitute destruction of criminal evidence when the first court case goes before a judge...
    • It's probably more akin to breaking in to a bank to get your wallet though. Kicking someone's door in to gain entry isn't that hard, and I'll bet about 80% of the population could do it if they really needed to. But breaking into a computer is well beyond 95+% of the population - I know technically what's required, but it would still take me an awful lot of dedicated time and effort to do. Thus, I'd need to hire a pro - and they don't come cheap (unless you're a big company, in which case you already hired

  • Well, one good thing, I love bacon of any kind so far.
  • Is the beacon path back to the US the ip range of interest?
    Automated or will some US gov worker have to click a gui everytime to allow a beacon to be respond to?
    Hope that the user is on a desktop computer, has one hard drive that has the OS, has the data, is connected to the net, has the same ip for a while?
    How perfect is the "techniques to trace the attack and identify the attacker" going to work in every computer network before someone with skills finds something in the wild?
    Or does the beacon encry
  • If someone has the skills and is being attacked... it wouldn't matter if there is a bill or not.
  • Since the US doesn't have jurisdiction outside the US, attacking any foreign computer will likely remain illegal under foreign law. If the US courts protect them they'll become modern day privateers, state-sanctioned thugs. Like a loose cannon version of the NSA, this will not end well.

    • If the US courts protect them they'll become modern day privateers, state-sanctioned thugs. Like a loose cannon version of the NSA

      So more constrained then.

  • The "beacon" exception is interesting. Someone went to the extra trouble to pay somebody to add that. Who did it and why? What's the imagined scenario?

  • must be maintained forever

    I remember watching the episode [wikia.com] and thinking Gee--it would be great to be one of the people with the active immune system.
    Of course it would suck for my neighbors, friends, and family--but that's their problem.

    Right?

Quantity is no substitute for quality, but its the only one we've got.

Working...