Commission wants to turn tables on IP thieves by crippling PCs with extortion-style lock-outs

'What the hell are these guys thinking?' asks critic after panel suggests using 'ransomware' tactics

By , Computerworld |  Security

Buried in a 100-page report issued last week by the Commission on the Theft of American Intellectual Property was a recommendation to copy a tactic cyber scammers use to extort money from innocent victims.

The IP Commission -- a private panel of politicians, military and defense officials and technology leaders -- is co-chaired by Jon Huntsman, former governor of Utah and former U.S. ambassador to China, and Dennis Blair, a retired U.S. Navy admiral and former Director of National Intelligence.

Among more than 20 recommendations, the commission suggested that companies be allowed to lock files and cripple computers.

Under a heading of "Support efforts by American private entities both to identify and to recover or render inoperable intellectual property stolen through cyber means," the commission said, "Software can be written that will allow only authorized users to open files containing valuable information.

"If an unauthorized person accesses the information, a range of actions might then occur," the commission continued. "For example, the file could be rendered inaccessible and the unauthorized user's computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account."

In a nutshell, that's the same tactic used by scammers who try to panic users into paying a ransom fee to regain control of their computers.

Variously labeled "ransomware" and "scareware," such malware cripples a PC or encrypts its files, then displays a ransom note demanding payment to restore control to the owner. The technique, flatly called "an extortion racket" by Symantec in late 2012, has been in use since at least 2006. Until last year, however, it was rare and ineffective, and seen mostly in Eastern Europe.

In fact, a common hacker stratagem is to deliver on-screen messages to victims that appear to be from law enforcement agencies, just as the commission proposed.

Last December, for example, Symantec described how messages displayed on Americans' PCs by the "Ransomlock" malware masqueraded as warnings from the Federal Bureau of Investigation (FBI), while German users saw messages purportedly from the Bundesamt fr Polizei, Germany's federal police.

The commission asserted that these ransomware-style techniques are legal. "Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved," the report contended.

Critics quickly jumped on the ransomware comparisons, and bludgeoned the proposal.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question