IP theft commission wants to use malware to catch pirates

About The Author

CNET Editor

Michelle Starr is the tiger force at the core of all things. She also writes about cool stuff and apps as CNET Australia's Crave editor. But mostly the tiger force thing.

The Commission on the Theft of American Intellectual Property has submitted a report to the US Congress proposing anti-piracy measures and is considering the government-sanctioned use of ransomware.

(Pirate flag image by Oren neu dag, CC BY-SA 3.0)

According to studios and publishers, piracy constitutes a massive threat to both jobs and economies. yet, there is no good way to combat the practice — at least, not within the current scope of US law.

The use of malware is therefore what the commission, a committee formed to investigate, document and come up with ideas for fighting piracy, is considering, as spotted by Lauren Weinstein. In an 89-page report submitted to US Congress, it has detailed how "IP theft" worth "hundreds of billions of dollars per year" hurts the US economy, and proposed measures for fighting it — including the covert installation of spyware:

While not currently permitted under US law, there are increasing calls for creating a more permissive environment for active network defence that allows companies not only to stabilise a situation, but to take further steps, including actively retrieving stolen information, altering it within the intruder's networks or even destroying the information within an unauthorised network. Additional measures go further, including photographing the hacker using his own system's camera, implanting malware in the hacker's network, or even physically disabling or destroying the hacker's own computer or network.

The report does go on to note that the commission is not recommending these measures at this point in time, as such measures have no legal precedent and could harm innocent third parties. It does, however, suggest that an assessment of the current law needs to be conducted, with law agencies given the authority to "use threat-based deterrence systems that operate at network speed against unauthorised intrusions into national security and critical infrastructure networks".

It proposes that "informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken"., It also proposed the legalised ability for companies to access a pirate's server: "without damaging the intruder's own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information."

But the idea of deploying malware is not one the commission wants to give up, noting in the paper's conclusion:

As discussed in the cyber recommendations above, if counter attacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability of those conducting IP theft. These attacks would raise the cost to IP thieves of their actions, potentially deterring them from undertaking theses activities in the first place ... Further work and research are necessary before moving ahead.



Add Your Comment 9


Post comment as
 

NicholasL2 posted a comment   

Use an online scanner to scan your software before installing. RazorScanner uses 60 updated Anti-virus/malware scanners and reports issues. http://razorscanner.com/index.php?page=home

 

EliJ posted a comment   

I think i'll just stick with my Fedora laptop with no webcam. I didn't realize I download a song or movie and now i'm a hacker but apparently so.

 

NoPiracy posted a comment   
Australia

Whatever your opinion on this issue, I’m sure we can all agree that piracy is wrong and should be stopped. Licensed software contributes 3 times more to the national economy than pirated software. If you have seen software piracy at any company you've ever worked for, I encourage you to report it here: http://nopiracy.net/10LA2PM .

 

RolandoT posted a comment   

I think some are doing it already... my friend's computer got hit last week by a malware pretending to be an update from Adobe.

 

SteveK5 posted a comment   

Not content with misusing the word piracy to describe copyright infringement (a pirate is someone who makes money from copyrighted material not one who simply uses it for their own use), they're now using words like 'hacker' and 'attacker'.

 

RichardE1 posted a comment   

Good thing I have AVG installed on the single, running Windows PC in my house. They wouldn't write malware designed to bypass it, would they?!

 

DeovandskiS posted a comment   

I understand that piracy is a big issue, but " photographing the hacker using his own system's camera, implanting malware in the hacker's network, or even physically disabling or destroying the hacker's own computer or network." seems to be a threat to a person's privacy, and this case can become even sour if the laws do not have a clear definition of a "hacker" because this can leave a huge threat to something that we barely have nowadays: Privacy.

I am a computer Science major and I do believe that these malwares can be easily manipulated by other hackers to prevent their actions or to make something even worse... Also, if these malwares are created by the government then how can Antivirus companies protect the user? Are they going to be against the law if they protect the user? How to define a malware created by the government and one created by a hacker? Sure there are many questions to be resolved but I do believe that using malwares is not the solution.

 

RichardE1 posted a reply   

I had a similar thought to your last part (which I posted). If you study the Net+ (I'm sure as well as Security+) textbooks, there are more effective ways of finding a hacker. Also, nothing about the internet is private, whether you are being monitored or not. Probably the safest (as well as most effective way) of finding these criminals, is tracking the IP addresses themselves.

 

TravisM2 posted a reply   

I wonder what the effectiveness of the deployed malware will be when the person using the malware strewn software blocks all network activity of said software using an application or network firewall. I do agree with your assessment that the design of those backdoors in programs by their respective organizations makes us and them more insecure. Perhaps usage of digital forensics tools by security auditors would be a far more effective approach to catching the malicious hackers.




Sponsored Links

Recently Viewed Products