Waging War on Hackers

For the 2015 State of the Union address, cyber security played an important role.  New laws go-to-jailwere proposed.  Such laws are not unproblematic however.  Rob Graham made some interesting comments in the “Wired Magazine” about what might happen with such laws.  That is how governments, ours included, seem to act.  I would never think the bad consequences were intentional.  I think this is nothing more than a simple over-reaction to a problem which seems to get out of hand.  Hacking is the new scare.  People are either totally unprepared, or deadly scared.  Neither is rational.  Enacting laws when scared is almost a guarantee for enacting bad laws.  I recommend punishing performing a crime, but don’t make the punishment depending on the technology and on how scared the victims are.

In our opinion, there are better solutions to cyber-space problems.  The essence of the best solutions lie probably both in the social and economical adjustments.  However, the part of the solution a startup company like ours can safely provide is on the technological site.  With some good technological solution there wouldn’t be a need for overreacting and society would by kinder and safer.
There rarely is a one technology which fixes all. However, there are several technologies which can make a difference.  Tamper proofing your software for example. It may still be overkill for simple problems like stealing from buggy websites.  But tamper proofing is ideal for critical software.  Maybe this method of protecwe_the_peopletion will become standard and thus can easily be affordable, so it can be implemented everywhere, but not yet.  Tamper proofing may not be the only solution, but it is a good one.

Compare your digital treasures to your nest egg of savings.  Do you pile your money on the front lawn, make tougher laws and blame the neighbors when the pile is gone in the morning?  No, you put your money in a safe box or into a bank.  Equally, commercial software users and producers just need to do their part of due diligence in protecting software.

North Korea says: No, We Didn’t Hack Sony.

Recently a new cyber crime story gets reported every week. This week’s news on cybercrime is about an attack at Sony Pictures Entertainment, among other problems making movies publicly available, and creating substantial damage.

Cute dog and girl, most likely from movie.
Picture from linked web page., most likely from movie

An important aspect of most cyber crime is the fact that hacks usually cannot be attributed to the real source. Just because a computer was attacked by another computer, maybe in North Korea or maybe somewhere else doesn’t confirm the real source. That computer may itself be an innocent victim and may have been used by another computer in some other part of the world. There can be a chain of tens and more computers. Even aunt Emma’s computer may be part of such a chain. Therefore it is a very bad idea for most people to start counterattacking cyber criminals by themselves.

This attack is different from old fashioned cyber-crime in what it tries to do. It is not simply stealing some money were the loss of the victim matches the gains of the criminal; it is not simply leaking credit card numbers. The loss to Sony is “strategic”: The loss for Sony isn’t what is gone and has been stolen. The loss in this case is directly hurting Sony in its ability to do further business. As of today, such crimes are common place in newspaper talk about state-actors, cyber-“terrorism” and in hype like cyber-“war”. What is new and unusual here is that such losses are inflicted on normal, commercial business enterprises.

Adding several layers of protection could significantly minimize the risk of such attacks. Obfuscation of your code as provided by White Hawk Software can be one of these protective layers.

For more about this incident see: