Use The Military To Attack Hackers

Chris Krebs the former US cyber security chief of Cyber and Infrastructure Security Agency (CISA) has says the US military should hit cyber criminal gangs that hack  organisations and governments. He has suggested that military cyber attackers could use ransomware to try to thwart gangsters by revealing personal information, a tactic known as doxing. 

“You have to chase the bad guys, and I’m not just talking about law enforcement.” Krebs said in an interview with the Financial Times. "You actually place a title 10 employee - civilians employed by the military - Deploy intelligence features, like Cyber Command. You send them a message directly, saying, “We know who you are, we will either quit or come after you using information warfare.” You expose them. There is something you can do."  

Krebs’ comments contradict the conventional way of thinking about establishing cybersecurity. Experts tend to warn businesses not to “hack” ransomware attackers. This is because it can be difficult to identify the enemies you are dealing with and their abilities. 

To understand the challenge facing CISA and the rest of the government, it helps to understand the frustrating nature and  enormity of the SolarWinds hack. Early reports focussed on agencies like the US Departments of Treasury and Commerce, but the hack was much broader than that and we still don’t know precisely which systems may have been compromised and what data may have been taken. 

Digging out every possible compromise will take discretion and trust, the kind of qualities Krebs had been building up in his role and lost when he was abruptly shown the door. Krebs was fired from his role as the head of CISA following him publicly contesting Donald Trump's baseless claims of voter fraud in the election. 

For almost a year hackers have used SolarWinds software to spy on governments and business in the US, and around the world.

The Verge:      Business Insider:       Financial Times:        EMINETRA

You Might Also Read: 

Biden Selects His Cyber Team:

 

« Losses From Cyber Crime Exceed $1Trillion
Data Privacy & You »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

Issue53

Issue53

We empower organizations to thrive in the digital landscape. Strengthen your defenses, enhance resilience – Choose Issue53 for a secure and future-ready IT environment.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.

CASwell

CASwell

Caswell is an industry-leading OEM/ODM specializing in networking, security, SD-WAN, NFV, telecommunication and IoT applications.