FBI investigating US companies for engaging in cyber war
The five biggest hack attacks in 2014 hit Sony, Home Depot, JP Morgan Chase, EBay and Target. Hackers at Sony broke into its network and exposed employment and salary records, as well as private emails between Hollywood executives. That last hack has left companies with a sense of unease, and even though US law restricts the number of options that companies have to respond with, some may be resorting to cyber attacks of their own.
Now, the FBI is investigating whether hackers are working on behalf of companies and how they might be circumventing those laws.
“It’s kind of a Wild West right now,” said Rep. Michael McCaul (R-Texas), the chair of the House Homeland Security Committee, to Bloomberg News. He suggested some companies may be conducting offensive operations without getting permission from the government. “They’re very frustrated.”
The FBI is said to be investigating whether hackers hired by US companies were the ones responsible for disabling servers used by Iran to attack major bank websites in 2013. According to Bloomberg, at a closed meeting last year, JP Morgan bank executives proposed the bank employ hackers in offshore locations to hack those that attacked the company.
— Hardware Newz (@HardwareNewz) December 31, 2014
A spokeswoman said no action was taken and it was dismissed on legal grounds, however. The FBI later discovered a third party had taken some of the servers involved in the attack offline.
In the US, companies are prohibited under the Computer Fraud and Abuse Act from gaining unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack. The act exempts intelligence and law enforcement activities.
A White House directive leaked by former National Security Agency contractor Edward Snowden revealed that disabling computers over international borders is a highly sensitive issue. If it is done without the approval of a host country, approval of the president is required.
Massachusetts-based EMC Corp’s security division said it has isolated its Israeli division so that analysts can engage in activities that they can’t do from the US. The division has sent malware into online forums where stolen date is swooped or it can hack computers to recover stolen data.