At Black Hat, a search for the best response to China

By Patrick Thibodeau
Computerworld
February 2, 2010

ARLINGTON, Va. -- Google's revelation last month that attacks out of China resulted in the theft of some of its data drew attention to the broader question at the Black Hat conference here over what can be done to the villains.

Cyberattacks give rise to anger and a very human desire to strike back, but pursuing attackers in ways that matter isn't accomplishing much. The number of people who are arrested and convicted for any of the phishing attacks, intrusions and thefts is tiny.

Several countries, Russia and China in particular, don't want to cooperate on cybersecurity enforcement, said Andrew Fried, a security researcher at the Internet Systems Consortium, a nonprofit group, and a former special agent at the U.S. Treasury Department. "The reality is they don't want to do squat to help anybody," he said, on a panel at the cybersecurity conference today.

After an attack, such as the China-Google incident, there's always interest in establishing "attribution" - identifying the source of the attack. But Jeff Moss, the founder of Black Hat and director of the conference, questioned whether too much emphasis is placed on that effort. Moss also serves on the Department of Homeland Security's security advisory council.

"We should be spending more energy on dealing with the containment of an attack, reducing the effects of an attack," Moss said. "I don't think we will ever be able to stop the attack."