Commission makes controversial security recommendation

The Commission on the Theft of American Intellectual Property, a private panel of defense, military, technology and political officials co-chaired by former Utah governor Jon Huntsman and former Director of National Intelligence, Dennis Blair, issued a report at the end of May which has some cyber security experts scratching their heads. One of the most polarizing recommendations in the brief suggested that companies should be allowed to lock files and computers, which has experts concerned that the government will allow businesses to essentially corrupt computers once a file is opened. 

"Software can be written that will allow only authorized users to open files containing valuable information," the report said. "If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user's computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account."

The reason this is controversial is because it is essentially an inversion of scareware and ransomware attacks that scammers have been using against unassuming consumers and businesses for some time. The commission propose these messages appear to be from law enforcement, which scareware does as well, according to Keizer. 

That recommendation drew some ire from critics such as Lauren Weinstein, the co-founder of People For Internet Responsibility, who said that she didn't know what the panel was thinking. She added that such rogue tactics could do a lot of collateral damage to innocents, as many would no longer be able to tell the difference between this and the scareware already in the wild. 

"I could get into a lot of technical details about this, but we can just cut to the chase for now: the whole concept is utterly insane, and frankly calls into question the competency of the commission in general," she wrote. "With our own commissions coming up with idiotic, dangerous nonsense like this, we may have more to worry about from their kind of thinking than from the 'cyber-crooks' themselves."

Christian Mairoll, CEO of Austrian anti-malware firm Emsisoft, told InformationWeek that there is no such thing as good malware, and this is no exception. While government and corporate IP theft is a serious problem, Mairoll said state-sponsored malware would lead to even greater international issues. In fact, he said his firm would never whitelist any malware, whether it is sanctioned by the government, the entertainment industry or any other legitimate sources.

Security News from SimplySecurity.com by Trend Micro.

Leave a Reply