Critics speak out against extortion-style lock outs


The report released by the Commission on the Theft of American Intellectual Property last week has come under fire again, this time for suggesting that companies lock files and cripple computers in the event of unauthorized access. You can access the 100-page report here (pdf).

We first wrote about the report last week when we reported on its recommendations for striking back at hackers. Though it sounds reasonable on the surface, it is really a bad idea due to the challenge of correctly identifying a cyber attacker, as well as the unavoidable risk of collateral damage.

To protect intellectual property, another suggestion made by the report is for software to "allow only authorized users to open files containing valuable information." Detection of unauthorized attempts would result in the file "rendered inaccessible" and the unauthorized user's computer to be "locked down." In addition, "instructions on how to contact law enforcement to get the password needed to unlock the account" should be displayed on the screen.

Not surprisingly, critics have compared the recommendations to existing "ransomware" or "scareware" techniques used by cybercriminals. Highlighting the irony, Computerworld reports: "In fact, a common hacker stratagem is to deliver on-screen messages to victims that appear to be from law enforcement agencies, just as the commission proposed."

Ransomeware is rogue software designed specifically to extort money from its victims by locking up or hindering the normal functioning of the infected system, and is thought to be a highly lucrative technique. Symantec estimates that cybercriminals have made off with at least $5 million dollars each year using ransomware.

For more:
- check out this article at Computerworld

Related Articles:
Report: Companies should strike back at hackers
Should businesses retaliate when they get hacked?