CybersecurityCybersecurity company using hackers own devices against them

Shawn Henry, the head of the FBI cyber crimes division, this year  left agency after twenty-four years  to become the president CrowdStrike, an Internet security start-up in Irvine, California.

In his government work, Henry often new what foreign governments were involved in hacking the computer network of American companies, but could not share this information with the irate leaders of the hacked companies because the information was classified.

The Los Angeles Times reports that now,  CrowdStrike, which is marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets. It does so by  using the attackers’ own techniques and vulnerabilities against them. The company also collects data on hackers and tricks  intruders into stealing false information.

This kind of reverse hacking has opened up an ethical debate about how far a company should go to prevent an attack.

“The traditional way of trying to defend your network is just not going to cut it. You have to do something different,” Irving Lachow, who directs the Program on Technology and National Security at the Center for New American Security, told theL.A. Times.

“One way is to engage the adversary. CrowdStrike represents a new breed of company that is focused on doing exactly that,” Lachow added.

When somebody is shooting at you, “you don’t ask, ‘Is that a 9-millimeter or a .45,’” CrowdStrike CEOGeorge Kurtz told the Times. “You ask: ‘Who is shooting at me and why are they shooting at me?’”

Kurtz, a former chief technology officer at McAfee Inc. started CrowdStrike earlier this year with another former McAfee employee Dmitri Alperovitch.

The Times notes that Alperovitch gained notoriety last year when he wrote a paper on what he described as Operation Shady Rat, a series of state-sponsored cyber penetrations of more that seventy U.S. government institutions, agencies, and companies.  Alperovitch did not name China as being behind the attacks, but to experts who the paper there was no need to spell this out.

Attackers often breach networks using a method known as spear phishing, which involves getting an employee to download a malware file by disguising it. An e-mail that looks as if it was sent by someone the employee knows is the way most hackers hide the file. This method can render anti-virus programs and firewalls useless.

CrowdStrike uses decoys as a trap to lure hackers into an environment where investigators then watch and trace the attack. In some cases the company will feed the hacker false information.

CrowdStrike also has people who can read and write in Chinese, as well as former employees of the U.S. government who worked in cybersecurity. These men and women are able to identify Chinese hackers using clues in their malware and profile them with real names and photos.

The company does have its critics, who fear that the company could take the program too far.

“You don’t want the Internet to resemble Somalia,” one cyber expert who did not want to be identified because it could jeopardize his friendships with CrowdStrike’s founders told the Times.

“We will not break the law, but there’s a lot organizations can do behind their own firewall on their own networks to make life difficult for the adversary,” Henry told the Times.

Critics also worry about the extent to which CrowdStrike runs it operations against hackers that are controlled by the Russian and Chinese governments, saying that it could lead to an international incident.

Alperovitch had a response for those critics.

“Why isn’t it an international incident when China steals our intellectual property? Alperovitch told the Times. “If the government would say, ‘We’re actually going to stand up to China,’ that would be great; we’d go back to doing defense only. But they are not saying that.”