Your corporation has just been probed, broken into, and highly sensitive proprietary intellectual property (IP) has been copied and/or destroyed.
Whoever took the IP now has the information for pennies on the dollar, they did not have to invest perhaps millions of dollars and years of research and development, conducting experiments or finding just the right combination of materials or techniques.
They now have a finished product. If you were about to go into production your competitor might beat you and put out a product before you can. They also have a much lower overhead and can sell a similar product far cheaper than you.
What do you do?
You can report the incident to the police, who will probably take your hard drives to obtain forensic evidence. If they are really good they’ll keep you informed at each step during their investigation. Probably, however, they will keep you in the dark, citing not disclosing information during an active investigation.
It may or may not be their number one priority. After a while, ranging from weeks to months, they will return your hard drives and you can now resume progress. Sure, you’ve lost weeks or months and your partners might have lost patience and your customers might not trust your security, but business must go on.
Or...
You can strike back. Hiring your own security team you can discover, to your level of satisfaction, who broke into your system. This is easily accomplished by establishing a honeypot, replicating your system and putting in ghost files. Not only will this tie up your infiltrators and significantly waste their time, but you can also find out more about their techniques and track where they are.
Or...
Knowing you are about to be hacked (again), you can plant false information on your system. Negotiating Strategy.doc would be a great way for you to make your opponent believe they knew your negotiating strategy for a certain contract. This gives you the upper hand…
According to a recent Reuters report, here, these are only a few of the ways a corporation can “fight back”.
So what?
Everything I have outlined here is perfectly legal and won’t get you in hot water. If you were to attach malware to a file you knew was going to be taken, this begins to take on the appearance of vigilantism. If you were to hire a team of hackers, break into your competitors’ system and destroy everything, you’ve now broken the law.
While taking the offense and destroying a competitor’s system is always tempting, this is tantamount to warlike actions in cyberspace, you’ll probably be caught and you’ll probably suffer. I’ve heard rumors, for decades now, of vigilantism in cyberspace. Are they true? ‘not saying…
Cross-posted from To Inform is to Influence
