On Jan. 4th, 2011, Hana Stewart-Smith wrote for ZDNet on Japan's new hack-back virus. Again, this virus is currently under development by Fujitsu Ltd., and would identify the source of a cyberattack and allow the Japanese to stop the cyberattack. According to the article, the virus has already entered the testing stage and is particularly effective against DDOS attacks.
However, there are complicated legal problems with hack-back and retaliation. The article notes that Japanese law currently prohibits both the production and use of the virus. The Japanese intend to change those laws.
Along the same lines, the Daily Yomiuri reported that Japanese Defense Ministry officials "say they have no authorization to use cyberweapons to counter cyber-attacks from abroad." According to the article, some Japanese officials feel that it is meaningless to proceed with cyberweapon development without addressing the legal issues. The Japanese even went so far as to create a panel that discussed the legality of hack-back and worked on legislation; unfortunately, that panel fell apart in 2009.
***
I'm kind of echoing an earlier blog post, but I really am interested to see how the Japanese amend their laws to allow for use of this hack-back virus. It raises a whole bunch of questions. Would the Japanese government be the only entity allowed to use the virus? Could Japanese defense contractors and other private businesses (who are also routinely hacked) use the virus? If businesses can use the virus, will there be a regulatory relationship with the government spelling out when they can use the virus? What happens when the hack-back virus crosses several borders? Under what circumstances can the government or private sector use the virus? For major cyberattacks? For cyber-espionage? And finally, if some entity uses the virus, what does neutralization of the cyberattack entail?
Leave a Reply