According to reports, the president of Germany’s new cyber security agency Zitis has come up with a suggestion stating that spy agencies in Germany should have the power to retaliate against cybercriminals whenever there is a hack.
In an interview on the 22nd of November, Wilfried Karl expressed his concern about the issue saying as a citizen, the expectation towards government ability to act even in the face of new digital threats is pretty much high.
His comments came a month later after top German intelligence officials proposed that, lawmakers grant them legal authority to “hack back” in any case of cyber-attack from external or foreign sources.
Head of BfV domestic intelligence agency, Hans-Georg Maassen during a meeting with the parliamentary oversight committee said it should be possible to destroy stolen data from German servers which are moved to foreign servers to avoid the misuse of it.
Maassen stated that he would be a “sound” idea to attack and infect foreign servers with software that would make room for greater surveillance of any plot or operations directed at German cyber targets or to extract data, much as human agents recruited for counter-espionage.
He added that, in the real world, this initiative would be much more of turning a foreign intelligence agency and getting them to work for Germans and as such, something of that sort should be possible in the cyber world too.
“These are ‘hack back’ instruments, but they are below the threshold of destroying or incapacitating a foreign server,” Maassen stated.
He also said that authorities needed access to streaming data from foreign servers which will make it possible for the tracking of radicalization of possible Islamist attackers.
This whole “hacking back” idea might sound like a right thing to do since the rate at which cybercriminals are invading people’s privacy and stealing all kinds of data is becoming annoying.
But in real terms, destroying someone’s computer system is an illegal thing to do which somehow goes contrary to the issue on board here. So if there is no concrete legal ground for “hacking back,” then an important question would be how top security agencies in an advanced country like Germany even begin to step up such operations.
The laws or regulations not permitting “hacking back” isn’t based on the tools or techniques applied but knowing areas to where it is permitted to perform such actions.
Bruno Kahl, chief of Germany’s BND foreign intelligence agency also told the committee that although the agency has the expertise, what is lacking is the legal authority to destroy foreign servers.
Kahl said that after the source of an attack had been identified and subjected to proper investigation, the idea to shut down the source of such an attack would make sense and not having to retreat and give the job of going back in and taking care of business.
However, in the long run, such decisions would only be made possible by politicians, Kahl said.
The head of Germany’s MAD military counter-espionage agency. Christof Gramm also chimed in with some comments stating that there were questions of domestic and international law to address before giving the green light to agencies to perform such actions.
“This all has to be worked out. There are international boundaries. We’re not just talking about a national law,” Gramm told the committee.
According to him, if such powers were granted, the decision to carry such actions would rely on the military’s cyber command, and not the MAD.
This whole issue about Germans rallying for counter attacks or “hack back” against cyber-attacks races back to when the German parliament’s network was stunned by a hack which saw the hackers operate freely in the network for weeks. However, subsequent attacks also added up to the existing problem.
This led to the idea of “hacking back” as a way of disrupting ongoing attacks by also hacking back into the system of the source of the hack to delete data or even destroy the entire system.
Even though the idea has not yet gained approval, efforts are being put in place to undertake this initiative once it is given permission. Germany’s army launched a new command of 13,500 soon-to-be cyber soldiers and contractors, earlier this year.