The “Sophos” case – heroes or villains?

So now one of the biggest manufacturers of security software has admitted to hacking itself and spying on some of its customers.

The manufacturer is Sophos and the hackers were a group of Chinese hackers who were suspected of trying to hack customers with Sophos systems.

𝗪𝗮𝘀 𝗴𝗲𝗻𝗮𝘂 𝗶𝘀𝘁 𝗱𝗮 𝗽𝗮𝘀𝘀𝗶𝗲𝗿𝘁?

The story is basically quite simple: a software manufacturer suspects that there are bad people somewhere in China who want to do him (or his customers) harm. So he preemptively attacks them (and who knows who else) himself to find out how the damage is to be caused and to prevent it from spreading in advance, so to speak. Sophos is extremely proud of this action and describes in great detail what measures were taken(https://www.sophos.com/en-us/content/pacific-rim). It almost reads like a detective story…

𝗔̈𝗵𝗺…. 𝗱𝗮𝗿𝗳 𝗺𝗮𝗻 𝗱𝗮𝘀?

Of course not! Legally, the matter is completely clear. You are not allowed to access other people’s computers without a court order, regardless of the justification, and certainly not as a company (nor as a private individual, of course). Sophos is therefore keeping a very low profile as far as support/cooperation with the authorities is concerned.

𝗔𝗯𝗲𝗿 𝘄𝗲𝗻𝗻 𝗲𝘀 𝗱𝗼𝗰𝗵 𝗱𝗲𝗿 𝗴𝘂𝘁𝗲𝗻 𝗦𝗮𝗰𝗵𝗲 𝗱𝗶𝗲𝗻𝘁?
𝗪𝗲𝗻𝗻 𝗮𝘂𝗳 𝗱𝗲𝗿 𝗮𝗻𝗱𝗲𝗿𝗲𝗻 𝗦𝗲𝗶𝘁𝗲 𝗱𝗼𝗰𝗵 𝗱𝗶𝗲 “𝗕𝗼̈𝘀𝗲𝗻” 𝘀𝗶𝘁𝘇𝗲𝗻?

And now we are in the middle of a moral dilemma. There is no legal way to put a stop to a Chinese hacker group – at least not if they are also working with the Chinese government, as Sophos claims. However, the hacker group in question can very well paralyze, blackmail or damage hospitals, infrastructure, companies, etc.

𝗙𝗮𝗶𝗿 𝗶𝘀𝘁 𝗱𝗮𝘀 𝗻𝗶𝗰𝗵𝘁.
𝗥𝗲𝗰𝗵𝘁𝗳𝗲𝗿𝘁𝗶𝗴𝘁 𝗱𝗲𝗿 𝗭𝘄𝗲𝗰𝗸 𝗵𝗶𝗲𝗿 𝗻𝗶𝗰𝗵𝘁 𝘃𝗶𝗲𝗹𝗹𝗲𝗶𝗰𝗵𝘁 𝗱𝗼𝗰𝗵 𝗱𝗶𝗲 𝗠𝗶𝘁𝘁𝗲𝗹?

I don’t know.
But I am firmly convinced that we will sink into complete chaos if we arbitrarily or selectively ignore our values and laws. We therefore need to find legal means that are appropriate to the times and the technical possibilities. A huge challenge for politicians, computer scientists and lawyers.

Sophos is currently being celebrated in the industry for this kind of “forward defense”.

𝗜𝗰𝗵 𝗵𝗮𝗹𝘁𝗲 𝗱𝗶𝗲𝘀𝗲𝗻 𝗙𝗮𝗹𝗹 𝗳𝘂̈𝗿 𝗲𝗶𝗻 𝘀𝗲𝗵𝗿 𝗴𝘂𝘁𝗲𝘀 𝘂𝗻𝗱 𝗲𝗿𝘀𝗰𝗵𝗿𝗲𝗰𝗸𝗲𝗻𝗱𝗲𝘀 𝗕𝗲𝗶𝘀𝗽𝗶𝗲𝗹, 𝗱𝗮𝘀𝘀 𝘂𝗻𝘀 𝗛𝗮𝗰𝗸𝗲𝗿 𝘂𝗻𝗱 𝗔𝗻𝗴𝗿𝗲𝗶𝗳𝗲𝗿 𝗶𝗻 𝗽𝘂𝗻𝗰𝘁𝗼 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗵𝗮̈𝘂𝗳𝗶𝗴 𝗲𝗶𝗻𝗲𝗻 𝗦𝗰𝗵𝗿𝗶𝘁𝘁 𝘃𝗼𝗿𝗮𝘂𝘀 𝘀𝗶𝗻𝗱, 𝗱𝗲𝗻𝗻 𝗳𝘂̈𝗿 𝘀𝗶𝗲 𝗴𝗲𝗹𝘁𝗲𝗻 𝗮𝗻𝗱𝗲𝗿𝗲 𝗼𝗱𝗲𝗿 𝗸𝗲𝗶𝗻𝗲 𝗥𝗲𝗴𝗲𝗹𝗻.

What do you think?

#informatikersindcool#juristenauch#letshacktogether