So now one of the biggest manufacturers of security software has admitted to hacking itself and spying on some of its customers.
The manufacturer is Sophos and the hackers were a group of Chinese hackers who were suspected of trying to hack customers with Sophos systems.
๐ช๐ฎ๐ ๐ด๐ฒ๐ป๐ฎ๐ ๐ถ๐๐ ๐ฑ๐ฎ ๐ฝ๐ฎ๐๐๐ถ๐ฒ๐ฟ๐?
The story is basically quite simple: a software manufacturer suspects that there are bad people somewhere in China who want to do him (or his customers) harm. So he preemptively attacks them (and who knows who else) himself to find out how the damage is to be caused and to prevent it from spreading in advance, so to speak. Sophos is extremely proud of this action and describes in great detail what measures were taken(https://www.sophos.com/en-us/content/pacific-rim). It almost reads like a detective story…
๐ฬ๐ต๐บ…. ๐ฑ๐ฎ๐ฟ๐ณ ๐บ๐ฎ๐ป ๐ฑ๐ฎ๐?
Of course not! Legally, the matter is completely clear. You are not allowed to access other people’s computers without a court order, regardless of the justification, and certainly not as a company (nor as a private individual, of course). Sophos is therefore keeping a very low profile as far as support/cooperation with the authorities is concerned.
๐๐ฏ๐ฒ๐ฟ ๐๐ฒ๐ป๐ป ๐ฒ๐ ๐ฑ๐ผ๐ฐ๐ต ๐ฑ๐ฒ๐ฟ ๐ด๐๐๐ฒ๐ป ๐ฆ๐ฎ๐ฐ๐ต๐ฒ ๐ฑ๐ถ๐ฒ๐ป๐?
๐ช๐ฒ๐ป๐ป ๐ฎ๐๐ณ ๐ฑ๐ฒ๐ฟ ๐ฎ๐ป๐ฑ๐ฒ๐ฟ๐ฒ๐ป ๐ฆ๐ฒ๐ถ๐๐ฒ ๐ฑ๐ผ๐ฐ๐ต ๐ฑ๐ถ๐ฒ “๐๐ผฬ๐๐ฒ๐ป” ๐๐ถ๐๐๐ฒ๐ป?
And now we are in the middle of a moral dilemma. There is no legal way to put a stop to a Chinese hacker group – at least not if they are also working with the Chinese government, as Sophos claims. However, the hacker group in question can very well paralyze, blackmail or damage hospitals, infrastructure, companies, etc.
๐๐ฎ๐ถ๐ฟ ๐ถ๐๐ ๐ฑ๐ฎ๐ ๐ป๐ถ๐ฐ๐ต๐.
๐ฅ๐ฒ๐ฐ๐ต๐๐ณ๐ฒ๐ฟ๐๐ถ๐ด๐ ๐ฑ๐ฒ๐ฟ ๐ญ๐๐ฒ๐ฐ๐ธ ๐ต๐ถ๐ฒ๐ฟ ๐ป๐ถ๐ฐ๐ต๐ ๐๐ถ๐ฒ๐น๐น๐ฒ๐ถ๐ฐ๐ต๐ ๐ฑ๐ผ๐ฐ๐ต ๐ฑ๐ถ๐ฒ ๐ ๐ถ๐๐๐ฒ๐น?
I don’t know.
But I am firmly convinced that we will sink into complete chaos if we arbitrarily or selectively ignore our values and laws. We therefore need to find legal means that are appropriate to the times and the technical possibilities. A huge challenge for politicians, computer scientists and lawyers.
Sophos is currently being celebrated in the industry for this kind of “forward defense”.
๐๐ฐ๐ต ๐ต๐ฎ๐น๐๐ฒ ๐ฑ๐ถ๐ฒ๐๐ฒ๐ป ๐๐ฎ๐น๐น ๐ณ๐ฬ๐ฟ ๐ฒ๐ถ๐ป ๐๐ฒ๐ต๐ฟ ๐ด๐๐๐ฒ๐ ๐๐ป๐ฑ ๐ฒ๐ฟ๐๐ฐ๐ต๐ฟ๐ฒ๐ฐ๐ธ๐ฒ๐ป๐ฑ๐ฒ๐ ๐๐ฒ๐ถ๐๐ฝ๐ถ๐ฒ๐น, ๐ฑ๐ฎ๐๐ ๐๐ป๐ ๐๐ฎ๐ฐ๐ธ๐ฒ๐ฟ ๐๐ป๐ฑ ๐๐ป๐ด๐ฟ๐ฒ๐ถ๐ณ๐ฒ๐ฟ ๐ถ๐ป ๐ฝ๐๐ป๐ฐ๐๐ผ ๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ต๐ฎฬ๐๐ณ๐ถ๐ด ๐ฒ๐ถ๐ป๐ฒ๐ป ๐ฆ๐ฐ๐ต๐ฟ๐ถ๐๐ ๐๐ผ๐ฟ๐ฎ๐๐ ๐๐ถ๐ป๐ฑ, ๐ฑ๐ฒ๐ป๐ป ๐ณ๐ฬ๐ฟ ๐๐ถ๐ฒ ๐ด๐ฒ๐น๐๐ฒ๐ป ๐ฎ๐ป๐ฑ๐ฒ๐ฟ๐ฒ ๐ผ๐ฑ๐ฒ๐ฟ ๐ธ๐ฒ๐ถ๐ป๐ฒ ๐ฅ๐ฒ๐ด๐ฒ๐น๐ป.
What do you think?
#informatikersindcool#juristenauch#letshacktogether
