The US government is reluctant to intervene when companies are hacked, but the FBI is investigating whether American companies are engaging in revenge hacking using private firms in violation of the law.

The five biggest hack attacks in 2014 hit Sony, Home Depot, JP Morgan Chase, EBay and Target. Hackers at Sony broke into its network and exposed employment and salary records, as well as private emails between Hollywood executives. That last hack has left companies with a sense of unease, and even though US law restricts the number of options that companies have to respond with, some may be resorting to cyber attacks of their own.


Now, the FBI is investigating whether hackers are working on behalf of companies and how they might be circumventing those laws.

“It’s kind of a Wild West right now,” said Rep. Michael McCaul (R-Texas), the chair of the House Homeland Security Committee, to Bloomberg News. He suggested some companies may be conducting offensive operations without getting permission from the government. “They’re very frustrated.”

The FBI is said to be investigating whether hackers hired by US companies were the ones responsible for disabling servers used by Iran to attack major bank websites in 2013. According to Bloomberg, at a closed meeting last year, JP Morgan bank executives proposed the bank employ hackers in offshore locations to hack those that attacked the company.

A spokeswoman said no action was taken and it was dismissed on legal grounds, however. The FBI later discovered a third party had taken some of the servers involved in the attack offline.

In the US, companies are prohibited under the Computer Fraud and Abuse Act from gaining unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack. The act exempts intelligence and law enforcement activities.


A White House directive leaked by former National Security Agency contractor Edward Snowden revealed that disabling computers over international borders is a highly sensitive issue. If it is done without the approval of a host country, approval of the president is required.


Massachusetts-based EMC Corp’s security division said it has isolated its Israeli division so that analysts can engage in activities that they can’t do from the US. The division has sent malware into online forums where stolen date is swooped or it can hack computers to recover stolen data.

http://rt.com/usa/219139-fbi-banks-hack-revenge/

They "discourage" it:


FBI Investigating Whether Companies Are Engaged in Revenge Hacking

December 30, 2014

JPMorgan Proposal

Last year’s discussion among banks about retaliatory strikes came after a wave of so-called denial of service attacks starting in 2012 that temporarily disabled several of their websites. The U.S. attributed the attack to Iran’s Quds Force, McCaul said. Iran denied being behind the strikes.


FBI Caution

Spokespeople for other attendees, including NYSE, Citigroup and Goldman Sachs, declined to comment when asked this month about the meeting.
The Treasury Department, in an emailed statement, said that as the leader of cybersecurity in the financial sector, it regularly meets with financial institutions to facilitate information-sharing and support post-hacking recovery efforts.
Jenny Shearer, an FBI spokeswoman, declined to comment about the meeting or any probe.
“The FBI cautions private-sector entities from taking offensive measures in response to being hacked,” Shearer said.


Presidential Approval

The practice of reaching into or disabling computers over international borders is so sensitive that if the U.S. government disables attacking servers without the permission of the host country, the approval of the president is required, according to a White House directive leaked last year by former National Security Agency contractor Edward Snowden.
The White House confirmed that such a directive exists. A spokesman for the National Security Council declined to to comment on the details of the directive.
Some counteroffensives that would be legally sensitive in the U.S. are mounted from foreign soil, according to people who work for several security firms.

Stolen Passwords

RSA experts in Israel send malware into online forums where stolen data is swapped, or the experts hack directly into these computers, the person said. This allows them to recover stolen bank passwords and other data on behalf of financial institutions through methods the banks can’t use themselves, the person said, adding that no U.S.-based employees of RSA are allowed to engage in the activities or handle the data.

http://www.businessweek.com/news/201...ull-offensives (http://www.businessweek.com/news/2014-12-30/fbi-probes-if-banks-hacked-back-as-firms-mull-offensives)

http://www.ronpaulforums.com/showthread.php?463969-Guardians-of-Peace-hacks-Hollywood-movies&p=5716841&viewfull=1#post5716841

This is a big deal. It's a big deal because it is creating a compatible crisis for cyber-security infrastructure that we've discussed elsewhere here on the board. I was just talking with Tod about this very predictable phenomenon in one of his threads around here some place.

The FBI is said to be investigating whether hackers hired by US companies were the ones responsible for disabling servers used by Iran to attack major bank websites in 2013. According to Bloomberg, at a closed meeting last year, JP Morgan bank executives proposed the bank employ hackers in offshore locations to hack those that attacked the company.


http://rt.com/usa/219139-fbi-banks-hack-revenge/

Let's hope DGP masters brain trust running the show taught those Iranians a lesson:

Three Israelis arrested for hacking of 83 million JPMorgan customers data, stocks fraud (http://www.ronpaulforums.com/showthread.php?478766-Three-Israelis-arrested-for-hacking-of-83-million-JPMorgan-customers-data-stocks-fraud&)