Cyber Week in Review: January 23, 2015

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

• Turns out that last year’s computer security breaches at major retailers and companies is spooking the global elite at Davos. It comes at the same time that Bloomberg released the results of a poll in which the majority of respondents said that allowing private companies to "hack back" against their online aggressors is a bad idea. The idea of hacking back, also known as active defense, would allow private companies to engage in offensive cyber activity to disrupt an attacker’s ability to access the victim’s networks, such as through a denial of service attack. Such action is almost certainly illegal under the computer crime laws of countries party to the Convention on Cybercrime.
• The New York Times reported on Monday that the NSA had infiltrated North Korea’s computer networks since at least 2010. While the infiltration didn’t give the NSA advance notice of North Korea’s actions against Sony, it apparently allowed the NSA to quickly attribute the Sony hack to the hermit kingdom. The story raises an interesting question with regards to the government’s role in assisting the private sector against cyber threats: Had the NSA known about the incoming hacks against Sony, would the U.S. government risk burning an intelligence asset aimed ostensibly at monitoring the North’s nuclear program and military to protect a movie studio? Probably not.
• China has announced that its plan to vet foreign technology will begin this year. The move implements the Cyberspace Administration of China’s decision to conduct security audits of foreign technology to mitigate the threat of foreign espionage. Presumably, China will focus its efforts on Western technology much like the United Kingdom requires audits of Huawei equipment at its cybersecurity evaluation centre in Banbury. Apple has already consented [in Mandarin] to having its products reviewed.