Obama and Cameron to Chew Over Cross-Border Cyberattacks

U.S. President Barack Obama, right, and British Prime Minister David Cameron talk at the start of the plenary session at the G20 Summit in Brisbane, Australia Saturday, Nov. 15, 2014.

U.S. President Barack Obama, right, and British Prime Minister David Cameron talk at the start of the plenary session at the G20 Summit in Brisbane, Australia Saturday, Nov. 15, 2014. Kevin Lamarque/AP

The two leaders are scheduled to discuss a variety of topics, including cybersecurity, over dinner Thursday, followed by a White House meeting Friday.

President Barack Obama and British Prime Minister David Cameron are meeting this week in Washington to discuss the two nations' response to the growing threat of cyberattacks.

The two leaders are expected to discuss, in particular, the problem of adversaries hijacking computers in Britain to unleash cyber assaults on America, and vice versa, according to a security firm involved in the talks. 

In a realm without physical boundaries, it’s all too easy for hackers to hop around and fake out authorities.

A recent case in point: Computers engaged in the Sony hack allegedly operated out of New York, Thailand, Poland, Italy, Bolivia, Singapore and Cyprus, according to The Associated Press. The attackers -- who the FBI claims are North Korean -- also published some company files using an anonymous email service in France.

"These attacks cross country borders," said Nicole Eagan, head of U.K.-based firm Darktrace, who will brief Cameron in Washington, D.C., before he heads into the Oval Office on Friday. The defense tactic "really has to be more governments and companies working together because of the nature of these truly global threats."

Darktrace, with a staff roster comprising former National Security Agency, GCHQ and MI5 analysts, uses technology that combines probability and artificial intelligence to predict the next moves of attackers. The system, borne out the University of Cambridge, basically detects hacks before they've happened.

This capability can be helpful in pinpointing the assailant’s potential attack route and end target.

"Let's say you have an adversary that is coming out of the Middle East. They are probably going to utilize infrastructure that partly is based in an Amazon cloud in Europe, maybe then utilize some hop points for command and control that are in the U.S.,” said Jasper Graham, a veteran NSA technical director and now a senior vice president at Darktrace, giving an example of a possible threat vector. "The victim might be the U.S., but they are going to utilize a whole bunch of international infrastructure in order to execute their attacks."  

Obama and Cameron are scheduled to discuss a variety other topics over dinner Thursday, followed by a White House meeting Friday, administration officials said in a statement. They declined to comment further.   

Sticky Subject of Encryption

Another reason the two countries want to align cyber policies is so they can close regulatory loopholes. Lax security rules in one nation can aid an adversary mired by tougher rules in a target country, Jasper explained. 

The men likely will discuss ways of cooperating in situations where “you have one attack but you have multiple countries involved with the hosting” of the malicious activity, he said.

“How do we quickly exchange the [threat] indicators amongst the government agencies so that they can track down those responsible in a timely manner?” Jasper said.

A common hacker practice is to breach a small mom-and-pop shop in one portion of the world and use that store’s compromised system "as a staging point to attack something much bigger in another part of the world," Jasper said. "It becomes really hard for them to trace back who is responsible."

The conversation between the two Western leaders will cap a week of White House activity related to cyberspace. Obama proposed legislation that would, among other things, require companies to notify data breach victims within 30 days and to share metadata from customer and business communications that could signal a cyber threat. The legislative agenda is the administration's response to a year of high-profile intrusions at Target, JPMorgan, Sony and other companies. And the strategy is expected to be a focus of next week's State of the Union address. 

But there is tension between civil liberties advocates and the two countries with a "special relationship" over the matter of allowing government eyes into people's private correspondence. To guard against what critics see as surveillance overreach, some citizens now are "encrypting" their communications with secret codes that render them interception-proof. 

In response, the FBI and now Cameron are urging technology companies to build "backdoors" in apps and mobile devices through which law enforcement officials can enter to retrieve data. 

The prime minister reportedly pledged to ban the likes of Facebook’s WhatsApp, Apple's iPhone and other encryption tools, as a means of collecting more intelligence on suspected terrorists following the Paris shootings.  

FBI Director James Comey last fall said: "If the challenges of real-time data interception threaten to leave us in the dark, encryption threatens to lead us all to a very, very dark place. I am a huge believer in the rule of law, but I also believe that no one in this country should be beyond the law. There should be no law-free zones in this country."

The American Civil Liberties Union maintains that encryption does not have to interfere with catching terrorists or cyber crooks. 

The nation should concentrate on “encouraging companies to adopt basic security best practices, like two-factor authentication and encryption, to prevent hacks. This would be more effective, and less invasive, than expanding surveillance authorities or creating exemptions to existing privacy law," ACLU legislative counsel Gabe Rottman said Tuesday in a blog post.

NEXT STORY: Map app, data gap and more

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.