Skip to Content

Exposing Hackers as a Deterrent

Two researchers propose a novel form of “arms control” at a conference in Germany.
April 13, 2010

Cyber attacks can come from governments, terrorists, thieves, or bored high school students. This makes the cyber security equivalent of “arms control” difficult to achieve. But a pair of researchers yesterday proposed methods of deterrence that they believe could work in cyberspace.

Cyber warrior: Vladislav Sherstuyuk, a retired four-star Russian general who leads the Institute of Information Security Issues at Moscow State University, announced a new cyber security research collaboration on Monday.

“There has been a lot of discussion lately about the analogy of cyber warfare to nuclear warfare. But it is not a good analogy in some ways–the technology should drive us in different directions,” said Tom Wingfield, a law professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany, at a cyber security conference organized by Russian researchers.

Wingfield and James Bret Michael, a computer scientist at the Naval Postgraduate School in Monterey, CA, argue that surveillance on computer networks and other forms of intelligence can often provide the clues needed to expose a potential hacker, and this exposure may often serve as enough of a deterrent.

“With public deterrence, you shine a light on a malefactor before he attacks or soon after–so it’s visible to the press and the public and his own people. In some cases that’s the right answer,” Michael said. “In others, you can use a nonpublic approach.”

“Sometimes just being identified is enough to prevent an attack from taking place, because hackers depend on anonymity and surprise to succeed,” Michael says. And such methods can work no matter how the underlying attack technologies advance.

The conference was sponsored by the Institute of Information Security Issues at Russia’s leading university, Moscow State University. At the event, Vladislav Sherstuyuk, a retired four-star Russian general who heads the Institute, also announced a new research collaboration that includes government officials from Russia and China and academic institutions including the Indian Institute of Information Technology, Allahabad, and the State University of New York at Albany.

The agreement will “undertake common research on international information security,” he said. While the collaboration was partly symbolic, it reflects increased concern worldwide over the potential for computer attacks to wreak havoc. “It’s clear that cyber security has risen to the top tier of security issues around the world,” said Greg Rattray, chief internet security advisor to ICANN, the U.S. based organization that assigns Internet names.

In another sign that multinational talks are expanding on cyber security, the attendees at the conference included a delegation from the Chinese government as well as the White House senior director for cyber security, Chris Painter. Painter declined to be interviewed.

Russia, along with China and India, is a major source of cyber crime, and the U.S. has been trying to get Russia to allow law enforcement access to Russian networks to investigate crimes like bank fraud. Russia wants to forge an agreement akin to a nuclear arms treaty, but favors stopping short of law enforcement access.

While the stalemate was not broken yesterday, the gathering was a step forward in terms of forging ties. “The U.S. needs to work with Russia because it is one of the hotbeds of crime and hacker activity,” said Sanjay Goel, a computer scientist at the SUNY Albany, who runs a computer forensics lab and who signed on with the Russian research collaboration. “You need to engage with the people who are in a position to be able to fight cyber crime.”

Wingfield noted that countries who want to defend themselves face high hurdles. The threat of a cyber attack can be enormous, but might not be defined under international law as an “armed attack,” which would allow for an armed response. Clearing up the law in this area will provide a further means of deterrence, he said. But forging international agreements will take years and will require a progressive set of technical and diplomatic discussions, said John Mallery, a research scientist at MIT’s computer science and artificial intelligence laboratory.

“There is no international code of conduct for cyberspace,” said Charles Barry, a senior research fellow at the Center for Technology and National Security Policy at National Defense University, in Washington, DC. “Coalescing common rules will be long and arduous, requiring continuous dialogue among nations, the private sector, and international stakeholders.”

Keep Reading

Most Popular

light and shadow on floor
light and shadow on floor

How Facebook and Google fund global misinformation

The tech giants are paying millions of dollars to the operators of clickbait pages, bankrolling the deterioration of information ecosystems around the world.

illustration of Psyche spacecraft
illustration of Psyche spacecraft

NASA wants to use the sun to power future deep space missions

Solar energy can make space travel more fuel-efficient. 

egasus' fortune after macron hack
egasus' fortune after macron hack

NSO was about to sell hacking tools to France. Now it’s in crisis.

French officials were close to buying controversial surveillance tool Pegasus from NSO earlier this year. Now the US has sanctioned the Israeli company, and insiders say it’s on the ropes.

wet market selling fish
wet market selling fish

This scientist now believes covid started in Wuhan’s wet market. Here’s why.

How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.