Obama cyberattacker sanctions raise due process, attribution concerns

New financial sanctions announced by the White House target cyberattackers, but some question how agencies will identify targets

New U.S. government sanctions targeting the bank accounts of suspected cyberattackers raise questions about due process for people who feel they're wrongly accused and about how agencies will identify the source of attacks.

The new sanctions, announced by President Barack Obama's administration Wednesday, would allow the U.S. Department of the Treasury to freeze the funds held in U.S. banks of people and organizations suspected of engaging in malicious cyberattacks that pose a "significant threat to the national security, foreign policy, economic health, or financial stability" of the U.S., according to information released by the White House.

The Treasury Department, consulting with the Department of Justice and Department of State, could impose the sanctions if it has a "reasonable basis to believe" the targeted organization or person is engaging in the malicious attacks.

But attributing the source of cyberattacks is still difficult, and it's unclear what standard of proof the U.S. government will use to impose the new sanctions, some legal and cybersecurity experts said. In addition, the White House offered few details about how accused organizations can challenge the sanctions, critics said.

"What standard of proof are agencies going to use?" said Nick Akerman, a veteran lawyer focused on cybersecurity and privacy at law firm Dorsey and Whitney in New York City. "It's not always clear who the hackers are."

Akerman praised the Obama administration for calling cyberattacks a "national emergency," saying such recognition is long overdue, but he questioned how targeted groups will challenge the sanctions.

He also questioned how the Treasury Department and other agencies involved would determine an attack was serious enough to impose sanctions. "Are we just taking the word of the company that was hacked, or are they just going after a competitor overseas?" he said.

The new sanctions will be limited and will not be used to target free speech or interfere with an open Internet, Obama administration officials said during a press briefing Wednesday. "We very much intend this tool to be one that is targeted and judicious in its use," White House Cybersecurity Coordinator Michael Daniel said. "It's not one that we are expecting to use every day."

Affected organizations or people will be able to appeal the sanctions, added John Smith, acting director of the Treasury Department's Office of Foreign Assets Control. Targets of the sanctions can file an administrative appeal with Smith's office, or they can file a lawsuit in U.S. district court, he said.

The goal of the order appears to be targeting overseas criminal syndicates and "fraudsters," said Ken Westin, a security analyst at cybersecurity vendor Tripwire.

Implementing the sanctions will be challenging because of the difficulty attributing attacks, he added by email. "You may be able to identify from what country an attack is routed through, but identifying who is behind the keyboard or phone is a different story altogether," he said. "One of the reason cyberattacks and technology enabled fraud have been so prevalent is due to the ease of evading detection and relative anonymity that a number of tools available provide."

The order may help beef up U.S. cyberdefenses, but attributing the source of attacks is "not nearly as easy as it sounds", added Greg Foss, senior security engineer with LogRhythm, another cybersecurity vendor.

"It is trivial for hackers to pivot through other countries and misplace blame in order to create the illusion that an attack originated from a specific location," Foss added by email. "Malware can and will be created that contains false data, to shift culpability."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags governmentsecuritydata protectionBarack ObamaU.S. White HouseTripwireLogRhythmDorsey and WhitneyU.S. Department of the TreasuryMichael DanielKen WestinNick AkermanGreg FossJohn Smith

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?