Cyber crimes have been a rising issue that countries and organizations have been attempting to tackle for years, with an increased sense of urgency. There are four ways to deal with cyber leaks and cyber crimes:

Stop them before they happen

Cybersecurity, encryption, and strong practices are all extremely useful and potent. Larry Lessig, the Harvard professor famous (actually… no one really knew about him… ) for trying to run for President in 2016, points to the idea that “a fence can keep people out as much as a police officer can”. With legislation, smart coding architecture, social norms that shame people, and market practices bolstered by governments with taxes and subsidies, cyber crimes can be tackled.

Unfortunately, fences can be overrun (and so can walls between US and Mexico that Mexico won’t pay for) and police officers can be bypassed. No matter how many McAfee alerts you get, at some point, you’re gonna mess up. Maybe you didn’t back up your files well. Maybe you clicked on a phishing link. Maybe you use a PC instead of a Mac. Who knows. The question then is, how do you react?

Punish the attackers

If you can find the attackers, you can punish them. All of these punishments would depend on being able to attribute the crimes to the attackers. In many cases, applications have built in tools that allow you to do so. Otherwise, the internet’s infrastructure has built in mechanisms as well.

Punishment protocols break down into three categories:

Civilian vs Civilian

These sorts of crimes are treated similarly to regular crimes. If an American attacked and American, the rules and punishments are simple; the American government comes down on the American attacker.

If the attacker is foreign, however, the process is a little harder. If America has a treaty with the other nation, then the foreign government is obliged to assist America in extraditing or, at the very least, punishing the attacker. If America does not have such a treaty, as in Belarus or Russia, then all America can do is lean on the nation and hope that they do something. The FBI can work with the Belarusian national security agencies to catch the criminal or work with Interpol, but there’s no guarantee.

Nation vs Nation

This is basically war. Israel and the US sabotaging Irani nuclear refinement facilities is an attack. Pakistanis hacking into Indian Air Force jets is an attack. Russian hacks of DNC email servers is an attack. Whether either party treats it as an all out war is a separate issue, but that’s what it could easily lead to.

Nation vs Civilian

This is also basically an attack. A prime example of this would be North Korea’s hack of Sony Pictures that cost the company $50 million. This is basically the same thing as North Koreans coming into America and bombing something (albeit, maybe with fewer casualties). It’s an attack on American citizens and thus is an act of war.

Deal with it

This is the resilience approach. It’s possible that you can fight through the attack and then leave it alone. For example, since websites across the US went dark as a result of a DDOS attack on a DNS provider, there has been little retaliation. It’s not worth it. The DNS provider came back up, websites are running fine, and security protocols have been improved, but that’s about it. Sometimes, you just have to move on.

Resignation

Just give up. Give in. If they’re asking for money, pay it. Otherwise, give up and move on. Sorry.