Re: [ISN] Software Hits Back at Hacker with Viruses

From: mea culpa (jerichoat_private)
Date: Sat May 30 1998 - 19:17:52 PDT

Reply From: William T Wilson <fluffyat_private>

>  system as retaliation. Of course, that is if any of this exists which
>  I highly doubt (and certainly hope doesn't exist).]

It doesn't, let's see why.

> SOFTWARE that can detect an attack by hackers and retaliate by sending a
> computer virus will be unveiled next month, writes Sean Hargrave.  Larry

Here's the first flaw.  People have been watching too much Independence
Day.  You can't just simply "send a computer virus."  Most breakins occur
on Unix systems which are immune to viruses.  Even if there were a general
way to send a random program to a system, there would be no way to make it
run it. 

> across a company's computer network and, if needed, the Internet.  The
> sentries stand guard at switches that allow traffic in and out of a
> system. 

This makes no sense.  In principle it sounds just like a new firewall. 
But then when they go on to describe it... 

> If an abnormal amount of data is detected coming from an unusual source,

When was the last time you heard of an actual break-in attack that
involved an "abnormal amount of data"?  Most break-ins and a number of DoS
attacks require only a few K or less of data.  How do they define "unusual
source?"  I'll believe that when I see it.

The only attack that involves an "abnormal amount of data" is smurf and
related attacks.  And there's nothing a firewall can do about that.

> the sentries "chat" among themselves to decide if the data should be
> allowed to pass. If they decide to hold it up, a message is sent to a
> system administrator for advice. 

And just how are they going to decide if the data is going to pass?  If
they "hold it up" where are they going to put it?  And if they ask the
administrator, how is he supposed to decide what to do with it?  Look at
the hex dump?  Then when he does decide what to do with it, do you suppose
that the computer will act just like a secretary whose fax came in after
she left for the day, and just file it nicely when the administrator gets
around to approving it?  Ridiculous.

> The administrator has the option of asking the sentries to track the
> path of the data and identify its source. Then he can decide on the
> ultimate revenge and have the sentries gain entrance to the hacker's
> computer and plant a virus.

It is, of course, impossible to track the path of incoming data or to
identify its source reliably.  It is also impossible to automatically
"gain entrace to the hacker's computer and plant a virus."  Even if it
were possible it would be against the law.

We now proceed to further descriptions of the ridiculousness of this

> the FBI after the software highlighted an attack from teenage hackers
> using pornographic messages to entice staff at blue-chip companies,
> intelligence agencies, university and military establishments to reveal
> e-mail addresses. 

Ah yes.  They sent an e-mail asking for their e-mail address.

> people to get disgusted with the offer of illicit material," he says. "As
> soon as they answered and asked to be removed, the hackers had their
> e-mail address and the address of their host server." 

There are a lot of easier ways to find someone's email address...
subscribe to some mailing lists, or watch usenet or something.
Notwithstanding that, you don't need to get someone to reply to your
message to see if their address is valid.  If the message doesn't come
back bounced, it's valid.

> A "server" is the computer that, like an electric postman, delivers and
> receives e-mail. Armed with an e-mail address and the identity of its
> local server, the hackers immediately established a point of entry. 

Not... really.  You need more than an email address, you also need the
password, and that assumes that the email server allows logons at all
(which it probably should not).  Of course, having a valid email address
and name of server makes it easier to forge legitimate-looking email from
that person, assuming that the server admin hasn't stopped that, but
that's hardly an earth-shaking security breach.

> The Japanese hackers are using software that logs on to a computer network
> as the person whose identity has been stolen. It then looks for password
> files that it can copy, which can then be examined and decrypted by the
> hackers. 

Nothing new there, but there's no explanation of where the hackers might
have gotten the user's password in the first place.

Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated []

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:52 PDT