[ISN] Think Twice Before Becoming A Hacker Attacker

From: mea culpa (jerichoat_private)
Date: Sun Dec 20 1998 - 12:49:29 PST

  • Next message: mea culpa: "[ISN] 1999 year of computer security - maybe"

    [Moderator: Some of the comments in this article are interesting
     considering the comments posted to the Errata site a week or so ago.]
    Forwarded From: Simon Taplin <stickerat_private>
    Perspective--Rutrell Yasin: Think Twice Before Becoming A Hacker
    December 14, 1998 
    I'm a big proponent of self-defense. Having studied a few of the martial
    arts, I've learned the value of being prepared to fend off and respond to
    attacks. To paraphrase a famous activist of the '60s: If someone attacks
    you, make sure he can't put his hands on somebody else. 
    That appears to be the stance of a growing number of large companies that
    have been victimized by hacker attacks, according to extensive research
    conducted by WarRoom Research. 
    In an 18-month study of 320 Fortune 500 companies, 30 percent said they
    have installed software capable of launching counterattacks to security
    breaches. The report, titled "Corporate America's Competitive Edge," 
    focuses on security and business intelligence practices and will be
    available next month. 
    Most security experts agree that companies should have some way to strike
    back at hackers. They caution users, however, not to get embroiled in
    cyber shootouts. The main reason? The system you're aiming at might not be
    the culprit. 
    The concept of "strikeback" has been around for years, but the method
    gained wider attention over the past few months after the Defense
    Department used software to disable an attacker's browser. 
    Strikeback can take many forms-from the collection of information about
    intruders that can be used later to launch a counterstrike or put the
    culprits in jail, to the launch of debilitating countermeasures such as
    denial of services or flooding attacks that virtually shut down an
    attacker's system. 
    But a savvy hacker can forge packet headers to make it appear that an
    attack is coming from another location. And if a company is shooting first
    and asking questions later, innocent people could be hurt. 
    What's ominous about the WarRoom Research findings is that many of the
    companies in the security study would prefer to use their own strikeback
    methods as opposed to calling the FBI or state law enforcement agencies. 
    As WarRoom Research president Mark Gembicki pointed out, a code of ethics
    controls how government agencies use strikeback measures. Large companies
    are truly borderless and are moving into uncharted territory. 
    Ken Geide, section chief of computer investigation with the FBI's National
    Infrastructure Protection Center, agreed. 
    "It's really important that companies have the capability to detect
    efforts to break into systems," he said. But strikeback has possible
    "The consequences of strikeback has the potential to put the victim at
    civil risk or physical risk," Geide said. 
    The companies in the WarRoom study view strikeback as a right, just as the
    law protects physical self-defense by way of force. 
    But there are lessons from the physical world that IT managers should
    consider before launching a strike, experts said. 
    If you see someone trying to break into your car parked at the curb, do
    you have the right to get your gun and take a shot at the suspected thief?
    Geide asked. 
    The person might be intoxicated and just stumbling on your car, not
    actually intending to break in. Worse, the bullets may ricochet and hit a
    "Our recommendation would be to let a properly trained individual help
    protect the property," Geide said. IT managers should adopt the same kind
    of response when conflicts arise in cyberspace. 
    "They could be launching a strikeback against themselves. The victim is
    better off working with law enforcement," he added. 
    Geide said, however, that companies have been reluctant in the past to
    tell law enforcement about security breaches, fearing unwanted public
    exposure. Just as technology continues to advance, the FBI has grown more
    sophisticated in investigating computer break-ins. "We're cognizant of the
    concerns of the victim. It would be silly to victimize the victim twice,"
    Geide said. 
    As a result, the FBI has seen a nearly 200 percent increase in pending
    investigations, primarily as referrals from victims, according to Geide. 
    It's clear that more large companies are devising options and plans to
    address network intrusions-from both internal and external attacks.  Many
    are deploying tools that block or kill TCP/IP connections when an
    intrusion is detected. 
    Those considering counterstrikes should realize that we're a long way from
    being able to effectively verify that we're hitting the right targets.
    Rutrell Yasin is a senior editor at InternetWeek. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:14 PDT