[ISN] 'Counterstrike software' for hackers

From: InfoSec News (isn@private)
Date: Thu Jun 10 2004 - 02:43:59 PDT

  • Next message: InfoSec News: "[ISN] Internet Security Systems CTO Steps Down"

    Forwarded from: security curmudgeon <jericho@private>
    [I'm now taking bets on the first waves or lawsuits that will follow 
    due to the strike back hitting a server that doesn't belong to the 
    attacker (physically/financially)]
    Correspondents in Paris
    JUNE 10, 2004 
    THE first commercial software to strike back at computer vandals and
    spammers has run into crossfire from experts, who fear it could
    unleash "a cyber bloodbath" that could engulf the internet, New
    Scientist says.
    The product, launched in March by Texas security company Symbiot,
    gives companies an escalating list of options to defend themselves
    against hackers and other sources of unwanted traffic.
    The menu starts with defensive choices: blocking traffic from a
    certain site, limiting the amount of bandwidth that certain senders
    can take up, and diverting troublesome data into a 'honeypot'.
     From then on, the options are more aggressive.
    Someone who tries to hack into the company's computer can be 'tagged'.
    He is allowed to steal information that appears valuable but in fact
    infiltrates his own computer, stamping all further data packets from
    that source with a tag which identifies it to other Symbiot
    subscribers as a 'known attacker'.
    As a final resort, the company can send code to the attacking computer
    to end the assault.
    Symbiot refuses to say what the counter-offensive entails, although a
    spokesman admits it "could be seen by some as malicious code", New
    Scientist says.
    That means the software enables its customers to invade other
    computers, and for critics, this could open the gates to an escalating
    conflict where innocents could end up victims, the British weekly
    The bystanders could include ordinary people whose computers are
    hijacked, without their knowledge, to send out spam or email viruses,
    or whose internet address is 'spoofed' - used by the hacker to mask
    his own whereabouts.
    Spoofing means "it is even possible to envisage an elaborate plot in
    which an unscrupulous small operator lures two larger rivals into a
    shooting match by convincing each one that it is under attack by the
    other", the report says.
    "This type of thinking comes from a small number of security
    professionals, ones I'd consider hotheads, who want to get back at
    people," Eugene Schultz, an expert at Lawrence Berkeley National Labs,
    "It's a vigilante mentality, and it just seems so irresponsible."
    Symbiot, which gives access to the counterstrike software for
    $US10,000 ($14,526) a month, is treading carefully.
    Before releasing its product, called iSIMS, it issued a white paper on
    "rules of engagement", stressing that users should only counterstrike
    when all else fails.
    The report appears in next Saturday's issue of New Scientist.
    Counterstrike software is being pursued by other computer security
    firms, sensing the widespread frustration at the failure of law
    enforcement at dealing with hacking and spamming.
    At present, companies and individuals have only defensive options in
    the commercial arena, such as software for firewalls, spam filters and
    detectors that block suspected viruses.
    But these are invariably breached after a while and have to be
    continuously updated.
    Agence France-Presse
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Thu Jun 10 2004 - 03:37:46 PDT