[ISN] Is retaliation the answer to cyber attacks?

From: InfoSec News <alerts_at_private>
Date: Mon, 24 Jan 2011 02:06:02 -0600 (CST)
http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html

By Ellen Messmer
Network World
January 21, 2011

WASHINGTON, DC -- Should revenge assaults be just another security tool 
large IT shops use to counter cyber attacks?

It's a controversial idea, and the law generally frowns on cyber attacks 
in general, but at the Black Hat DC conference last week, some speakers 
took up the issue of whether and how organizations should counterattack 
against adversaries clearly using attack tools to break into and subvert 
corporate data security.

One idea that got plenty of attention here was the notion of exploiting 
vulnerabilities in attack tools and botnets to try to determine what the 
attacker was going after or feed fake data, or even dive into the 
attacker's network lair.

If it turns out an attacker has taken control of a corporate machine, 
it's logical that you'd want to "counter-strike" to find out what the 
attacker is up to, perhaps by finding a hole in the attack tool being 
used and planting a backdoor of your own to watch the attacker, said 
Laurent Oudot, founder and CEO of TEHTRI-Security, a French-based 
ethical-hacking and vulnerability research firm, who spoke at Black Hat.

"We want to strike back. We want to exploit his network," said Oudot. 
You want statistics and logs related to the attacker, and it might be 
the idea of attacking ZeuS or SpyEye or even a state-sponsored attacker. 
It's not so complex to find zero-day vulnerabilities that would allow 
subversion of attack tools, noted Oudot, whose firm has experience in 
identifying vulnerabilities, including several related to mobile 
devices. He suggested it would be fairly simple to strike back against 
exploit packs such as Eleonore, or feed fake information into attacker's 
hands. "You can strike back," Oudot said. "Your enemies are not ethical 
hackers."

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Jan 24 2011 - 00:06:02 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 24 2011 - 00:11:10 PST