Re: [ISN] Is retaliation the answer to cyber attacks?

From: InfoSec News <alerts_at_private>
Date: Tue, 25 Jan 2011 00:22:34 -0600 (CST)
Forwarded from: security curmudgeon <jericho (at) attrition.org>

Oh jeez.. didn't this silly notion out ten years ago?

: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html

: "We want to strike back. We want to exploit his network," said Oudot. 
: You want statistics and logs related to the attacker, and it might be 
: the idea of attacking ZeuS or SpyEye or even a state-sponsored 
: attacker. It's not so complex to find zero-day vulnerabilities that 
: would allow subversion of attack tools, noted Oudot, whose firm has 
: experience in identifying vulnerabilities, including several related 
: to mobile devices. He suggested it would be fairly simple to strike 
: back against exploit packs such as Eleonore, or feed fake information 
: into attacker's hands. "You can strike back," Oudot said. "Your 
: enemies are not ethical hackers."

The people who own the systems they exploit and use for their attacks, 
likely are ethical. Breaking into the system they broke into puts you in 
the same legal territory as the 'unethical hacker'. It doesn't matter 
that your intentions are noble, you are breaking the law just as much as 
those attacking you.

Any founder and CEO of an *ethical* hacking company should know this.


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Jan 24 2011 - 22:22:34 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 24 2011 - 22:28:58 PST