Re: [ISN] Is retaliation the answer to cyber attacks?

From: InfoSec News <alerts_at_private>
Date: Thu, 27 Jan 2011 05:16:32 -0600 (CST)
Forwarded from: Bill Scherr IV <bschnzl (at) cotse.net>
Cc: jericho (at) attrition.org

Is it really that simple?  

There is much that can be done on your own systems to collect data, and 
alter appearances.  Analyzing that data, while keeping the upper hand, 
takes skill and luck. It will never happen if active technical 
countermeasures are lumped into the "hacking back" pile.

Any engagement with the attacker will travel thru many other people's 
machines.  Of course, it takes a lot of experience (after a lot of 
training), practice, and a rock solid tool kit, all of which are rare.  
Then there is the time ($$$) involved.  The line that must not be 
crossed, by any but government, is ownership.

The tool kit would contain HoneyPots ('nets, LaBrea, THP), packet 
manglers, transparent proxies, solid protection and assurance, et 
cetera.  The data to grok would be voluminous.  Success and failure 
could hinge on a single bit.  Sourcing, summarizing, and communicating 
that data takes much expertise.  That means law enforcement must a) have 
the expertise and b) establish the environment to encourage such action.  
But we have to start somewhere!  Otherwise, we will not civilize the 
wild west.  All that is required for evil to prevail is that good folk 
do nothing!

B.

Circa 0:22, 25 Jan 2011, a note, claiming source InfoSec News <alerts (at) infosecnews.org>, was sent to me:

Date sent:      	Tue, 25 Jan 2011 00:22:34 -0600 (CST)
From:           	InfoSec News <alerts (at) infosecnews.org>
To:             	isn (at) infosecnews.org
Subject:        	Re: [ISN] Is retaliation the answer to cyber attacks?  
Organization:   	InfoSec News - http://www.infosecnews.org/

> Forwarded from: security curmudgeon <jericho (at) attrition.org>
> 
> Oh jeez.. didn't this silly notion out ten years ago?
> 
> : http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html
> 
> : "We want to strike back. We want to exploit his network," said 
> : Oudot. You want statistics and logs related to the attacker, and it 
> : might be the idea of attacking ZeuS or SpyEye or even a 
> : state-sponsored attacker. It's not so complex to find zero-day 
> : vulnerabilities that would allow subversion of attack tools, noted 
> : Oudot, whose firm has experience in identifying vulnerabilities, 
> : including several related to mobile devices. He suggested it would 
> : be fairly simple to strike back against exploit packs such as 
> : Eleonore, or feed fake information into attacker's hands. "You can 
> : strike back," Oudot said. "Your enemies are not ethical hackers."
> 
> The people who own the systems they exploit and use for their attacks, 
> likely are ethical. Breaking into the system they broke into puts you 
> in the same legal territory as the 'unethical hacker'. It doesn't 
> matter that your intentions are noble, you are breaking the law just 
> as much as those attacking you.
> 
> Any founder and CEO of an *ethical* hacking company should know this.
> 
> 
> ___________________________________________________________      
> Tegatai Managed Colocation: Four Provider Blended
> Tier-1 Bandwidth, Fortinet Universal Threat Management,
> Natural Disaster Avoidance, Always-On Power Delivery 
> Network, Cisco Switches, SAS 70 Type II Datacenter. 
> Find peace of mind, Defend your Critical Infrastructure.
> http://www.tegataiphoenix.com/


STOP SPAM  -  use whitelists

pub   1024D/6382216F 2008-06-20 [expires: 2013-06-19]
Key fingerprint = 5F6A F5AD 1FE0 73CA 2393  A62E 2469 0F95 6382 216F
uid    Bill Scherr IV (Ownership is Vital) <bschnzl (at) cotse.net>


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Jan 27 2011 - 03:16:32 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 27 2011 - 03:21:16 PST