infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Is retaliation the answer to cyber attacks?

[ISN] Is retaliation the answer to cyber attacks?

From: InfoSec News <alerts_at_nospam>
Date: Mon Jan 24 2011 - 08:06:02 GMT
To: isn@infosecnews.org

http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html

By Ellen Messmer
Network World
January 21, 2011

WASHINGTON, DC -- Should revenge assaults be just another security tool
large IT shops use to counter cyber attacks?

It's a controversial idea, and the law generally frowns on cyber attacks
in general, but at the Black Hat DC conference last week, some speakers
took up the issue of whether and how organizations should counterattack
against adversaries clearly using attack tools to break into and subvert
corporate data security.

One idea that got plenty of attention here was the notion of exploiting
vulnerabilities in attack tools and botnets to try to determine what the
attacker was going after or feed fake data, or even dive into the
attacker's network lair.

If it turns out an attacker has taken control of a corporate machine,
it's logical that you'd want to "counter-strike" to find out what the
attacker is up to, perhaps by finding a hole in the attack tool being
used and planting a backdoor of your own to watch the attacker, said
Laurent Oudot, founder and CEO of TEHTRI-Security, a French-based
ethical-hacking and vulnerability research firm, who spoke at Black Hat.

"We want to strike back. We want to exploit his network," said Oudot.
You want statistics and logs related to the attacker, and it might be
the idea of attacking ZeuS or SpyEye or even a state-sponsored attacker.
It's not so complex to find zero-day vulnerabilities that would allow
subversion of attack tools, noted Oudot, whose firm has experience in
identifying vulnerabilities, including several related to mobile
devices. He suggested it would be fairly simple to strike back against
exploit packs such as Eleonore, or feed fake information into attacker's
hands. "You can strike back," Oudot said. "Your enemies are not ethical
hackers."

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/