infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: Re: [ISN] Is retaliation the answer to cyber attac

Re: [ISN] Is retaliation the answer to cyber attacks?

From: InfoSec News <alerts_at_nospam>
Date: Thu Jan 27 2011 - 11:16:32 GMT
To: isn@infosecnews.org

Forwarded from: Bill Scherr IV <bschnzl (at) cotse.net>
Cc: jericho (at) attrition.org

Is it really that simple?

There is much that can be done on your own systems to collect data, and
alter appearances. Analyzing that data, while keeping the upper hand,
takes skill and luck. It will never happen if active technical
countermeasures are lumped into the "hacking back" pile.

Any engagement with the attacker will travel thru many other people's
machines. Of course, it takes a lot of experience (after a lot of
training), practice, and a rock solid tool kit, all of which are rare.
Then there is the time ($$$) involved. The line that must not be
crossed, by any but government, is ownership.

The tool kit would contain HoneyPots ('nets, LaBrea, THP), packet
manglers, transparent proxies, solid protection and assurance, et
cetera. The data to grok would be voluminous. Success and failure
could hinge on a single bit. Sourcing, summarizing, and communicating
that data takes much expertise. That means law enforcement must a) have
the expertise and b) establish the environment to encourage such action.
But we have to start somewhere! Otherwise, we will not civilize the
wild west. All that is required for evil to prevail is that good folk
do nothing!

B.

Circa 0:22, 25 Jan 2011, a note, claiming source InfoSec News <alerts (at) infosecnews.org>, was sent to me:

Date sent: Tue, 25 Jan 2011 00:22:34 -0600 (CST)
From: InfoSec News <alerts (at) infosecnews.org>
To: isn (at) infosecnews.org
Subject: Re: [ISN] Is retaliation the answer to cyber attacks?
Organization: InfoSec News - http://www.infosecnews.org/

> Forwarded from: security curmudgeon <jericho (at) attrition.org>
>
> Oh jeez.. didn't this silly notion out ten years ago?
>
> : http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html
>
> : "We want to strike back. We want to exploit his network," said
> : Oudot. You want statistics and logs related to the attacker, and it
> : might be the idea of attacking ZeuS or SpyEye or even a
> : state-sponsored attacker. It's not so complex to find zero-day
> : vulnerabilities that would allow subversion of attack tools, noted
> : Oudot, whose firm has experience in identifying vulnerabilities,
> : including several related to mobile devices. He suggested it would
> : be fairly simple to strike back against exploit packs such as
> : Eleonore, or feed fake information into attacker's hands. "You can
> : strike back," Oudot said. "Your enemies are not ethical hackers."
>
> The people who own the systems they exploit and use for their attacks,
> likely are ethical. Breaking into the system they broke into puts you
> in the same legal territory as the 'unethical hacker'. It doesn't
> matter that your intentions are noble, you are breaking the law just
> as much as those attacking you.
>
> Any founder and CEO of an *ethical* hacking company should know this.
>
>
> ___________________________________________________________
> Tegatai Managed Colocation: Four Provider Blended
> Tier-1 Bandwidth, Fortinet Universal Threat Management,
> Natural Disaster Avoidance, Always-On Power Delivery
> Network, Cisco Switches, SAS 70 Type II Datacenter.
> Find peace of mind, Defend your Critical Infrastructure.
> http://www.tegataiphoenix.com/

STOP SPAM - use whitelists

pub 1024D/6382216F 2008-06-20 [expires: 2013-06-19]
Key fingerprint = 5F6A F5AD 1FE0 73CA 2393 A62E 2469 0F95 6382 216F
uid Bill Scherr IV (Ownership is Vital) <bschnzl (at) cotse.net>

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/