[ISN] 'Counterstrike software' for hackers
InfoSec News
isn at c4i.org
Thu Jun 10 05:43:59 EDT 2004
Forwarded from: security curmudgeon <jericho at attrition.org>
http://australianit.news.com.au/articles/0,7204,9800011%5E15321%5E%5Enbv%5E,00.html
[I'm now taking bets on the first waves or lawsuits that will follow
due to the strike back hitting a server that doesn't belong to the
attacker (physically/financially)]
Correspondents in Paris
JUNE 10, 2004
THE first commercial software to strike back at computer vandals and
spammers has run into crossfire from experts, who fear it could
unleash "a cyber bloodbath" that could engulf the internet, New
Scientist says.
The product, launched in March by Texas security company Symbiot,
gives companies an escalating list of options to defend themselves
against hackers and other sources of unwanted traffic.
The menu starts with defensive choices: blocking traffic from a
certain site, limiting the amount of bandwidth that certain senders
can take up, and diverting troublesome data into a 'honeypot'.
From then on, the options are more aggressive.
Someone who tries to hack into the company's computer can be 'tagged'.
He is allowed to steal information that appears valuable but in fact
infiltrates his own computer, stamping all further data packets from
that source with a tag which identifies it to other Symbiot
subscribers as a 'known attacker'.
As a final resort, the company can send code to the attacking computer
to end the assault.
Symbiot refuses to say what the counter-offensive entails, although a
spokesman admits it "could be seen by some as malicious code", New
Scientist says.
That means the software enables its customers to invade other
computers, and for critics, this could open the gates to an escalating
conflict where innocents could end up victims, the British weekly
says.
The bystanders could include ordinary people whose computers are
hijacked, without their knowledge, to send out spam or email viruses,
or whose internet address is 'spoofed' - used by the hacker to mask
his own whereabouts.
Spoofing means "it is even possible to envisage an elaborate plot in
which an unscrupulous small operator lures two larger rivals into a
shooting match by convincing each one that it is under attack by the
other", the report says.
"This type of thinking comes from a small number of security
professionals, ones I'd consider hotheads, who want to get back at
people," Eugene Schultz, an expert at Lawrence Berkeley National Labs,
said.
"It's a vigilante mentality, and it just seems so irresponsible."
Symbiot, which gives access to the counterstrike software for
$US10,000 ($14,526) a month, is treading carefully.
Before releasing its product, called iSIMS, it issued a white paper on
"rules of engagement", stressing that users should only counterstrike
when all else fails.
The report appears in next Saturday's issue of New Scientist.
Counterstrike software is being pursued by other computer security
firms, sensing the widespread frustration at the failure of law
enforcement at dealing with hacking and spamming.
At present, companies and individuals have only defensive options in
the commercial arena, such as software for firewalls, spam filters and
detectors that block suspected viruses.
But these are invariably breached after a while and have to be
continuously updated.
Agence France-Presse
More information about the ISN
mailing list