Hacked Companies Fight Back With Controversial Steps

PatPending writes with this report on companies taking aggressive steps to deal with electronic attacks: "Known in the cyber security industry as "active defense" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems. Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage." If you've been involved in such an action, how did it work out for you?

Honeypots, misinformation

[Dan+East]

I would think lots of honeypots, dead ends, and misinformation would be effective. It would be difficult for the hacker to know when they have accessed legitimate machines or information. That's one of the problems with typical security is that it typically provides confirmation when an access attempt has failed. If instead of indicating failed access, you instead direct them to bogus data, it would make the hacker's life rather miserable.

Re:Companies are known to strike back

[hairyfeet]

Companies hell, I've had cops come up to me in the shop that wanted obviously illegal stuff done, frankly i think they had seen too many episodes of CSI and actually thought you could hack a network with a VB GUI.

But honestly this kind of shit surprises me not in the least, anyone who has read some of the stuff that has been dumped onto Wikileaks knows that you can buy pretty much anything if the money is good enough. Personally I'm waiting for a cyber version of the Pinkertons, a little private army you can hire to do whatever dirty little thing you need done in cyberspace. After all thanks to many otherwise pretty damned lawless countries having Internet access in a way its like the wild west only the criminals don't have to physically come over the border to do their raiding before heading back to their personal hole in the wall. So to see the corps fighting back when the law itself can't really do shit thanks to countries that don't play by the same rules? Really not surprising.

Re:Stupid

[Wolfling1]

A couple of months ago, when I ws selling my motorbike, I received a few of those 'I'm on an offshore oilrig and I want to buy your bike' spams. I was curious, so I constructed a honeypot to see if I could gather some intel on the perps before going to the police.

Sure enough, within a day, I had IP addresses and was able to resolve to the attackers location. He was stupid enough to not be using a proxy, and stupid enough to leave some vulnerabilities open on his PC - that made it very easy to be certain that he was the attacker.

I collated my data, and presented it to the Feds. They weren't interested. Couldn't even care less.

So I contacted the attacker independently (through my own proxies), and let them know that they should get better at what they're doing, or get out of the game. They didn't try to contact me again.

I can understand why people would be tempted to undertake their own vigilante actions.

Re:Asking you to break the law?

[non-plus]

once, we had a less-than-skilled attack on a company i was network admining at. I traced the source down to an ISP in a South American country and ISP and I contacted them stating that such-and-such IP on their network was engaging in an attack on my company. I asked them to look into this and block the user from hitting us thru the routes I provided. They said there was nothing they could do. I asked them what other recourse I had. They told me there was nothing I could do but shut down our systems and hope it went away. I asked them if I could take action to stop it and could I get and e-mail statement to that effect. They sent me an e-mail stating there is nothing they could do and I could do whatever I needed to correct the situation.

I ran it by the legal guys. got a thumbs up. put on a darker hat.

moved a bit of traffic off the oc-12 we had and proceeded to clobber the offending IP address and the nodes at the far end (ISP equipment). I got a very polite call after about an hour telling me that the offender has been pulled off-line and asking if I would be so kind as to stop defending myself as it was killing their network. I stopped my defense and was given a few names with contact info to call in the future should the needs arise.

a good result.