Slashdot Mirror

← Back to Stories (view on slashdot.org)

Legal Hack Back Lets You Go After Attackers In Your Network (csoonline.com)

Posted by BeauHD on from the right-back-at-ya dept.

itwbennett writes: Security startup Cymmetria has a new offering for customers: "legal hack back." The hack back tools have been added to the company's MazeHunter deception technology and will enable "tracking down the attack servers and wiping data originally stolen from their servers, probing the attack infrastructure for weaknesses to exploit, disabling the systems controlling malware, looking for information about the attackers to use in attribution, and launching distributed denial-of-service attacks to slow down criminal operations," but security teams are restricted to taking these actions on systems within their organizations, writes Fahmida Rashid in CSO Online. "Legal hack back via MazeHunter is more than traditional incident response because the organization can run a payload on the infected machine to engage with the attacker even before the forensics part of the investigation is complete," said Gadi Evron, founder and CEO of Cymmetria.

47 comments

  1. If it is in your network... by aepervius · · Score: 4, Interesting

    ...And assuming it cannot be sometimes very sensitive, why do you need to hack back your own machine ? Pull the Lan cord, re-image it, at worst copy essential document, et voila.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:If it is in your network... by freeze128 · · Score: 1

      "If thyne eye doth offend thee, pluck it out!"

    2. Re:If it is in your network... by Anonymous Coward · · Score: 0

      why do you need to hack back your own machine?

      Hmm, maybe someone would be tempted to hack back outside of their own network? Not that Cymmetria would condone that...

    3. Re: If it is in your network... by Anonymous Coward · · Score: 0

      Yeah, but does it "strike back?" Lol

    4. Re:If it is in your network... by Anonymous Coward · · Score: 0

      Pull the Lan cord, re-image it, at worst copy essential document, et voila.

      Every time IT re-images my computer, I have it re-re-imaged within the hour.

    5. Re: If it is in your network... by Anonymous Coward · · Score: 0

      story is about: hack back the attacker that hacked you.....

    6. Re: If it is in your network... by Anonymous Coward · · Score: 0

      Trying to hack back attacker is stupid.
      It is playing in their game. They are good at it ... usually.

      Level field - localize, find them and use physical force on "virtual attackers" that is usually not their game.
      Or bombard from orbit ...

      You do not try to overtrick sleazy accountants. You break their knees ...
      At least The Boss says so.

    7. Re: If it is in your network... by Anonymous Coward · · Score: 0

      Trying to hack back attacker is stupid.

      I have done it, and I have won. Always will do, legal or illegal. Machine is ready to retaliate, fast, heavy and unavoidably.

  2. Cyberpunk is coming by budsetr · · Score: 2

    Black ICE

  3. Spoof the source IP and get them to eat themselves by HornWumpus · · Score: 1

    Better still, trick them into 'hacking back' at the NSA. Laughs all around.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  4. Legal Pre-Emptive Hack . . . by PolygamousRanchKid+ · · Score: 3, Insightful

    Legal hack back via MazeHunter is more than traditional incident response because the organization can run a payload on the infected machine to engage with the attacker even before the forensics part of the investigation is complete

    Well, that might be enough for some primitive folks, but for folks expecting American Defense Quality, I want a system that will attack the hackers before they even think about hacking.

    Yeah, sure, you haven't done anything yet, and you are still innocent, but the NSA/CIA/FBI AI models say you WILL be guilty sooner or later, so we might as well take you out right now.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:Legal Pre-Emptive Hack . . . by Anonymous Coward · · Score: 1

      Yeah, sure, you haven't done anything yet, and you are still innocent, but the NSA/CIA/FBI AI models say you WILL be guilty sooner or later, so we might as well take you out right now.

      At which point, there is no law. Anyone can be manipulated to commit any crime given enough subtle changes to their environment. Do it early enough and you can be the grand master of your own conspiracy, letting others take the fall for their role in the final act, but leaving you free and clear despite your careful domino placing.

      Anyone who would give another such power to enable precrime is in and of themselves a psychopath. There is no security nor safety in absolute surveillance, doubly so if the data is used in predictions of future acts. Which it will be. You can never fully trust someone else. They will always do what is in their best intrests in the end.

      In the case of absolute surveillance, the risk for abuse is far too high. With absolute surveillance, knowing everything about everyone at anytime with nothing anyone can do to stop it, and the chances of punishment so low, as attempts to punish them would be seen coming long before any real effort to do so got off the ground, it's abuse is guaranteed given enough time. It may start out as an authoritarian's wetdream, but it will end as a dictator's favorite public manipulation toy.

      There is no justice without a crime committed and a proven with evidence conviction. Anything less is just tyranny under the false premise of righteousness.

  5. Lets see how this works the other way around by Anonymous Coward · · Score: 4, Funny

    I run a hosting company which houses tens of thousands of servers and one of my customer machines is compromised. This malware hacks another company who has this HackBack(TM) service which then hacks back into my customer machine and begins to probe my network for weakness. My IDS detects this which launches its own HackBack(TM) service into this other company. Who sees me attacking and launches another HackBack(TM) attack.

    2002 called, they want their lazy worms back

    1. Re:Lets see how this works the other way around by Anonymous Coward · · Score: 0

      And just for shits and giggles, the attacking malware compromises the kernel networking such that local (supposedly legal) addresses are replaced by the IP addresses for Amazon, Apple, Microsoft, Google, and FBI headquarters. Pop some popcorn, this "legal hack back" will be fun to watch.

  6. And this is "legal" because... by Anonymous Coward · · Score: 4, Insightful

    ... we want it to be? ... the CEO saw it in a movie? ... the check is in the mail?

    Inquiring minds want to know.

    1. Re:And this is "legal" because... by Anonymous Coward · · Score: 0

      Because it's on your own network. I.e. almost useless.

    2. Re:And this is "legal" because... by Anonymous Coward · · Score: 0

      "tracking down the attack servers and wiping data originally stolen from their servers"

      That doesn't sound like its entirely in-network to me Hoss.

      "and launching distributed denial-of-service attacks to slow down criminal operations,"

      Yeah, so they are renting out their own bot-net to do this? Or are they just going to use the machines of clients that installed their mal^H^H^H-software?

    3. Re:And this is "legal" because... by Big+Hairy+Ian · · Score: 1

      ... we want it to be? ... the CEO saw it in a movie? ... the check is in the mail?

      Inquiring minds want to know.

      It isn't and you'll probably be hacking a third party machine which has already been hacked by your attacker and when they do their forensics they'll see they got hacked twice once by the attacker (Who covered his tracks) and once by you (Who didn't cover his tracks). See you in court

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    4. Re:And this is "legal" because... by Bugdanoff · · Score: 1

      ... because some smart legislators introduced the ACDC Act, again.

  7. Re:Spoof the source IP and get them to eat themsel by DontBeAMoran · · Score: 1

    http://hoaxes.org/weblog/comme...

    --
    #DeleteFacebook
  8. Clearer title suggestion by Anonymous Coward · · Score: 0

    Legal Hack Back Lets You Pursue Attackers In Your Network

  9. So when a DOD computer is infected... by Anonymous Coward · · Score: 0

    and starts sending attacks outbound because of a desktop computer getting infected, some end user will then be allowed to then hack back at the DOD? Interesting.

  10. Okay not a lawyer by coolmoe2 · · Score: 1

    But if its my network who is gonna press charges.
    Just sayin

  11. I'am more suprised by Anonymous Coward · · Score: 0

    that these lamers actually have customers at all.

  12. Re:Spoof the source IP and get them to eat themsel by AHuxley · · Score: 1

    In a fictional movie script setting.
    Will that ip always point to a 8/16, early 32 bit desktop computer at home in real time?
    In terms of a user's home desktop 8/16/32 bit computer with, dial up modem, big HD storage, a set ip for hours and dial up isp ip range.
    The interesting person uses their home ISP account to get into to a computer network and slowly move files back to their own home computer over hours.
    Logs show a clear moment of files from the network to a home computer ISP account.

    The skill level for a home computer to send a few commands to third party fast computer and fast network?
    A fast network and computer system would then be used to archive all the files. No files would be connected to the home computer until later.
    The third party network has the storage, CPU, fast compressing applications so all the home computer finally has to download is a few select files after reading, sorting, decrypting if needed, compressing.

    Was it a real home computer or the security services staging server... The fictional movie got lots more fun...

    --
    Domestic spying is now "Benign Information Gathering"
  13. Because... by Anonymous Coward · · Score: 1

    Because this is HACKING the HACKERS with HACKS. That's why.

    You have now read the entire substance of the thing. You are up-to-date.

    1. Re:Because... by Anonymous Coward · · Score: 1

      ONLY Hackers can Hack Hacky Hackings, not LUDDITE Users

      Hacks!

  14. Re:Spoof the source IP and get them to eat themsel by Hognoxious · · Score: 1

    Indeed. The words "false", "flag" & "lawsuit" spring immediately to mind.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  15. Sound pretty interesting if true but.. by Neuronwelder · · Score: 1

    What if they get smart (which they will) and immediately take the data and store it off site.

  16. Hmm, two things here. by Anonymous Coward · · Score: 0

    1. You may get into trouble if the 'attacker' is actually not at fault.
    2. This is a GREAT new attack that the attackers will soon learn to take over, and in which the tools will attack your own networks. ROFLMAO.

  17. Makes me laugh (moving target here)... apk by Anonymous Coward · · Score: 0

    See subject: Your host here vowed he "put me out" https://slashdot.org/comments.pl?sid=8727633&cid=51475843/ but he hasn't managed it - why?

    I blow by scripts (it's THAT simple) & change my origin point (but I am NOT harming anyone - shit, FAR from it, protecting others via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?... [google.com] & of course, he FEARS that - he lives off ads).

    * I am NEVER in the same place... & I am NOT hurting anyone (if anything I HELP others, freely)!

    PROOF -> https://it.slashdot.org/comments.pl?sid=11269397&cid=55427015/ the irresistable force & immovable object @ once = me.

    APK

    P.S.=> Try HIT a "moving target" & even IF you could "Zero In" on me? Good luck getting thru an armored TANK of a system I have going here, lol - no joke... apk

  18. This is why we don't get ... by Anonymous Coward · · Score: 0

    InfoSec ideas from Ghost in the Shell.

  19. LOL! Gotta give that a "Theme Song" (JET!) by Anonymous Coward · · Score: 0

    See subject & https://it.slashdot.org/comments.pl?sid=11269397&cid=55427359/

    * :)

    APK

    P.S.=> "... 'JET! With the wind in your hair of a 1000 places, climb in back & let's go for a ride in the SkYYYyyy..." via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

  20. Yet you do from "The Ghost in the Machine" by Anonymous Coward · · Score: 0

    See subject & APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads/script/malware rob speed/security/privacy/bandwidth.

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirect (99.999% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster from local RAM!

    * Via what u NATIVELY have in a FASTER kernelmode IP stack!

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking code vs. infection of program built-in it)

  21. Re: If a man loves the world... apk by Anonymous Coward · · Score: 0

    Don't get all religious on us APK. We like you just the way you were.

  22. In one word ... by Anonymous Coward · · Score: 0

    ... WORM (Write Once, Read Manytimes).

    ... a branch of storage devices which might get a jump in sales, seeing how (at some near time in the future) defending against loss-of-data stemming from the continuous hacks from other companies (either because of a hair-trigger guard, joe-jobs or simply a bad configuration) will become pretty important.

    And a question: How does the targetted entity discern between a hack-back and a downright hack ? Are we going to use something like the "evil" bit, but than in reverse -- like a "righteous indignation" -bit perhaps ?

    Mind you, fighting a legal hack-back may be considered unlawfull ...

    Personally this hack-back idea sounds like a run for wasting huge ammounts of money, with the hack vs anti-hack companies (the few already present and the numorous ones which will pop up within shortly) laughing all the way to the bank.

    Hmm, as a new variant of the lawyer profession I guess: Nobody likes them, they bleed you dry, but you can't live without them ...

  23. On a serious note? by Anonymous Coward · · Score: 0

    1st, I knew attempts @ passing bills like this into law were coming. Cryptominers & this? No thanks. Moving target changing address keeps me safer along w/ cutting script + cookie bs & using hosts files for the rest.

    * Hack back my ass - they've been hacking US for years in malwares in ads & scripts, lol!

    APK

    P.S.=> Folks like myself aren't hacking back - we're literally defending ourselves thus... apk

  24. Re:Makes me laugh (moving target here)... apk by Anonymous Coward · · Score: 0

    Dunning-kruger at work here.

  25. but he is with 99+% chance OUTSIDE your network by aepervius · · Score: 1, Offtopic

    And this is illegal is nigh all places to hack outside. The story is about hacking and gathering information INSIDE your own network.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  26. Re:Spoof the source IP and get them to eat themsel by Anonymous Coward · · Score: 0

    Why don't you learn to write intelligible English?

  27. Escalation by Anonymous Coward · · Score: 0

    Some people consider a port scan "hacking". But there is no exact definition of a port scan, some companies have reported port scans that only involved one port. In one example, that was the FTP port.

    I'm pretty sure the same fascist sysadmin that decided that one connection attempt on the FTP port is a hacking attempt would be among the first to get this hack back system.

    Now imagine that the poor guy who mistyped the FTP server IP address is on some corporate network (who else would use that old FTP crap nowadays), behind another hack back system.

    From one mis-typed IP address to two companies having their data destroyed in a matter of minutes.

    Basically a smaller version of what everybody was worrying about back when the US and USSR was practicing mutually assured destruction. One exercise mistaken for a real attack or one satellite or passenger plane mistaken for a missile - or even sunlight: https://en.wikipedia.org/wiki/Stanislav_Petrov

    1. Re:Escalation by Anonymous Coward · · Score: 0

      I remember one company going after a Lynx user, because that must have been hacking tool, because it ran on Linux.

  28. Don't like facts I posted? by Anonymous Coward · · Score: 0

    Whipslash also did scripts vs. my posting direct links to my hosts program! If that's not 'hacking me' what is? All I, a long-time regular user here LONG BEFORE he bought /., does to get that?

    Post when hosts are effective vs. various threats etc. (they are a LOT) & about my work creating hosts files from reputable sources for their data & get accused of 'spamming'? WTF!

    * Yet /. PIMPS google or linux stuff along w/ OpenSORES wares ALL DAY LONG (but "that's ok", right?).

    APK

    P.S.=> Lastly: See subject & what you spewed unidentifiable worm? You project that about yourself, not I... apk

  29. What will actually happen by whitroth · · Score: 1

    instead of companies hiring folks who actually know what they're doing, they'll tell someone to run this. And the next thing you know, the person who doesn't actually know what's going on will "fix" it so it includes anyone attacking them, and then someone's mother or grandmother, whose machine was compromised by malware that they had no clue about, will suddenly be toast, all their emails, and writings and pictures of their kids gone. And they won't have a clue what happened.