Article from Network World: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html?hpg1=bn In this Handlers opinion there is no such thing as benevolent crime. Network world is running a piece that states "Is retaliation the answer to cyber attacks?" Pretty sure that I can speak for the handler team that if that was the answer we would be doing it. It might be a little bold to state that but I guarantee you that most of us have at least thought it occasionally. Question to the Diary readers? What are your thoughts on the subject?
Richard Porter --- ISC Handler on Duty |
Richard 173 Posts ISC Handler Jan 23rd 2011 |
Thread locked Subscribe |
Jan 23rd 2011 1 decade ago |
- http://www.firewallguide.com/
"... The Internet is a hostile network like the wild west without a sheriff!" ('Been there since site inception - 2000) "... gov't... take Cybercrime serious." I'm sure they do, but their resources are nowhere near any "balance of power" when compared to numbers like this: - http://www.ic3.gov/media/2010/100312.aspx March 12, 2010 - "... total loss linked to online fraud was $559.7 million..." - http://www.eset.com/blog/2010/03/17/were-not-talking-peanuts-here March 17, 2010 - "... these figures relate only to the USA. Multiply those amounts many times over to give you some idea of the size of the losses on a global basis ..." . |
Jack 160 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
The book: Inside Cyber Warfare
By: Jeffrey Carr Publisher: O'Reilly Media, Inc. discusses the international law aspects of when it is *POSSIBLY* acceptable for a *NATION* to retaliate in a cyber warfare situation. Retaliation by a non-nation i likely going to be considered a crime, and in certain situations could result in the target of the retaliation's nation justifiably launching military measures againt the nation harboring the retaliator; such measures are not necessarily limited to cyber actions! |
Moriah 133 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
Well, some forms of retaliation seem perfectly valid. For example... null routing the source.. reporting the incident to DNS black lists..
Calling up ISPs to report traceable attacks, and request they disconnect the customer originating the attack... There are plenty of common perfectly legal ways to "retaliate" Attack responders taking the law into their own hands is more often required than not. Law enforcement generally can't or won't respond effectively to such matters. Obviously... there must be limits to any retaliation. Responding to an attack by launching a DoS is obviously bad; DoS is in effect an attack against innocent networks (generally). Responding to attack by launching an intrusion attempt, makes the "retaliater" just as guilty as the original attacker, and the argument they were attacked first does not excuse anything. If a baseball comes from your neighbor's yard, and smashes your window... you still go to jail if you run across the street and break down their front door with an axe for revenge. |
Mysid 146 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
You would do well to consider the possibility that the Internet is a school playground; that all of the participants should be considered to be playing; and the best response to a form of play that you don't like is to 'ignore' and go find someone else to play with.
'Crime' is in the eye of the beholder, largely. Go look for California mining law, to see how land ownership was established in the 1840's in California. And how different that is from (say) land ownership in England now. Different again from France. Forgive if you can. Do not wager more than you can afford to lose. Others may legitimately not share your business goals. Competition is good, is what drives progress. On with IPv6 !!! |
Mysid 9 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
While I agree in spirit with the 'crime is still crime' meme, I have to say that in some instances, some form of retaliation is necessary. 'Mysid' nailed this concept perfectly in his post referenced above. I'm not going to perpetrate a tit-for-tat DoS attack, but I will, however, contain the attack and otherwise block/monitor where it came from.
|
Peyton 6 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
I have to agree that a crime is crime.
I put DNS blacklist reporting, null the source tc. as an increase in you defensive posture in response to an attack/crime. Counter-attack raises this to the crime level and that is were individuals need to be very careful. And in response to Chris' playground analogy. If the bully in the schoolyard was taking your lunch money, you wouldn't have the option to go play with someone else. The Internet is not an optional part of peoples life anymore. It is integrated into just about every aspect of our life. |
Peyton 5 Posts |
Quote |
Jan 23rd 2011 1 decade ago |
If you really want to think through the process of conducting computer network exploitation (CNE) or computer network attack (CNA) in retaliation for an attack on your own systems, then a good place to start is "Strategic Warfare in Cyberspace" by George Rattray. Pay particular attention to the issues around attack attribution and battle damage assessment.
IOW, identifying the adversary and assessing how badly your retaliatory actions have hurt him/her are difficult issues independent of the question of criminality. Another good resource is Cyberdeterrence and Cyberwar by Martin Libicki which delves into whether or not classical "deterrence" is even practical in the cyber-realm. |
Peyton 1 Posts |
Quote |
Jan 24th 2011 1 decade ago |
In western society we believe that self defense is not a crime. If someone comes up to me on the street with a crowbar and attacks me, I take that crowbar and smash his skull in, that is NOT assault, murder, or manslaughter that is self defense within a reasonable amount of force based on the threat posed to you. In my opinion, if someone is deliberately attacking your systems, disrupting your service, threatening your customer data, or trying to steal sensitive company information, you have every right to do whatever is in your power to defend yourself, your company, and your network, without legal ramifications. I have had a number of time where I have had to take the law into my own hands as local, provincial(I'm in Canada) and even federal law enforcement just did not give a damn. I'm not saying hack into the system steal all the naked pictures of the attackers wife and plaster them on the internet, I'm saying that any attack which reasonably disables the attack source to a point where you feel comfortable that they will not attack you again is completely legitimate, just as defending yourself in a physical altercation which you did not start is completely acceptable and unpunishable.
|
Peyton 2 Posts |
Quote |
Jan 24th 2011 1 decade ago |
An attack effects more than just the target.
A counterattack would also effect more than just the target. Except in extreme circumstances both my be considered equally evil. MHO |
Peyton 7 Posts |
Quote |
Jan 25th 2011 1 decade ago |
SO how do you measure an "in-kind" counter attack in cyberspace? Your attacker could be coming from a 1000 zombies or redirectors. Retaliation against those "agents" could have far worse consequences, since under this paradigm, they could counter-counter attack
|
Peyton 5 Posts |
Quote |
Jan 25th 2011 1 decade ago |
"In western society we believe that self defense is not a crime. If someone comes up to me on the street with a crowbar and attacks me, I take that crowbar and smash his skull in, that is NOT assault, murder, or manslaughter that is self defense within a reasonable amount of force based on the threat posed to you."
I'm pretty sure you'd at least get manslaughter charges if you took the crowbar from your assailant and murdered him with it. If you took the crowbar (or whatever weapon) away from the assailant, it would be reasonably assumed that you eliminated or minimized the threat. Attacking the assailant at that point could be considered excessive. I agree that neutralizing threats should be the goal. That means blunting the attack or shutting off the access; it does not mean viciously counter attacking. |
Jasey 93 Posts |
Quote |
Jan 26th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!