On Nov. 30th, 2011, James Temple reported for the San Francisco Chronicle on how companies are hacking the hackers. The article describes one Fortune 500 company that used counter-espionage software; the software slowed a cyberattack in progress, sent the hackers to a "virtual tar pit", and then blocked the offending computers from the company's website completely. The best part about this software? It slows hackers' progress while getting them to reveal more information as to their whereabouts, getting around the attribution problem and helping law enforcement to prosecute them. The article explains that the software even displays a map of the hacker's neighborhood, highlight nearby lawyers, and show a message that says "You're probably going to need some legal help."
This entire episode marks tech business' transition from passive network defense (firewalls, patching holes that have been exploited) to aggressive defense, or what I like to call hack-back. Of course, hack-back gets into a whole mess of legal problems (mostly exploring the scope of self-defense and what is or isn't allowed, in addition to relevant statutes banning hacking). However, it's clear that it's too easy to break into websites, so perhaps a shift to reacting after (or during) attacks would serve a greater deterrent effect that acting to avoid or fix cyber intrusions. The article notes that there is some indication that hack-back software exists which can "physically damage or destroy the computer systems of their attackers."
The rest of the source article can be found here.
Leave a Reply