Forgot your password?
typodupeerror
Networking Security Technology

Is Retaliation the Answer To Cyber Attacks? 142

Posted by Soulskill
from the with-your-switch-or-on-it dept.
coondoggie writes "Should revenge assaults be just another security tool large IT shops use to counter cyber attacks? It's a controversial idea, and the law generally frowns on cyber attacks in general, but at the Black Hat DC conference last week, some speakers took up the issue of whether and how organizations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security."
This discussion has been archived. No new comments can be posted.

Is Retaliation the Answer To Cyber Attacks?

Comments Filter:
  • Bad idea (Score:5, Funny)

    by SHP (8391) on Saturday January 22, 2011 @06:42PM (#34968060)

    Makes about as much sense as conducting panty raids on shoplifters.

  • New idea. (Score:3, Insightful)

    by SuricouRaven (1897204) on Saturday January 22, 2011 @06:42PM (#34968062)
    1. Attack your target. 2. Wait for counterattack. 3. Deny 1, or claim it was an attack launched by compromised computers without your knowledge. 4. Sue your target for the costs of their counterattack.
    • by Geraden (15689) on Saturday January 22, 2011 @07:04PM (#34968192) Homepage
      You forgot a step...

      5. Profit!
    • Re: (Score:3, Insightful)

      by jamesh (87723)

      Depending on the nature of the attack, it might be easy to spoof. If A wants to attack C then all they need to do is attack B pretending the attack is coming from C, then sit back and enjoy the show :)

      • by tkprit (8581)

        Exactly my thought; I don't want rogue corporate types or the government trying to figure out who's do the attacking and retaliating. They need to beef up their own security and use the current legal system to subvert "cyber attacks".

        Plus, given how the US govt and probably US corporations wants to treat wikileaks as a terrorist org, I can imagine big corp/govt "retaliation" being a literal Trojan Horse [SWAT team!] instead of code.

        • Re:New idea. (Score:5, Insightful)

          by SuricouRaven (1897204) on Saturday January 22, 2011 @08:19PM (#34968690)
          The problem with conventional response is that of geography. When your opponent is some script kiddie or amateur hacker, it's all very well - you go to court, get a warrant, trace his IP through the ISP logs, and file charges. But if the attacker is an organised criminal group, the attack will be coming from a computer in Outer Elbonia, where the local police couldn't care less about your paperwork, and the ISP doesn't care that the connection is registered under a false name. There are even ISPs that specialise in hosting scams and malware - usually in Russia or somewhere similar. It can take weeks to go through legal channels, and during those weeks the attacks (Or malware host) keep on running.

          The impossibility of regulating the internet is what allows us the freedoms we at Slashdot love so much, but the price of this is that it's largely unpoliceable.
          • by h4rm0ny (722443)

            The impossibility of regulating the internet is what allows us the freedoms we at Slashdot love so much, but the price of this is that it's largely unpoliceable.

            And I regard the price as acceptable so far. We take a few knocks and we keep on going. I'd rather that than lock ourselves in some little cell of monitored and controlled connections for the sake of supposed protection. A prison will protect you from a lot of the dangers of outside life, but you still don't want to make your life a prison.

          • Have you ever _tried_ to get a warrant against a script kiddie? The last time I tried, the police and the ISP from where the script kiddie was acting both passed it along to FBI, who did _nothing_. Actually getting a prosecution basically involves educating them in how things work, even wuth the much vaunted FBI computer crime teams.

            • It helps if you've got some political connections. If you are someone like, for example, Sarah Palin then it's easy to make sure any wannabe-hacker who guesses your password gets to spend a few years in jail. It's just as with any other crime, really: How much the police care about catching the criminal is directly related to the wealth and influence of the victim.
  • by TerranFury (726743) on Saturday January 22, 2011 @06:43PM (#34968064)

    ...if we stopped calling exploitation attempts "attacks." It's trickery; it's spying; it's occasionally even -- and this is stretching the word a little -- sabotage (in the case of DoS). But "attacks?" It makes it sound like some kind of assault that one can somehow "get even" for. The metaphor is all wrong.

    • Yeah a counter attack only makes sense if you can stop future attacks. A legal attack may put the guy in jail. But DOSing his home PC isn't going to accomplish anything for you so its a waste of effort.

    • by Antique Geekmeister (740220) on Saturday January 22, 2011 @07:19PM (#34968288)

      Only if they weren't "attacks". They often include theft, including theft of money and private information. They're often expensive to repair, They often break or impedes other computer services, and the most common forms of them are for illegal activity (such as spam running DDOS attachs). Or have you failed to look at what botnets are and how they are run?

      Because such attacks far outnumer mere "exploitation attempts", and because even a mere "exploitation attempt" involves theft of computer resources or private data, yes, it's reasonable to call them "attacks".

      • by causality (777677) on Saturday January 22, 2011 @08:54PM (#34968974)

        Only if they weren't "attacks". They often include theft, including theft of money and private information. They're often expensive to repair, They often break or impedes other computer services, and the most common forms of them are for illegal activity (such as spam running DDOS attachs). Or have you failed to look at what botnets are and how they are run?

        Because such attacks far outnumer mere "exploitation attempts", and because even a mere "exploitation attempt" involves theft of computer resources or private data, yes, it's reasonable to call them "attacks".

        If you leave your car unattended and some asshat criminal steals it, would you say he attacked you, or would you say he has stolen from you?

        If you leave your ATM card in the ATM and some asshat criminal drains all the money from your account, would you say he attacked you or would you say he committed fraud and/or larceny?

        If you leave a candy bar at your desk and an asshat coworker swipes it and eats it without asking you if he may have it, would you say he attacked you or would you say he swiped your candy bar?

        If all of the above are attacks then what do you call it when one person physically assaults another person? We used to have a neat solution for the problem of making this distinction, in the form of specific words like "attack" that have a specific meaning. Sure, we can reject that and blur all distinctions so we can sensationalize and play up the hyperbole of comparing everything to violent assault, and justify it by saying "it's a LIVING language", but have you thought this through? Is using the correct word such an unreasonable burden, is supporting this kind of sensationalism so desirable, that it's worth introducing artificial ambiguity? I for one don't believe so.

        • by Fnord666 (889225) on Saturday January 22, 2011 @10:32PM (#34969636) Journal

          If all of the above are attacks then what do you call it when one person physically assaults another person?

          Battery [wikimedia.org].

        • If you leave your car unattended and some asshat criminal steals it, would you say he attacked you, or would you say he has stolen from you?

          If you leave your ATM card in the ATM and some asshat criminal drains all the money from your account, would you say he attacked you or would you say he committed fraud and/or larceny?

          If you leave a candy bar at your desk and an asshat coworker swipes it and eats it without asking you if he may have it, would you say he attacked you or would you say he swiped your candy bar?

          If you leave your car unlocked and someone takes the opportunity to change the locks on your car so they can steal it again any day they like (while still letting you drive it--somehow), that's an attack. Doubly so if they use your car to perform illegal activities, then return it before you notice.

          Same if you leave your ATM card somewhere, and they not only siphon cash, but do social engineering attacks to get the bank to disclose details that will, for instance, let them obtain a credit card in your name

        • We used to have a neat solution for the problem of making this distinction, in the form of specific words like "attack" that have a specific meaning.

          When was this mythical time?

        • The legal word you are looking for for threats against one's person or safety is "assault". The legal word for laying hands on someone else against their wil and without other justifiable cause is "battery". The word "attack" has _never_ had the kind of "purely physical attack" definition you claim. The ambiguity is in your limited definition of the world: I can see where that would be confusing.

        • I logged in to mark you as a friend for the comment about precise and accurate language, but then I saw that you're already on the list. :)

    • by _Sprocket_ (42527) on Saturday January 22, 2011 @07:48PM (#34968452)

      ...if we stopped calling exploitation attempts "attacks." It's trickery; it's spying; it's occasionally even -- and this is stretching the word a little -- sabotage (in the case of DoS). But "attacks?" It makes it sound like some kind of assault that one can somehow "get even" for. The metaphor is all wrong.

      I disagree. The use of the word "attack" is perfectly suited. Espionage involves attacks. Politics involves attacks. You can attack a problem, attack a mountain (climbing in mind but that could imply more than one form of 'attack'), attack a movie you found worthy of strong criticism, or attack an idea. An attack is nothing more than an aggressive action who's implication is highly dependent on the situation and context of the use of the word.

      The base problem is looking at this as warfare. In the context of war, an attack has very specific connotations. That form of attack and the concept of war lead us in to the wrong mind-set for the reality of the situation. This is where trickery, spying, and sabotage comes in. This is simply a new set of tools for espionage. And while this does open a new way of looking at things beyond the old Cold War era, namely actors that may not be directly associated with a State, a lot of the traditional concepts and general nature of the behavior apply well to the exploitation of this new environment and tool sets.

    • by westlake (615356)

      ...if we stopped calling exploitation attempts "attacks." It's trickery; it's spying; it's occasionally even -- and this is stretching the word a little -- sabotage

      When you have a thirst for blood, you are in no mood to argue the fine points of language. Call it trickery, spying, who the helll cares?

    • That's an interesting point and raises the issue of how we're framing the incident of an "attack". By calling it an attack, we're attempting to justify retaliation. As to the best response, I'd say diverting the attack and logging the method of attack makes more sense. As data is collected about attacks, their sources, methods and frequency become the basis for standard operating procedure rather than the news.

      By reducing their effect with black hole strategies rather than retaliation, we reduce the c
  • by buchner.johannes (1139593) on Saturday January 22, 2011 @06:43PM (#34968068) Homepage Journal

    Is the attack scenario one bad guy?
    Then you should contact law enforcement. Also you should make sure your security set up is appropriate.

    Is the attack scenario that you are an big company and people attack you because you are known?
    Then you should make sure your security set up is appropriate. Attacking people is pointless because new ones will turn up all the time.

    • by Motard (1553251)

      Is the attack scenario one bad guy?
      Then you should contact law enforcement. Also you should make sure your security set up is appropriate.

      Would you perform these steps in a physical attack? i.e. an imminent physical ass whooping?

      Is the attack scenario that you are an big company and people attack you because you are known?

      Are you a celebrity facing a crazy person?

      Then you should make sure your security set up is appropriate.

      Right. Buy a gun.

      Attacking people is pointless because new ones will turn up all the time.

      Not after they heard about the first one.

      But seriously, isn't the right of self-defense a pretty basic one? Sure, if you have no confidence of success, don't persue this option. But if you do, take 'em out.

      • by Pharmboy (216950) on Saturday January 22, 2011 @07:47PM (#34968450) Journal

        I think the problem is that with a cyber attack, you don't know if the computer attacking you is the actual person, a proxy, and pwned box or what. In a physical attack, yeah, I say pick up a 2x4 and pop them in the head. In a cyber attack, it is pretty easy to attack the wrong target, maybe bogging up some routers along the way causing inconvenience to innocent bystanders as well. I personally would like to see mass spammers and other cyber criminals get a firing squad on public television, as a deterrent, but not sure going vigilante is the right answer.

      • by Caraig (186934) *

        this does bring up an interesting question in the whole debate about corporate personhood. Obviously corporations have a right to some sort of self-defense: protection from libel and slander, and protection from sabotage. And of course protecting their employees. (Despite anti-corporatist bias, most corporations really could do without someone waltzing into the secretarial pool and shooting up the place.) But what are the boundaries that corporations should have in exercising self-defense?

    • Really, the only scenario meriting retaliation for its own sake is the one in which both you and your opponent are script kiddies, because the Internet is really just one big e-peen contest.

    • by Kjella (173770) on Saturday January 22, 2011 @07:23PM (#34968306) Homepage

      The question is more are you actually going to retaliate against the attacker or is it like "Let's send some rockets back into that city, because that's where they came from." Anyone launching an attack directly from their own computer is a total amateur, chances are great it'll be some unsuspecting third party's machines and networks that'll be your battle ground. And I very much doubt they care who started it, they're likely to go after everyone that's been hacking their systems when they first find out. If I go on vacation and find two gangs have trashed my apartment I'm not really going to care who started it.

      • Your analogy is you go on vacation and, in your absence, a gangwar erupted in your apartment? Then you come back and see the damage. Respond with "Alright motherfuckers, I dont give a shit who started it." Then presumably go on to kick some ass. Sounds pretty awesome.

      • by DarkOx (621550)

        I guess the issue is does the attacker need to meet the knowingly standard. Most attacks don't use spoofed address because from most places that is incredibly hard to make work. So typically the person running the attack will use a proxy or two and for DDOS like stuff a bot net. In general the machine the packets are coming from is an attacker, regardless of its owner's awareness.

        I don't think its wrong to go blasting bot net nodes off the internet if they are causing you grief and you can identify them.

  • Infinite loop (Score:2, Insightful)

    by Haedrian (1676506)

    If (Cyberattack){

    Cyberattack;

    }

    Nobody see the problem?

    • by JonySuede (1908576) on Saturday January 22, 2011 @06:59PM (#34968170) Journal

      Nobody see the problem?

      If (Cyberattack){

      Cyberattack();

      }

      there was a parenthesis pair missing.

      • It is worse than that. One of 500,000,000 threads on the Intertubes.
        void CyberAttackInit(char *Target){
        bool Attacked;
        if (httpTraffic>1000){Attacked=TRUE;}
        if (Attacked==TRUE){attackAllAttackers();}
        }
        I would guess that it would go from one attack or mistake to a deadlock in nanoseconds. It wouldn't end until somebody burned up or hit a bandwidth limit. One person could set off the entire internet in a single prompt critical. We should really create more situations like this that can be memorialized l
      • by dgatwood (11270)

        Sweet. So if the Cyberattack function exists, it must be called. An weapon unused is a useless weapon and all that.... On the other hand, such an argument tends to be an argument of the lazy (binding).

  • The problem is that anyone can do a cyber attack, steal a ton of money by scamming it. It isn't tough, it just requires a lack of morals.

    If they're caught, some countries will not only refrain from punishing you, but they'll even congratulate for siphoning money from foreign countries.

    I don't think there is a solution unless we had a world government... In which case we have a lot bigger problems facing us.
  • by slackz (1980906) on Saturday January 22, 2011 @07:00PM (#34968174)
    But I am curious about about the machines that are responsible for a lot of attacks online. A year or so ago I noticed ssh brute force attempts in /var/log/secure and found a cool solution called denyhosts [sourceforge.net] that parses log files, adjusts /etc/hosts.deny, and logs all activity. This got me thinking about a project... I would really like to create some NSE (nmap scripting engine) scripts, or something similar, to go through and scan the machines that show up in my log files as trying to weasel their way in via ssh or other common, filtered tools. It would be interesting to create some visual representations of services, geographical locations, and general makeup of the boxes that are attacking these services.
    • I hope you included something which turned that off if it added more than a certain number of hosts in a short time.
      otherwise it makes for an easy DOS, spoof packets and watch as your server blocks the whole net.

      something which imposes a temporary block and can only block a limited number of IP's at a time would be good for preventing casual and script kiddie attacks though.

      • DenyHosts includes a PURGE_DENY option which allows you to specify how long blocks are kept for.

        Spoofing shouldn't be an issue here. We're not talking about logging SYN packets but failed login attempts. An attacker can't perform those without being able to get packets back from the server and they can't do that if they are spoofing their address. Unless perhaps they are plugged into the same hub as the server but if that's the case you've likely got bigger problems to worry about.

  • 1) Collect as much info as you can about the source of the attack.
    2) Send an email to the abuse address on record.
    3) Harden system some more.
    4) Wait for some sort of response.
    5) Publish the source IP, whatever response is received in the email response, and AS info (i.e. netblock) along with the details of the attack.
    6) Block all future traffic from the AS.
    • Hear, hear! but...


      6) Too crude, how will AS people know why they have been blocked if they are blocked? Blocking whole AS might kill somebody or sombodies!
      Maybe:
      5.3) Block only offending addresses only from attack target with expiration time.
      5.4) Contact AS operators by other means if they don't respond to email.
      5.5) Require AS operators to have SIP phones, live chat and a contact person/s, or some why to know your email hasn't gone into a black hole.
      5.6) If addresses proceed to attack other target
  • No really. If it's after the fact, no... Cease fire when they do.

  • If everyone clicked the link in those "work from home" scams 100 times, or replied to every "your webmail account is about expire" email with bogus details then it would drown the enemy in useless information.

    If you then take it a step further and have an automated system that clicks links a million times automatically and replies to the emails with bogus information a million times then it would be even better.

    Until someone gets the idea to send out a "I made a billion $$$ working from home. Click http://w [kernel.org]

  • by Courageous (228506) on Saturday January 22, 2011 @07:37PM (#34968404)

    The concept of revenge cyber attacks is functionally insane.

    At least at the corporate level. Consider. A competitor's network appears to be attacking yours, so you attack back and get into their networks. Only it turns out that someone hacked the competitor, and it was no fault of the competitor at all. The counter attacking corporation's employees are now guilty of a felony, and presumably were directed to do so by a senior manager. The following actions are available to your competitor:

    1. Pressing the district attorney to prosecute the employees and management
    2. Pressing the district attorney to prosecute the corporation (i.e. the corporate death penalty)
    3. Suing all the criminal employees including all executives in the chain, either authorizing parties or cognizant parties
    4. Suing the corporation

    Given the criminal act with malice of forethought, the #4 option will be of practically unlimited liability. You can expect to be charged 100% of all attorney's fees, the actual cost of their security event including cleanup and all IT labor associated therewith, and an apportionment of their ongoing security operations fees. For #3, some jurisdictions do not permit bankruptcy out of civil liabilities originating from criminal acts. No employee will be protected just because their bosses told them to do the act, as the act was a crime and is indefensible.

    So, to be blunt: "dream on".

    No sane Corporate Counsel will permit any company to do this.

    C//

    • by Anonymous Coward

      Sigh, bad summary and over-hyped news strikes again.
      If you read the article, you will see that the actual Black Hat speakers do not suggest a revenge cyber attack. And the article itself, doesn't actually talk about using real cyber attacks.

      They talk about stuff like using "tarpits" to get exploit tools and botnets stuck in loops to slow them down (like CAPTCHAs or locking out login attempts), feeding fake information to cyber attackers (like honeypots).
      Of course, the article uses wording that implies an a

    • by Xugumad (39311)

      There's an even worse scenario, in that spoofing could allow an attacker to fake being a different origin. For bonus points, launch a nonsense attack that ties up your biggest competitors in an information/legal war...

      I think everyone who has ever done information security from the defence side has had this thought cross their head. Like "Why don't we write a virus that patches Windows?", it turns up every now and then. It's very very illegal (can you imagine trying to persuade the US & China to provide

      • One of the other posters responded that TFA was of course really not about revenge attacks, but more about tying up the attackers in mire. I really support that. For example, look up the La Brea honey pot. It's a digital tarpit for autonomous malware. It's pretty cool, and completely legal.

        C//

  • In the US, and in the sorts of theoretically-rule-of-law-y jurisdictions that corporations generally have substantial operations and assets in, most flavors of "cyberattack" are de jure Pretty. Seriously. Not. Legal.

    This does approximately jack shit against gangs operating offshore in who-knows-where controlling botnets of enslaved Joe User XP home boxes; but it is the state of the law. Now, let's think about this for a second: Any "cyber-counterattack", unless unbelievably flawless, is probably going to have some amount of collateral damage: ISPs getting parts of their networks DDOSed, innocent-if-clueless home users getting their botnetted boxes taken down, etc. Even the direct damage will be illegal(though criminal gangs probably won't press charges); but the collateral damage will, in not a few cases, fall directly on people and businesses, in western jurisdictions, who had nothing to do with the original attack(other than, perhaps, not updating their AV often enough).

    Now, when it comes to light that Foocorp LLC, a division of Deeppockets Industries, and their officers and employees have been guilty of numerous violations of federal cybercrime violations, most felonies, and a variety of civilly actionable property damage, where do you think the lawyers are going to go looking for blood? Yuri Shadymov and John Does 1-N, the mysterious perpetrators of the attack on Foocorp, or the conveniently-located-right-at-home Deeppockets Industries?

    There would be a nonzero risk(and they would deserve every bit of it) that Deeppockets industries could find itself up to its eyeballs in civil suits, and the Foocorp IT team and every exec who knew of and authorized their actions could be looking at serious fines and some quality time in FPMITA...
    • by blueg3 (192743)

      Worse, it's pretty easy to pin an obvious or even not-so-obvious cyberattack on someone else. If vigilante "cyber justice" is acceptable, then an efficient way of performing your cyber attack is simply to attack a third-party target and make it look like your real target did it.

      There's a reason vigilante justice isn't acceptable.

      • The other issue, with electronic attacks specifically, is that effective "self defense" would require absurdly broad authorization.

        In physical terms, you have states like Texas, where shooting trespassers is largely legal, and states like Massachusetts where you pretty much have to have run out of other options before you can use lethal force in self defense. When it comes to electronic attacks, everybody already enjoys greater-than-Texas level of self-defense capability. I can tell my routers and switch
        • In physical terms, you have states like Texas, where shooting trespassers is largely legal

          Wrong.

          • Hyperbolic, possibly; but the law [state.tx.us] is fairly broad and the bar fairly low.
            • I'd say the law is fairly reasonable. In any case it clearly does not permit the use of deadly force against a mere trespasser.

          • by blueg3 (192743)

            I don't know about Texas, but in Florida, your legal right to shoot (or otherwise use lethal force) against anyone on your property is fairly broad.

            • There is nowhere in the USA where use of deadly force against a mere trespasser is legal.

              • by blueg3 (192743)

                They need to forcibly enter your home or occupied vehicle (rather than just being on your property). Otherwise, Florida's castle doctrine does exactly that.

      • That "pinning" is standard operating procedure, it's rare for an attack to be traceable to a real guilty party.

        • by blueg3 (192743)

          Naturally, although many cyber attacks right now are done through botnets or are made to look as if they were done by an anonymous, meaningless entity, rather than intentionally placing evidence that leads you to believe it's from a particular third party.

          The short version is that vigilante justice is particularly bad for cyber attacks because attribution is particularly difficult.

  • Yes. But let's keep it non-nuclear, ok? Cruise missiles, Predator drones, maybe SeeBees with satchel charges: all fine. Just be sure the response isn't disproportionate.
  • They would never be certain to get the right target and cannot guarantee that innocent bystanders won't get caught in the crossfire. That may be acceptable in the silly plots of TV dramas, but in real life there are consequences.
  • "Hello, my name is Inigo Montoya. You hacked my computer. Prepare to die."

  • by Anonymous Coward

    So, the summary is misleading.
    The actual article (starts out) talking about using vulnerabilities in botnets and "attack" tools, and an idea called a "tarpit" that would attempt to tie up resources on botnets and "attack" tools.
    Not much of a new idea, as people are already doing things like this: Locking out login attempts, delaying login, or CAPTCHAs are a simple example of "tarpits". Reverse engineering malicious programs is already being done. Honeypots, etc.
    "Revenge assault" seems to be strong wordin

  • its the best way to get everyone blind.
  • Just like if you get up in the morning to find that your window is broken, the BEST response is to pick up a shotgun and go kick in your neighbour's front door.

    Remember, your first impulse is always right and you can never, EVER misunderstand any situation.

  • For the attacks I heard about it was often not clear who was behind them. As for many viruses, it was unknown where Stuxnet came from. It is mostly unknown who is controlling the botnets behind DoS attacks. If someone steals data he will either use TOR, or an open hotspot.
    • > It is mostly unknown who is controlling the botnets behind DoS attacks.

      Yes, but would it be wrong to cripple the bots if that would stop the attack?

    • by PPH (736903)

      Not really applicable in this case. Prisoners Dilemma applies to two or more players and a symmetrical outcome matrix. Law enforcement vs suspects is rarely symmetrical.

    • by toddestan (632714)

      How is this the Prisoner's Dilemma?

  • We need to establish corporate extraterritoriality before anyone exept the government can start to mount turreted autocannons in their lobbies/Black ICE in the networks/kink bombs in the implants of all employees and family members below B-grade. Or at least, that's the story that anyone below grade Ultraviolet/AAA gets fed. But boy, will those AAA bastards be up for a surprise when the second stage of Dunkelzahn's Cyberzombie-Jesus-plot finally comes into action at the product lifecycle end of Shadowrun 4e
  • No.

    Better to strike first. Mind, good enough so _they_ can't retalliate.

    Whoever 'they' are ...

  • Well, victims "should" leave retaliation to law enforcement. But when there is no answer to the question, "What law enforcement?" victims "will" retaliate whether they "should" or not.

  • Given the ease of hiding the origin of your attack (tried tracking spam?) you've got the problem of the hackers doing false flag attacks on you in order to trick you into attacking the real target of the hackers. The only way to actually stop attacks is to track them down and arrest them. No other plan will ensure the attacks permanently stop. On the other hand, having the RIAA attack MPAA in a full scale cyberwar would be kindof cool.
  • Why would anyone imagine that the same outcome would not apply in cyberspace? I DDOS you, you DDOS me. We get our friends to DDOS our enemies. You deface me, I deface you. Sounds like a whole lot of wasted bandwidth. I'd rather see folks invest in anti-spoofing at the network edge, implement better auth methods, and review content for vulnerabilities before they publish. Sheesh.
  • Do you really want CORPORATES have that power? Please. These guys don't even have the common sense to break the boom-bust cycles. It's like giving a knife to a child incapable of learning from experience. So Company A attacks Hacker B. Only it turns out that the attack went awry and Hacker B is actually a rival corporate giant. So Rival Corporate giant attacks, which misfires too. Remember, it is difficult to prove motivation or origin or logic in a cyber attack. Isn't it fun, boys?
  • In a working state, the power to punish by act seen as criminal is exerted by the police and the courts. If "the strong" can "retaliate" against the weak, the we call that anarchy.

    If Amazon want they can take offline everybody who is hosting wikileaks and every imageboard which used the word "anonymous" on the planet by dedicating 10% of their computational/network power to "retaliate". If google would like to "retaliate" against somebody, they could take a medium-sized country offline and render it inopera

  • I thought he was going to hit me so I hit him back first.
  • IANAL.This brings up the question, "Is cyber self-defense a legally viable defense in court?"

    The analogy goes like this. I was being attacked so I whacked him to may him stop. The corporate equivalent is, My network and computer systems were being attacked to whacked the attacker to make him stop.
  • Any competent attackers will cover their tracks, often making it appear that the source of the attack is in a completely different country. It's fairly easy to frame someone and make it look credible.

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.

Working...