Plan to Counterattack Hackers Draws More Fire: Page 2

(Page 2 of 2)

Going too far?

The idea of a company launching an attack, along with the severity of the countermeasures, is raising concerns in the security community.

Launching a retaliatory denial-of-service attack against an aggressor opens up the door to a whole host of questions. How would that counterattack affect ISPs? What would it do to network traffic and corporate bandwidth? Would the attack target unsuspecting users whose computers have been compromised by a virus and now are being used to send spam or denial-of-service attacks?

''It's not a good idea to have a tool that is offensive by nature,'' says Ken Dunham, director of malicious code at iDefense, a security intelligence company. ''It's riddled with problems... It creates a vigilante atmosphere that could lead to chaos. It's not appropriate for computer security at large.''

A good portion of the controversy swirls around counterattacks that might be launched against zombie, or compromised, machines.

A significant number of worms in the past several months have been geared to infect a machine and then open a backdoor that the virus author can use to remotely control that computer. Once thousands or hundreds of thousands of machines have been compromised this way, the hacker can then use this army of 'zombie' machines to send malignant waves of spam or hit a company with an aggressive denial-of-service attack. If the company under attack traced the source of the attack, it would take them back to these compromised machines.

Analysts question the benefit of attacking unsuspecting users. And it would be bad enough if the zombie computer belonged to a grandmother in Michigan, but what if some of those zombie machines were part of a high school network, or were based in law enforcement or an electrical utility?

What would happen if those networks came under counterstrike?

Steve Sundermeier, a vice president with Medina, Ohio-based Central Command, Inc., an anti-virus company, says any time innocent computers are in line to be attacked, there's plenty of room for trouble.

''It all revolves around those compromised machines,'' says Sundermeier. ''How can you take a preemptive strike or retaliate against a machine or a person that doesn't even know that they've been compromised? It could be a school system that has every possible security procedure in place but one student disabled something, and now you're launching a counterattack against them. You'd be wreaking havoc on the whole school.''

In a previous interview, Mike W. Erwin, president of Symbiot, says those compromised machines are a big part of the problem. And that opens them up to response.

''When a zombied host or infected computer has been clearly identified as the source of an attack, it is our responsibility to empower customers to defend themselves,'' says Erwin. ''An infected machine, one no longer under the control of its owner, is no longer an innocent bystander.''

But Bakos says that's simply too dangerous.

''Shutting down a system that is flawed but is still business-critical could prove disastrous,'' he says. ''The aggressive defenders can't possibly know the value of the system to its owners... What if it is part of an Emergency Response System, or health care or a utility?

''We can pretend that all infrastructure critical systems are behind impenetrable defenses but we'd be deluding ourselves,'' adds Bakos. ''More financial damage and potential human damage can be done by the responses than by the initial attacks themselves.''


Page 2 of 2

Previous Page
1 2
 





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.