Thursday, July 18, 2024

Plan to Fight Back Against Hackers Causes Stir

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A new security company is up and running with the idea that it’s simply not enough to

protect a corporate network anymore. They say it’s time to fight back.

But some members of the security industry worry that giving IT managers the tools to attack

their attackers could cause far more serious problems than it would solve.

Symbiot, Inc., a fledgling infrastructure security company based in Austin, Texas, is

getting ready to release its first product at the end of this month. The company’s

Intelligent Security Infrastructure Management Solution uses artificial intelligence

software to analyze network patterns, manage attacks on the network and respond to them.

What is causing a stir in the security community is the response part of the plan.

Symbiot’s founders are looking to fight back against hackers, virus writers and

denial-of-service attacks by launching counterattacks. It’s time, they say, for the

attacked to become the attackers.

”Threats to the enterprise network are evolving at an unprecedented pace,” says Mike W.

Erwin, president of Symbiot. ”Businesses can no longer afford the substantial financial

resources and manpower associated with the endless loop of building walls and repairing and

rebuilding them after each attack — only to repeat the process day in and day out.

”Responses would include many different levels, graduated from blocking and quarantining

to more invasive techniques,” he adds.

So far, however, Symbiot executives are not saying exactly what these ‘invasive techniques’

will be. Erwin would only go so far as classifying the countermeasures as ‘non-destructive,

destructive-recoverable, and destructive non-recoverable’. He does say that blocking,

shunning and diverting attacks will take care of most threats.

But it’s the term ‘counterattacks’ and what that might mean that has security analysts


Launching a retaliatory denial-of-service attack against an aggressor opens up the door to a

whole host of questions. How would that counterattack affect ISPs? What would it do to

network traffic and corporate bandwidth? Would the attack target unsuspecting users whose

computers have been compromised by a virus and now are being used to send spam or

denial-of-service attacks?

”This is not the best of ideas,” says Steve Sundermeier, a vice president with Medina,

Ohio-based Central Command, Inc., an anti-virus company. ”Think about how Code Red or

Blaster affected bandwidth as a whole. A counterattack would only add additional weight to

the to the bandwidth pressure. That could put the Internet into a crawl.

”You’re putting companies at risk,” he adds. ”You’re putting people’s livelihoods at

risk… It just isn’t a good idea to repay evil with evil.”

See Continuation: How Will ISPs and Users be Affected?

Sundermeier also worries that ISPs, which deal with such large amounts of network traffic,

would be pummeled by the weight of counterattacks.

Erwin, however, says ISPs are already suffering.

”Intermediaries, such as ISPs, are already caught in the middle when one of their

customers is engaged in, or is the target of, a network-based attack,” he says. ”Our

system empowers customers to mount a supportable response at the moment they are being

attacked and their network assets are placed at risk by an attacker.”

Both Sundermeier and Ken Dunham, director of malicious code at iDefense, a security and

anti-virus company, say innocent users, whether individuals or corporate users, would feel

the brunt of many counterattacks.

A significant number of worms in the past several months have been geared to infect a

machine and then open a backdoor that the virus author can use to remotely control that

computer. Once thousands or hundreds of thousands of machines have been compromised this

way, the hacker can then use this army of ‘zombie’ machines to send malignant waves of spam

or hit a company with an aggressive denial-of-service attack. If the company under attack

traced the source of the attack, it would take them back to these compromised machines.

That means a counterattack might be more likely to hit an elderly woman living in Duluth or

a remote worker who didn’t download the security update in time, as it would the virus

author who actually infected those machines and launched the attack.

Symbiot’s Erwin says those compromised computers are a part of the problem, leaving them

open to response.

”When a zombied host or infected computer has been clearly identified as the source of an

attack, it is our responsibility to empower customers to defend themselves,” says Erwin.

”An infected machine, one no longer under the control of its owner, is no longer an

innocent bystander.”

Dunham of iDefense disagrees.

”This is riddled with problems,” says Dunham. ”You don’t want to make it any more awful

for a victim than it already is. If someone’s computer has been compromised, you don’t want

to slam them again with a counterattack… What kind of online community would this lead


Dunham adds that he’d be interested to find out what would happen if a computer on a

military network was compromised and used in a denial-of-service attack. The company that

launched a counterattack against that machine might find itself in a situation it hadn’t


Symbiot executives say they’ll release more information about their product the closer they

get to the release day, which is scheduled for March 31.

Want to talk about this topic? Go to our IT Management Forum:

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles