return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Security product to strike back at hackers ]

Security product to strike back at hackers


I am old enough to have listened to Herman Kahn lecture on "megadeath" (a term he coined in attempting to quantize the effects of nuclear wargaming) and read his seminal work, "On Thermonuclear War," when it was first issued. Symbiot should read it now, especially the Nth order escalation scenarios and their ping pong effects -- notably when an N+1 state spoofs an attack that appears to come from another state. If the N+1 state can escape detection (or in the case of a stateless terrorist have no state to identify and attack), the other states pound one another silly, often operating from a "use it or loose it" mentality.

Were I a bad guy, I would spoof attacks (by prelaunching MyDoom style assaults to set up a controllable network of PCs) and then let Symbiot perform a DDOS counterstrike for me. The more Symbiot installs there are, the more N+1 escalation that occurs. And brush aside their comments that it is designed around the doctrine of "necessity and proportionality." We are talking about a user community that hasn't learned to change default passwords on their WiFi gear. Are we to assume that they are able to establish appropriate counterforce levels and optimize it as their threat envelope changes over time? For those answering yes, I've got some beachfront Arctic property for you, cheap. At least go see Errol Morris' film, "The Fog of War." Even the military struggles with this and they are trained for it.

Note that I am not against counterforce attacks but would very carefully launch them under defense/military control as a covert op rather than have civilians triggering them willy-nilly. (States can also execute ops that would violate statute were they launched by private enterprise.) I am also not averse to targeting the perps themselves. (Yes, I am aware of the extraterritoriality and preemption issues that are at stake here.) Another aspect of this code: I think that we will see hacker attacks using Symbiot-style code (perhaps even reverse engineering Symbiot itself). Another genie to escape the bottle. Your mileage may vary:

Security product to strike back at hackers
Munir Kotadia
March 10, 2004, 8:34 AM PT

Symbiot, a Texas-based security company, plans to release a corporate defense system that fights back against distributed denial-of-service and hacker attacks by launching counterstrikes.

Mike Erwin, Symbiot's president, and Paco Nathan, its chief scientist, are preparing for the release by posting a set of "rules of engagement for information warfare" on the company's Web site. They say such rules should be part of corporate security policy to help companies determine their exact response to an incoming attack.

"Until today, security solutions have been totally passive in nature. Merely erecting defensive walls around the perimeter of an enterprise network is not an adequate deterrent," said Erwin, who asserts that offensive tactics must be part of a complete defense.

Symbiot, located in Austin, said it bases its theory on the military doctrine of "necessity and proportionality," which means that the response to an attack is proportionate to the attack's ferocity. According to the company, a response could range from "profiling and blacklisting upstream providers" to launching a distributed denial-of-service (DDoS) "counterstrike."

Graham Titterington, principal analyst at Ovum, said "such a counterattack would not be regarded as self-defense and would therefore be an attack. It would be illegal in those jurisdictions where an antihacking law is in place."

He added that because many hacking and DDoS attacks are launched from hijacked computers, the system unlikely find its real target. "Attacks are often launched from a site that has been hijacked, making it an unwitting and innocent--although possibly slightly negligent---party," Titterington said.


Governments could soon be using hacker tools for law enforcement and the pursuit of justice, according to an expert on technology-related law. Joel Reidenberg, professor of law at New York-based Fordham University, said denial-of-service attacks and packet-blocking technology will likely be used by nation-states to enforce their laws. This could even include attacks on companies based in other countries, he said.

Gordon Housworth

InfoT Public  


  discuss this article

<<  |  May 2020  |  >>
view our rss feed