April 1st, 2003, 04:18 PM
Hacking Retaliation Legal?
This seems like a good way to fight back.. but I can think of a couple of situations where you would be doing just as much harm as the original "hacker".
"IT security specialists Backfire Security today announced the availability of a software download as a discreet desk-top client application that wreaks revenge on those hackers and culprits attacking your network or infecting users with worms and/or viruses. The "freeware" package - PAYBACK v1.0 - is available from www.backfiresecurity.co.uk
in both PC and Mac formats. PAYBACK v1.0 is a new kind of anti-hacker application called an IRS (Intruder Retaliation System) and is based upon "guerrilla" programming protocols and algorithms originally developed for the Chinese Space Program.
Attacker compromises host A which uses host A as a launch pad for attacks against host B. If host B is your machine and you have PAYBACK installed on it... you are helping destroy a machine of a victim that didn't attack you in the first place. You would be just as guilty as the attacker. Even though you didn't attack host A... you infected it.
I wonder how this would all play out on the legal sides of things...
April 1st, 2003, 04:23 PM
April 1st, 2003, 04:34 PM
While this may be an April's Fool's joke, the reality is that some legislators are suggesting that it might be legal to do it. And I think some companies are truly looking into this as a method of dealing with attackers.
April 1st, 2003, 04:47 PM
Chinese space program??? HAHAHAHAHA!!!!! That's an oxymoron. Thanks I had a rough morning and this helped out...
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
April 1st, 2003, 04:48 PM
/*head held down in shame*/
/* going to sulk at a free craps game on msn*/
the only way to fix it is to flush it all away-tool
April 1st, 2003, 05:09 PM
Yeah it sounds like a nice idea, but I totally agree with you phish on the "what if" statement. Plus it just doesn't seem right. I mean I understand being a "hacker" to know what you need to keep your network safe from the skum of the Ineternet... but using a program like that just sounds like a "legit" way of doing the same thing they are. Because in the end you're just eating up bandwidth and processor power to return the attack they are sending you right? I donno, maybe I just see it a different way also...
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
April 1st, 2003, 05:21 PM
Back in the height of code red I wrote a little bit of code that did something very similar to this. Assuming any one that was still getting hit by code red had never patched there system I passed back the ping of death to any system hitting my with code red. Yes this was mean, and yes probably not legal but they should have updated there antivirus , and understand I was on a cable modem at the time code red was so prevalent that it acted as a DDOS attack on my system. Before I put my code up I would drop off the net for hours at a time, afterwards it was smooth surfing.
April 1st, 2003, 05:28 PM
it seems a little bit like an eTennis match....
computers A and B both have backfire, or superRetribution9.23 or whatever it ends up being called, some 1337 h4x0r uses host A to attack host B, and then A and B go at it until one of them (or both of them) crashes.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
April 1st, 2003, 06:12 PM
I thought it was a good Apr 1st joke...
gave me a good morning laugh too! Def. need those on mon and tues mornings..
April 1st, 2003, 08:27 PM
When I was in college our school's UNIX system was hacked after a forgetful State Network Tech left the campus exposed through one of their routers. I was in the UNIX Admin class at the time and our school contacted the FBI and state division of criminal investigation. My class was able to assist in the investigation as a practical exercise since our systems were completely down.
Originally posted by MsMittens
...some legislators are suggesting that it might be legal to do it. And I think some companies are truly looking into this as a method of dealing with attackers.
I was appointed to lead the "CAT" group, or counter-attack team. Our job was to monitor the system and gather information about the suspect and then counter-attack in order to stop the intrusions. We were informed in no uncertain terms by the FBI that this, in itself, is illegal as well and our job was to gather information and fingerprint the attacks so we could identify the suspect or at the very least build a profile.
At the same time, I was working as a computer security manager at a local USAF installation where I was informed that they had 2 systems specifically set up to counter-attack systems identified by the IDS as a threat.
So - until the laws change, the moral of the story is only the Feds can do what they want to, we have to abide by their rules. And as maddening as it is to have some asshat attempting to, or succeeding in mangling your systems, you cannot counter-attack. Document everything you can and hope the authorities actually use it.