Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hacking Retaliation Legal?

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    Hacking Retaliation Legal?

    Source
    "IT security specialists Backfire Security today announced the availability of a software download as a discreet desk-top client application that wreaks revenge on those hackers and culprits attacking your network or infecting users with worms and/or viruses. The "freeware" package - PAYBACK v1.0 - is available from www.backfiresecurity.co.uk in both PC and Mac formats. PAYBACK v1.0 is a new kind of anti-hacker application called an IRS (Intruder Retaliation System) and is based upon "guerrilla" programming protocols and algorithms originally developed for the Chinese Space Program.
    This seems like a good way to fight back.. but I can think of a couple of situations where you would be doing just as much harm as the original "hacker".

    Imagine:

    Attacker compromises host A which uses host A as a launch pad for attacks against host B. If host B is your machine and you have PAYBACK installed on it... you are helping destroy a machine of a victim that didn't attack you in the first place. You would be just as guilty as the attacker. Even though you didn't attack host A... you infected it.

    I wonder how this would all play out on the legal sides of things...

    Opinions anyone?

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Nice try

    Cheers:
    DjM

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    While this may be an April's Fool's joke, the reality is that some legislators are suggesting that it might be legal to do it. And I think some companies are truly looking into this as a method of dealing with attackers.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Chinese space program??? HAHAHAHAHA!!!!! That's an oxymoron. Thanks I had a rough morning and this helped out...
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    242
    /*head held down in shame*/
    got me
    /* going to sulk at a free craps game on msn*/
    the only way to fix it is to flush it all away-tool

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    Yeah it sounds like a nice idea, but I totally agree with you phish on the "what if" statement. Plus it just doesn't seem right. I mean I understand being a "hacker" to know what you need to keep your network safe from the skum of the Ineternet... but using a program like that just sounds like a "legit" way of doing the same thing they are. Because in the end you're just eating up bandwidth and processor power to return the attack they are sending you right? I donno, maybe I just see it a different way also...
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Back in the height of code red I wrote a little bit of code that did something very similar to this. Assuming any one that was still getting hit by code red had never patched there system I passed back the ping of death to any system hitting my with code red. Yes this was mean, and yes probably not legal but they should have updated there antivirus , and understand I was on a cable modem at the time code red was so prevalent that it acted as a DDOS attack on my system. Before I put my code up I would drop off the net for hours at a time, afterwards it was smooth surfing.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    it seems a little bit like an eTennis match....

    computers A and B both have backfire, or superRetribution9.23 or whatever it ends up being called, some 1337 h4x0r uses host A to attack host B, and then A and B go at it until one of them (or both of them) crashes.
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I thought it was a good Apr 1st joke...

    gave me a good morning laugh too! Def. need those on mon and tues mornings..

  10. #10
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    178
    Originally posted by MsMittens
    ...some legislators are suggesting that it might be legal to do it. And I think some companies are truly looking into this as a method of dealing with attackers.
    When I was in college our school's UNIX system was hacked after a forgetful State Network Tech left the campus exposed through one of their routers. I was in the UNIX Admin class at the time and our school contacted the FBI and state division of criminal investigation. My class was able to assist in the investigation as a practical exercise since our systems were completely down.

    I was appointed to lead the "CAT" group, or counter-attack team. Our job was to monitor the system and gather information about the suspect and then counter-attack in order to stop the intrusions. We were informed in no uncertain terms by the FBI that this, in itself, is illegal as well and our job was to gather information and fingerprint the attacks so we could identify the suspect or at the very least build a profile.

    At the same time, I was working as a computer security manager at a local USAF installation where I was informed that they had 2 systems specifically set up to counter-attack systems identified by the IDS as a threat.

    So - until the laws change, the moral of the story is only the Feds can do what they want to, we have to abide by their rules. And as maddening as it is to have some asshat attempting to, or succeeding in mangling your systems, you cannot counter-attack. Document everything you can and hope the authorities actually use it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •