Counterstrike Software For Internet Hackers

[mmkhan]

First "counterstrike software" for Internet hackers gets rocky start

11.06.2004 09:43:49

PARIS (AFP) - The first commercial software to strike back at computer vandals and spammers has run into crossfire from experts, who fear it could unleash "a cyber bloodbath" that could engulf the Internet, New Scientist says.

The product, launched in March by Texas security company Symbiot, gives companies an escalating list of options to defend themselves against hackers and other sources of unwanted traffic.

The menu starts with defensive choices: blocking traffic from a certain site, limiting the amount of bandwidth that certain senders can take up, and diverting troublesome data into a "honeypot" -- a decoy server where it can do no harm.

From then on, the options are more aggressive.

Someone who tries to hack into the company's computer can be "tagged."

He is allowed to steal information that appears valuable but in fact infiltrates his own computer, stamping all further data packets from that source with a tag which identifies it to other Symbiot subscribers as a "known attacker."

As a final resort, the company can send code to the attacking computer to end the assault.

Symbiot refuses to say what the counter-offensive entails, although a spokesman admits it "could be seen by some as malicious code," New Scientist says.

That means the software enables its customers to invade other computers, and for critics, this could open the gates to an escalating conflict where innocents could end up victims, the British weekly says.

The bystanders could include ordinary people whose computers are hijacked, without their knowledge, to send out spam or email viruses, or whose Internet address is "spoofed" -- used by the hacker to mask his own whereabouts.

Spoofing means "it is even possible to envisage an elaborate plot in which an unscrupulous small operator lures two larger rivals into a shooting match by convincing each one that it is under attack by the other," the report says.

"This type of thinking comes from a small number of security professionals, ones I'd consider hotheads, who want to get back at people," Eugene Schultz, an expert at Lawrence Berkeley National Labs, said.

"It's a vigilante mentality, and it just seems so irresponsible."

Symbiot, which gives access to the counterstrike software for 10,000 dollars a month, is treading carefully.

Before releasing its product, called iSIMS, it issued a white paper on "rules of engagement," stressing that users should only counterstrike when all else fails.

The report appears in next Saturday's issue of New Scientist.

Counterstrike software is being pursued by other computer security firms, sensing the widespread frustration at the failure of law enforcement at dealing with hacking and spamming.

At present, companies and individuals have only defensive options in the commercial arena, such as software for firewalls, spam filters and detectors that block suspected viruses.

But these are invariably breached after a while and have to be continuously updated.

Reference:hxxp://astalavista.com/?section=news&cmd=details&newsid=277
hxxp://www.symbiot.com

[Relyt]

mmkhan,

Good info and we have this conversation come up frequently in AO. Surely we want a pound of flesh belonging to the deviants, but there would be to many innocent bystanders beat-on along the way. As you probably know, the attackers aren't going to use their own computers. Rather, they will set up hops along the way to help conceal themselves. It is those folks/companies/educational institutions etc., who will receive the brunt of the attacks and counterattacks, while the deviant(s) sits back and has his fun. So the kneejerk reaction towards counterattacks always seems to appear appealing, however, we may set up a waste land along the internet just trying to get one.

cheers

[AxessTerminated]

It's much like dropping the atomic bombs on Japan, many innocent bystanders, but it was a last resort. I think this software will be amazing to see at work. Maybe the counterstrike could actually be redirected back at the servers by some of the best, ya know?

[Nokia]

I agree it would be good to see htis in action!

But at $10,000 a month , i cant see many companies using it!!

The companies that can afford it proberbly arnt the type that want to go round trashing other peoples computers. All it will do is get them a bad name.

It only takes one innocent who didnt know his computer had been hijacked by someone else to take the company to court for trashing his computer to ruin the name of a company!
I dont know many companies that will take that risk!

An intresting post though! Thanks

[Relyt]

But at $10,000 a month

I didn't really clue in on the "A MONTH" part of that until you just posted it. 10K a month! A year would be acceptable. However with that price tag, they will be able to afford all the lawsuits that are thrown there way!

[hobbdebub]

This product seems like it will be interesting but it almost seems like the people who came up with it are just frustrated and want revenge. The whole marking of "deviant computers" tagged is pretty neat but I agree that it will have a bunch of innocent victims as a result. Using malicious attacks to get back at crackers seems childish and a bit dangerous. It makes me think of someone shooting another person for killing a friend simply because they had the same hair color as the murderer. What if the person you retaliate against was just a hop along the way? What then?

[Nokia]

Thats a bit morbid!!

I see what your saying though.

I can alos see why they have created this Counterstrike Software, unfortunatley there is no way to discriminate between the innocent and the guilty when retaliating against a hacker!

It dodgy ground for the company who invented it, we can only wait and see how it pans out for them.

I wish I had a spare 10 grand so I could have a go at using it though!!

[D0pp139an93r]

Don't start that ignorance is no excuse bullshit.

Even the most secure machines with PhD's running them get hacked.



It happens. Can you expect Grandma to understand the signifigance of packet logs after some salesman told her that Norton would save her?



EDIT: I don't have a problem with striking back... I just don't want a machine doing it. A skilled professional who may be able to differentiate between zombie and skiddie/cracker or even a complete spoof.

[Nokia]

Originally posted here by eth3r
Anyone who is zombied or having their bandwidth/machine used for a hop deserves everythihng I do to them. Ignorance is no excuse.... just my $.02

Ooo but your soooo soooo goood!!

If only everyone was as good with a computer as you are!!

Why is ignorance no excuse then?

[ttau]

1. Wouldn't using this software voilate computer crime laws?

2. What company with any sort of legal counsel would even consider this? The exposer to law
suits from innocent people getting their computers trashed would be huge.

3. $10,000 a month? Somebodies on crack. Both the company that's hawking it and any
company that would pay such a ridiculous price. IMHO.

4. Revenge can leave an awful aftertaste.