Hackback: Understanding the Option and Ramifications Better

When we’re faced with an attacker, is there something more we can or should do, other than stop the attack, clean up our affected systems, take stock of the damage and clean up afterwards?

It’s in this context that the question of “hackback” comes up. Hackback is the idea that defenders can do more than just that. Hackback at its simplest is the idea that defenders can take the fight to the attackers.

It’s an idea that comes up in the security community every few years. It’s come up again most recently this summer with the claims that a US-drone strike killed Junaid Hussain, a British national alleged to have been a hacker for ISIS who was behind the release of personal information of US military personnel. Some have looked at this incident as the ultimate “hackback,” with the defenders making the attacker pay with his life.

Regardless of whether this case was an actual, lethal “hackback” or not, the question of whether hackback is a good strategy or not continues to brew.

In looking at that question, it’s good to have a better understanding of what “hackback” can and does entail and what the ramifications and potential consequences can be. Recently at the Virus Bulletin 2015 conference, Trend Micro Forward-Looking Threat Research team member Dr. Morton Swimmer presented a paper along with Andrew Lee and Nick FitzGerald on this topic:  “The Kobayashi Maru Dilemma.” In this paper, the authors outline some of the history, questions and concerns around the topic of “hackback.”

In this paper, the authors discuss not just “hackback” as it’s popularly understood (disruptive or destructive actions by defenders against attackers) but also some tactics that have become more generally accepted such as sinkholing and probing.

In the paper, the authors set out different “hackback” tactics and the potential pros and cons from an ethical and legal point of view.

The paper doesn’t give an answer to the question of whether “hackback” is a good idea: that’s ultimately left up to the reader. But they do give a reasoned analysis of the problem that can help people make better informed decisions on the question.

While law enforcement actions to protect people on the Internet have improved over the years, the fact is there remains a “wild west” quality to the Internet. There likely always will be. And so, the option to pursue “frontier justice” on one’s own, will likely always be on the table for evaluation. Like any situation involving the potential use of force, there is no easy answer. Every situation is different and only those in the situation in the moment can truly know what goes into making the call. But with some of the information outlined in this paper, people can be armed with better information to make better decisions should they find themselves in that situation.

For the full presentation slides, click here.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.



from Trend Micro Simply Security http://ift.tt/1PUNHQY
via IFTTT