Posted on 04/10/2013 4:17:51 AM PDT by Sir Napsalot
(snip) Considering this deluge of aggressive and costly security breaches, it’s no wonder that some people are getting frustrated enough to contemplate striking back directly against our attackers. While giving cyber criminals a taste of their own medicine certainly sounds appealing, most forms of so-called "Strikeback" have no place in private business. ......
What’s Wrong With Strikeback?
Unfortunately, direct strikeback measures have huge inherent risks:.
Targeting: The biggest problem with strikeback is that the Internet provides anonymity, making it very hard to know who’s really behind an attack. It's all too likely that strikebacks could impact innocent victims. For example, attackers have started to purposely plant false flags into their code, suggesting it came from another organization in order to sabotage that company.
Geography: Another key issue is that Internet crimes tend to pass through many geographies and legal jurisdictions. Domestic strikebacks invite potential legal problems, but cross-border actions have even wider ramifications.
Legal: Additionally, most strikeback activity is illegal. It is against the law for the average person to track down and punish a burglar who ransacked a house, and the same principles hold true for cybercrimes. If an organization uses a booby trapped document to install a Trojan on the attacker’s network, it is technically breaking the same type of computer fraud and abuse laws that the attacker broke to steal information in the first place.
Revenge: When it comes down to it, strikeback is simply revenge. If a network has already been breached, striking back against the attacker typically doesn’t recover stolen data or repair damage that has already been done. It's almost always better to pursue legal investigations and prosecutions through the proper channels.
(Excerpt) Read more at readwrite.com ...
Strikeback simply doesn’t belong in private business. It offers no real advantages to most organizations, and it carries serious risks that far outweigh the short-lived satisfaction of revenge. Instead, companies should focus their security strategies on well-implemented, carefully monitored, multi-layer defenses designed to keep cyber criminals from breaching their networks in the first place.
Passive Defense only works for so long. Eventually if you want this to stop then companies and governments are going to go on the offensive. Either position has it’s advantages and disadvantages.
The second for me, seems to be the one more fraught with unintended consequences. Mainly for the Law-abiding user on ‘net’ services.
I’m working on a new internet protocol to address this problem: EMP/IP.
This just saddens me to no end this A.M. I really thought the cruise missile option was the best one.
So far these cyber attacks have not been officially recognized as ‘legitimate’ warfare. In the past it "hasn't hit" general public in their purse, in their welfare.
But I wholeheartedly agree with your “Passive Defense only works for so long.” statement.
I know nothing ... nothing.
Sorry, I promptly forgot what I was talking about.
I know nothing either.
Death Penalty for virus writers
Ultimately what’s going to happen (what is happening) around the world is gov’t control of the internet under the guise of protecting all the people.
So all the people will have their internet use severally restricted, while the same cyber criminals operate freely.
Smoking, public transportation, large soft drinks, pot, gun control, all use the same gov’t control template that works so well.
Thanks for the link. Again it says
1) ‘doesn’t belong in private business’ ==> MAD (or close to MAD) as in the two Dutch companies case
2) up to policy makers ==> PoloSec’s scenario comes true
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.