Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

To Hack Back Or Not To Hack Back?

Soulskill posted about a year ago | from the wild-wild-cyberwest dept.

Security 183

dinscott writes "If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you. But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to 'hack back.'"

cancel ×

183 comments

No (5, Insightful)

Anonymous Coward | about a year ago | (#43988537)

Bad idea.

Re:No (2, Funny)

Anonymous Coward | about a year ago | (#43988603)

Don't be a pussy, go for it mah brother! Fuck'em up!

Re:No (2)

noh8rz10 (2716597) | about a year ago | (#43989387)

just do it like Goldeneye, with that russian dude.

Re:No (2)

Archangel Michael (180766) | about a year ago | (#43990005)

I am INVINCIBLE!

Re:No (0)

Anonymous Coward | about a year ago | (#43988789)

Just hire some "Researchers". They always get a pass.

Re:No (5, Insightful)

jellomizer (103300) | about a year ago | (#43988879)

For the most part the people who are hacking into you isn't that personal, you are just an open system with the vulnerability. Hacking back will not do too much except for making it personal. If you want to solve the problem you will need to redo your security.

Besides most hackers will jump from system to system to make it hard to detect. I remember trying to trace a hacker back, I gave up after going into 3 or 4 systems across the globe. Realizing that I could part of the problem not the solution I gave up. And then went on improving security.

Re:No (2)

khasim (1285) | about a year ago | (#43989293)

Or, to phrase it another way: if you have the hacking skills to retaliate then you have the skills to be invulnerable to the attack in the first place.

The enemy cracker has a limited number of targets:
1. your router.
2. your firewall.
3. whatever service you provide through your firewall (you do have a DMZ, right?).
4. flooding your bandwidth with traffic from thousands of zombies.

Anyone have any other types of attack that I forgot? And if you cannot secure those (except for #4) then you probably won't be able to "hack back".

Re:No (0)

Anonymous Coward | about a year ago | (#43989315)

The email of your less technically savvy employees, as well as any logins that may have been abc12345.

Re:No (1)

DarkOx (621550) | about a year ago | (#43990145)

I agree in general but if someone is DOSing you there is not much you can do about it other than 1) get their provider to stop them, 2) get the authorities to stop them, 3) get your provider to drop their traffic, 4) or stop them yourself.

If the first three can't or won't do it in a reasonable time frame, what option do you have. If its a DDOS your only options might be 2) and 4) provided you can determine the command and control source. Which might very likely require you to pwn some number of the bots so you can determine how the control channels work and find the source.

You might be able to defend against lower bandwidth request based DOS attacks, and network layer attacks like syn floods with correctly configured equipment and software but if they are simply packeting you either have to take it, or retaliate.

Re:No (5, Insightful)

stewsters (1406737) | about a year ago | (#43989237)

This. Working for your business is not worth getting thrown in jail for, and its open season on hackers.

Some ideas of what you can do:
  • Cleanse anything that goes into a database. Get a model layer that does this for you.
  • You probably don't use UNION or similar keywords but they are used by hackers extensively. We built our own code to search for these keywords and tarpit them.
  • If they are all coming from some small IP block in China, block it. Minimal loss in business.
  • If they are running automated vulnerability scanners, you could add pages to blacklist their hosts as soon as they try to hit default administration pages for wordpress on your site.
  • If its just password guessers, block them. Use ssh keys.
  • Nmap the hosts that are targeting you. Most likely they are someone's compromised windows xp machine.
  • Report them to the FBI: http://itsecurity.vermont.gov/Report_Crime [vermont.gov]

If all else fails, go on 4chan and post "OMG i just made the most secure site evar! Address is ${offender's IP} I bet no one can hack my site and take my bitcoins. "

Good thing.. (5, Insightful)

thisisnotreal (888437) | about a year ago | (#43988547)

Things like this never escalate. I keep seeing and feeling in so many ways how delicate this all is...and we keep hammering on it. As. Hard. As. Possible.

Re:Good thing.. (2)

Artifakt (700173) | about a year ago | (#43988957)

You need to be at plus 5, just for that first sentence, and the rest are as good.

1, Company has trouble with commonly skilled criminal crackers.
2. Company gets special permission to take matters into its own hands. To get this, company does special favors for a nation state.
        (You don't think the politicians just ask for campaign contributions when they can also ask for "law enforcement assistance" against terrorists, do you? Or that those same terrorists, who think of themselves as involved in a war, respect a strong distinction between homeland security and the US military, or similar set ups in other countries?)
3. More skilled political/military crackers, who may also even be backed by the full special resources of another nation, now treat the company as just another arm of a government's military, and even if they have some strange desire to abide by the Geneva convention or other limits, can make a fair case it's a 'legitimate' target.
4. War between two nation states breaks out, starting with computer actions, and with the Company's assets as the primary battlefield.
5. Since everyone thinks cyber-war sounds dumb, there are no firm lines, and the war that starts inside computers ends as the company's employees face special attention from landmines, IEDs and rocket propelled grenades.

Yes, I left out the "?" and "profit" steps. Anyone really think they need to be there?

When I roll into the... (0)

skovnymfe (1671822) | about a year ago | (#43988549)

Re:When I roll into the... (0)

Anonymous Coward | about a year ago | (#43988621)

The script to that was originally me writing perl. But the director took some artistic liberties.

Well, sure (0)

Anonymous Coward | about a year ago | (#43988579)

I mean, two wrongs always make a right, right?

Re:Well, sure (4, Funny)

Doug Otto (2821601) | about a year ago | (#43988627)

No, but three lefts do.

Re:Well, sure (4, Funny)

Mattcelt (454751) | about a year ago | (#43988751)

And two Wrights make an airplane.

Re:Well, sure (1)

Lithdren (605362) | about a year ago | (#43989445)

That means six lefts make an airplane.

and oddly enough takes you back the way you came.

Re:Well, sure (1)

Zumbs (1241138) | about a year ago | (#43989047)

Depends on the angle.

Re:Well, sure (1)

Sedated2000 (1716470) | about a year ago | (#43989569)

My brother's favorite response to my parents (which always resulted in more punishment) was "Well, two negatives equal a positive!"

Vigilantism is not a new concept (5, Insightful)

Anonymous Coward | about a year ago | (#43988581)

What you're advocating, quite plainly, is that if you break into my house and steal something, that I can then break into your house to take something from you. The law is quite clear on this. As long as hacking into and stealing resources is illegal, you doing the same is just as illegal. Get a Rottweiler and a home alarm and sign up for personalized security patrols. In essence that is what you can do with regards to your electronic resources.

Re:Vigilantism is not a new concept (3, Insightful)

lister king of smeg (2481612) | about a year ago | (#43988667)

What you're advocating, quite plainly, is that if you break into my house and steal something, that I can then break into your house to take something from you. The law is quite clear on this. As long as hacking into and stealing resources is illegal, you doing the same is just as illegal. Get a Rottweiler and a home alarm and sign up for personalized security patrols. In essence that is what you can do with regards to your electronic resources.

If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent other than hacking them back.

Re:Vigilantism is not a new concept (0)

Anonymous Coward | about a year ago | (#43988739)

If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent other than hacking them back.

Thank God we don't have "black ice" considering the way castle laws have been abused.

Re:Vigilantism is not a new concept (0)

Anonymous Coward | about a year ago | (#43989325)

How have Castle Laws been abused?

Re:Vigilantism is not a new concept (1)

Shajenko42 (627901) | about a year ago | (#43988745)

If someone breaks into your house and steals something, you're not allowed to hunt them down, break into their house, and steal it back.

Re:Vigilantism is not a new concept (1)

Shajenko42 (627901) | about a year ago | (#43988801)

Didn't see the OP, never mind.

Re:Vigilantism is not a new concept (1)

DarkOx (621550) | about a year ago | (#43990197)

In Texas you actually are under certain circumstances.

Re:Vigilantism is not a new concept (4, Insightful)

HockeyPuck (141947) | about a year ago | (#43988787)

If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent other than hacking them back.

You cannot get in your car, drive to their house and then shoot them, as you are nolonger being threatened by said intruder. Hacking back is exactly that. You've been attacked and then you retaliate after the fact.

Typical conditions that apply to some Castle Doctrine laws include (from wikipedia):

        - An intruder must be making (or have made) an attempt to unlawfully or forcibly enter an occupied residence, business, or vehicle.
        - The intruder must be acting unlawfully (the Castle Doctrine does not allow a right to use force against officers of the law, acting in the course of their legal duties).
        - The occupant(s) of the home must reasonably believe the intruder intends to inflict serious bodily harm or death upon an occupant of the home. Some states apply the Castle Doctrine if the occupant(s) of the home reasonably believe the intruder intends to commit a lesser felony such as arson or burglary.
        - The occupant(s) of the home must not have provoked or instigated an intrusion; or, provoked/instigated an intruder's threat or use of deadly force.

Re:Vigilantism is not a new concept (1)

g0bshiTe (596213) | about a year ago | (#43988909)

So then after the fact is a no-no but catching them in the act you're saying is entirely ok.

Re:Vigilantism is not a new concept (4, Insightful)

Trepidity (597) | about a year ago | (#43989075)

The justification for shooting an intruder in your house is self-defense, since you might reasonably fear for your life if someone's broken into your house (especially if they're armed). The purpose is not to authorize vigilante retaliation or punishment. Therefore, if the person isn't in your house anymore, there is no longer a justification for shooting them.

Actually, even if your house you shouldn't shoot them unless you actually do fear for your life and it's truly self-defense. Not all states require you to prove that (partly due to worries over whether it's possible to prove), but you are not supposed to shoot someone just because you can get away with it.

Re:Vigilantism is not a new concept (0)

Minwee (522556) | about a year ago | (#43989051)

Don't forget Texas' proud addition to that list [nypost.com] :

- It's totally okay to shoot and kill someone as long as it's after dark and she refuses to have sex with you first.

Re:Vigilantism is not a new concept (1)

NatasRevol (731260) | about a year ago | (#43989361)

Can't believe that's something new in Texas. Or any Southern state.

Re:Vigilantism is not a new concept (2)

Hentes (2461350) | about a year ago | (#43988823)

That's not a digital equivalent either.

Re:Vigilantism is not a new concept (1)

spire3661 (1038968) | about a year ago | (#43989217)

You can hack back, right up to your demarc, after that Castle Doctrine ends. What you are suggesting is finding out where the people who broke into your house live and shooting them.

Re:Vigilantism is not a new concept (1)

lister king of smeg (2481612) | about a year ago | (#43989295)

closer would be shooting at the sniper across the road after he started shooting at me which is again justified as self defense.

Re:Vigilantism is not a new concept (1)

houghi (78078) | about a year ago | (#43989227)

hacking them back is not the equivalent.
One is legal due to castle law. The other is illegal.

So you should have said:
If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent.

Re:Vigilantism is not a new concept (1)

Aqualung812 (959532) | about a year ago | (#43989239)

If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent other than hacking them back.

The digital equivalent would be to infect/hack them WHILE THEY ARE CONNECTED to you during their hack, as a means to make them stop.

As soon as they disconnect and you track them back down, you're talking about walking into THEIR house and shooting them. That's still murder.

I AM THE BAT-MAN....HACKER! wait, start again... (2)

TiggertheMad (556308) | about a year ago | (#43989475)

Lets ignore the morally correct point that fighting fire with fire isn't actually legal. Lets just think about what you hope to accomplish.

Suppose that you poses the time and skills to properly track your attacker back to their actual home system(s), and you manage to crack it. You upload an virus you wrote in your free time that spreads through their computer, deletes all files, and hides in the BIOS afterwards, frying hardware with malicious hardware calls. After you disconnect from their newly cratered system, how long is if going to be until the next random punk off the internet trys to probe your security?

< 00.1 second.

Good luck with your vendetta, I hope it works out for you.

Re:Vigilantism is not a new concept (0)

Anonymous Coward | about a year ago | (#43988855)

Your analogy breaks down in the "when someone does this every day" category.

Re:Vigilantism is not a new concept (0)

Anonymous Coward | about a year ago | (#43989245)

It's obvious to me that you did not RTFA. The article is very much on the vein of do not do unto others as they have done unto you, but ignore your urge and let your government handle this for you. The article even goes as far as stating that the next step is world governance where prosecutions are in the vein of "The World versus Joe Schmoe the Baker."

There goes the truly free world...

The summary, however, has invoked its own spin by simply copying the third or fourth paragraph that is trying to link the Old West analogy to the state of the Web now, before going on to try and convince us that this is the wrong view to have.

Re:Vigilantism is not a new concept (1)

noh8rz10 (2716597) | about a year ago | (#43989443)

What you're advocating, quite plainly, is that if you break into my house and steal something, that I can then break into your house to take something from you. The law is quite clear on this. As long as hacking into and stealing resources is illegal, you doing the same is just as illegal. Get a Rottweiler and a home alarm and sign up for personalized security patrols. In essence that is what you can do with regards to your electronic resources.

no its saying if you break into my house i can shoot you. welcome to texas.

the question was posed wrong (4, Insightful)

ganjadude (952775) | about a year ago | (#43988609)

The real question is what to do when our own government is the one "hacking" our pages

Like the Dodgers brawl last night.... (1)

Anonymous Coward | about a year ago | (#43988635)

First Kennedy hit Puig
Then Greinke hit Montero
Then Kennedy hit Greinke

So obviously Kennedy needs to watch his back.....

Re:Like the Dodgers brawl last night.... (-1)

Anonymous Coward | about a year ago | (#43988737)

blasphamy!

Bad Idea. (4, Insightful)

wjcofkc (964165) | about a year ago | (#43988637)

What if the hacker is already attacking from a computer that is not theirs. Firing back would make you no better than them.

Re:Bad Idea. (2)

DarkOx (621550) | about a year ago | (#43988781)

Firing back would make you no better than them

Why a compromised machine is a compromised machine. Its already not really under the legal owners control anymore, even if it happens to still be doing what they want it to. I think from an ethical standpoint its acceptable collateral damage.

Re:Bad Idea. (1)

g0bshiTe (596213) | about a year ago | (#43988925)

The way I see it, it's not different then when MS threatened to boot botnetted machines off the net.

Re:Bad Idea. (1)

DarkOx (621550) | about a year ago | (#43990035)

And they would have been right to do it.

Cowboy analogy (4, Funny)

Hentes (2461350) | about a year ago | (#43988643)

After the flawed warfare analogy of the military, we now have a flawed cowboy analogy. How can these people be that shortsighted, everyone knows that the internet is like cars.

It's a terrible idea (1)

Anonymous Coward | about a year ago | (#43988659)

Even as a massive multinational corporation, you do not have the resources or the expertise. You expose your company to massive legal liability. And you're not prepared for the aftermath. Few enemies are as determined as those bent on revenge.

Re:It's a terrible idea (2)

g0bshiTe (596213) | about a year ago | (#43988941)

I work for Umbrella you fool! We have the resources we have the expertise.

Very bad moment (1)

gmuslera (3436) | about a year ago | (#43988661)

You can get anything from 30 years [mmajunkie.com] to a century [vice.com] in jail for things that goes into the hacking umbrella, even for things that traditionally you won't call attacking. And if you are outside US, a drone [motherjones.com] could visit you.

This usually goes attackers or people that exploits or just bumps against a vulnerability in US government/institution sites, but even if you do against an "evil" organization (and that it is not just a nsa/fbi cover operation or whatever) it could eventually be used against you.

More fun to just defend (1)

GameboyRMH (1153867) | about a year ago | (#43988671)

There's nothing more frustrating as a black hat to hammer away at an apparently impenetrable and indifferent target.

Are you SURE it was that party? (4, Insightful)

mlts (1038732) | about a year ago | (#43988673)

With the fact that compromised hosts are the first thing an intruder has between them and their target, how can one be sure that the host attacking them is malicious, or just a compromised box being used as a proxy or launching point for attacks?

If it was a compromised box, and it gets retaliated against, there might be a chance that the IDS/IPS system on the compromised network will log the back-strike, which can easily mean civil/criminal charges.

My take: Block them at the router for a couple days and go on. Trying to "counter-hack" can get one in a world of hurt.

Re:Are you SURE it was that party? (1)

g0bshiTe (596213) | about a year ago | (#43988965)

And if it is a compromised machine they simply move to another network and continue the attack. Aren't you glad you blocked the first at the router?

Re:Are you SURE it was that party? (0)

Anonymous Coward | about a year ago | (#43989011)

Perhaps a "counter-hack" isn't the same as a counter-intrusion.

Defending yourself ("block them at the router") is a perfectly valid thing to do, but is likely to fail after just a few attacks.

Attacking their motives by giving them a bad payload instead of the intended one is also a perfectly valid thing to do. It's not a counter-intrusion so much as proverbially "poisoning the well". Remember that computer networking protocols all work on a rules-based request-response system. Getting the response ruleset right is important. But once someone has gotten a better-than-you-intended response, you're not under any obligation to continue to provide them with beneficial responses. If they continue to request resources from your system, your system should ideally be able to respond with an attack payload. It's like an electronic land-mine. Structure it so that an unsuspecting intruder won't do it twice (boom! no legs!) and a wary intruder won't do it once (as the mere presence of an attack will alert them to likely detection and scare them off).

There's no need to launch a counter offensive when you're a porcupine (in a minefield).

Re:Are you SURE it was that party? (1)

mlts (1038732) | about a year ago | (#43989501)

Even operating systems have some provisions. Linux has the TARPIT option with iptables which will slow attacks down.

However, what I intended to mean by blocking at the router is if the attack was from one known IP. Of course, the attack would change sources if it is a real intruder.

Honeypots are the best matter of course. An attacker then just not has to deal with trying to get through the usual security measures... but then has to check the veracity of any data they receive. If they get ahold of a web server that is sitting on a VM farm, it is trivial for IDS/IPS software to snapshot the VM for forensics, and immediately roll it back.

On a primitive level, I remember doing this ages ago with the address harvester bots and wpoison. Well behaved Web scrapers would heed the robots.txt file, while the E-mail address scrapers would fall right into the CGI wormholes and be happy slurping up thousands of worthless E-mail addresses.

Put it in real life terms (5, Insightful)

MozeeToby (1163751) | about a year ago | (#43988747)

Someone breaks into your place of business, what are your rights? You can bar the door, obviously. You physically intimidate them into leaving sure. You can shoot them... well... if you're in danger and can't get away (or even if you can in some places)... and you have the right to own the gun you're shooting... and well, you better be able to explain yourself.

What you can't do is follow them home and smash their stuff. And you really, really can't start an international incident, that kind of thing is looked down upon.

Re:Put it in real life terms (2)

NewWorldDan (899800) | about a year ago | (#43988971)

And you also better be damn sure you're attacking the right person and not some poor company who has already had their own systems compromised. Most people are really bad detectives and just aren't qualified to determine who to hack back against. And usually your attacker doesn't have much of a footprint to attack. So while I support your right to actively defend yourself, don't be a Zimmerman and shoot some unarmed kid with a bag of candy in his pocket.

Re:Put it in real life terms (1)

wisnoskij (1206448) | about a year ago | (#43989377)

"You can shoot them... well... if you're in danger and can't get away (or even if you can in some places)."

Not sure how it works in the US, but in Canada which has far far less self defence laws, the specific law says you can do anything you need to do you get the intruder out immediately. Which would mean that the government would have to prove beyond a reasonable doubt that shooting the intruder did not speed up his removal from your property. I found it quite strange reading the Criminal Code; The right to remove an intruder actually gives you more latitude than your right to defend your life and safety from an attacker, by the letter of the law. But of course, like all Canadian laws, they stick "the act committed is reasonable in the circumstances." on the end, so that a judge can rule however he wants in a case.
That being said, the letter of the law is not AT ALL the same thing as how an actual judge will rule, at least without millions in lawers. Specifically in Canada it seems to be more guilty until proven innocent, with regard to guns.

Re:Put it in real life terms (1)

AvitarX (172628) | about a year ago | (#43989881)

Isn't the reasonableness of the act a matter of fact, not a matter of law?

I would expect the jury questionnaire to read along the lines of

"...
If you answered yes to the above, do you believe that the act was reasonable for the circumstances?", which would lead to a not guilty if answered yes. Reasonable may be broken down into specific questions, rather than over-all just reasonable, but it sounds very unlikely a judge would deem reasonableness as a matter of law (though in an extreme case the affirmative defense could be bared from being let in).

IANAL, but I've sat through a dozen (civil) verdicts for cases lasting over a month, and obviously the US isn't Canada (and I am US).

Re:Put it in real life terms (1)

wisnoskij (1206448) | about a year ago | (#43989433)

Me again,
And specifically, I think you might actually be wrong in part.

"preventing the other person from taking, damaging or destroying the property or from making it inoperative, or retaking the property from that person; and"

In Canada:
The criminal does not technically still have to be on your property, for you to defend your stolen property from him.
So if they stole something from you when they hacked your systems, and we consider hacking synonymous with breaking and entering. It definitely might be legal to break/hack into their house; If you took something and you feared that they were about to destroy it, or simply retake it from them.

Re:Put it in real life terms (0)

Anonymous Coward | about a year ago | (#43989455)

Someone breaks into your place of business, what are your rights?

Armed guards aren't that uncommon for businesses. Banks, casinos, etc. Never heard of one getting in trouble for shooting a robber.

Re:Put it in real life terms (1)

dwpro (520418) | about a year ago | (#43989481)

In real life terms, what is a DDOS? Let's try a car analogy. Lets say it's like someone stealing a bunch of cars and driving them to your business and have them blare their horns. I think in this case I would feel justified opening all the hoods and unhooking the batteries, maybe even taking the keys to the car so that they could be returned to the rightful owner or at least not stolen again and made to honk incessantly. Which, back in digital (fake?) life, would be "hacking back" in my mind, and completely justified.

Yes (0)

Anonymous Coward | about a year ago | (#43988755)

I would cyber hack their cyber organization till it makes their cyber heads spin! I wouldnt tell any of my cyber friends about it though.

you messed with the wrong guy (0)

Anonymous Coward | about a year ago | (#43988963)

You done goofed, your hack attacks have been backtraced, and we have informed the cyberpolice, the consequences will never be the same!

Re:you messed with the wrong guy (1)

Minwee (522556) | about a year ago | (#43989221)

Cyber-Impossible! I was behind cyber-seven cyber-proxies!

bad analogy (0)

Anonymous Coward | about a year ago | (#43988795)

I apologize for being one of the only ones to RTFA, however, I find it humorous:

[quote]
This is the same kind of reasoning that feeds blood feuds through the principle of “an eye for an eye” — “if you kill someone in my family, I will kill someone in yours. Innocent or not, I will shoot.”
[/quote]

I was always under the impression that an eye for an eye implied some sort of responsibility on the perpetrator, not everyone else... Maybe better written as:

"if you kill someone in my family, you will get killed"

In general, its a fluffy feel-good read about making bigger gub'mint.

Re:bad analogy (1)

Anonymous Coward | about a year ago | (#43988915)

The phrase "an eye for an eye" was originally intended as a limitation, the only penalty being the equivelent of the damage rather than an escalation of damages.

Re:bad analogy (1)

OhSoLaMeow (2536022) | about a year ago | (#43989055)

Tommy Sands wrote about this very thing in his song There Were Roses. [swarthmore.edu]

"An eye for an eye, it was all that filled their minds
And another eye for another eye till everyone is blind."

Re:bad analogy (1)

AvitarX (172628) | about a year ago | (#43989989)

Correct, and if you look at ancient law (Code of Hammurabi for example), you will see that it was not particularly intuitive throughout history (or even now, really).

Re:bad analogy (2)

Minwee (522556) | about a year ago | (#43989271)

I was always under the impression that an eye for an eye implied some sort of responsibility on the perpetrator, not everyone else.

It's more of a statement of limited liability. A longer version of it would be "Ye have heard that it hath been said, an eye for an eye, and a tooth for a tooth. So if someone poketh thee in thine eye, thou don't get to kill every member of their family. Just poke them back and then knocketh it off. They didn't expect this kind of Spanish Inquisition, thou doth know."

Hack Back (0)

Anonymous Coward | about a year ago | (#43988835)

When I was in highschool, I used to belong to a forum, and if Our forum got defaced, or corrupted by another entity we would attack back. Most of the time we would not have any issues with that particular group ever again.

vigilantism (2)

tist (1086039) | about a year ago | (#43988837)

You never have the option to take the law into your own hands. If you don't like the job your government(police) are doing, then work on them. But you never have the option to take the law into your own hands.

Re:vigilantism (1)

lister king of smeg (2481612) | about a year ago | (#43989205)

You never have the option to take the law into your own hands.

never heard of a citizens arrest? castle doctrine? stand your ground laws?

theoretically at least we are the government - by the people for the people.

Re:vigilantism (0)

Anonymous Coward | about a year ago | (#43989573)

Those are all concepts of law, so they give you lawfull right to do something - ergo you are not taking the law into your own hands.

All bets are off on the internet... but... (0)

Anonymous Coward | about a year ago | (#43988873)

Hitting back shouldn't be tolerated within companies or organizations. It's just dumb policy. It was your own fault for failing to properly secure your system or use the right tools. If you have no other options it's the fault of your industries and you need to speak up.

No, for at least two reasons (1)

MikeRT (947531) | about a year ago | (#43988937)

1. Most states don't even let you stand your ground when faced with an assailant on the street you can clearly identify. Hacking back is stand your ground without even the requirement of knowing who is attacking you before drawing and using a weapon in many cases (most)?
2. Many corporations have punitive policies that prohibit or limit employees' self-defense rights on their campuses or even during the work hours. For example, I think one of the major pizza chains won't let drivers who regularly drive into very bad parts of town keep even a blunt weapon, let alone a legal firearm on them.

So why should corporations get a right which is dangerous, hard to limit collateral damage and which is a corollary to a right that is badly limited in most parts of the US for the flesh and blood citizens?

Re:No, for at least two reasons (1)

pr0fessor (1940368) | about a year ago | (#43989201)

Is this really even a problem... I mean are companies thinking about trying to retaliate against intrusions or malware or what ever? I've not seen it. Don't they usually just locked down there security?

depends on who is doing the hacking (1)

Anonymous Coward | about a year ago | (#43988967)

After all, as we've recently found out the major culprit in most computer hackings seems to be the government. Now, it's very plain that no matter what the circumstances, anyone hacking into the government's computers is going to be considered to be breaking the law so you're better off to turn the other cheek, or in this case, computer, and make sure that they get what they want.

oh man (1)

fazey (2806709) | about a year ago | (#43989021)

Ohhhhhh mannnn, if I could fucking hack back... You don't even know. But until its legal to do so, its too much of a risk to my livelihood.

How do we know they aren't already? (1)

swb (14022) | about a year ago | (#43989069)

Most corporations have no problem creating phantom business units to hide profits and losses, inflate executive salaries, etc, etc.

How do we know they aren't doing the same thing with an eye towards creating "disposable" and nearly unconnected entities they can use/abandon/reuse to launch counter-attacks or reconnaissance missions against targets they think are attacking them?

Buy a handful of servers, hire some contractors to install and do basic setup on them in some leased colo space, lather, rinse, repeat a few times and you have a distributed nationwide network, for all intents and purposes disconnected from the parent company and available to launcher counter-attacks, problems, etc.

Screw up, get fingered, have problems? Walk away. Send in different contractors to strike the equipment, box it and ship it off....to another data center, where different contractors can set it up again.

For a Fortune 500 business they could do this with the rounding error in their budget.

Bang On Idea That . . . NOT ! (1)

tiberus (258517) | about a year ago | (#43989083)

Okay, let's assume your a name is awesomeness in IT Security and Hacking; furthermore, let's assume that you:

  1. Detect the hack
  2. Stop the hack
  3. Recover from the hack
  4. Determine the true source
  5. Can retaliate
  6. Successfully retaliate
  7. Bask in your glory

Still sounds like great way to end up dead. You never know who your playing with.

Totally not a good idea (1)

ukpyr (53793) | about a year ago | (#43989121)

But, think if it was legal. That would be some fun to be had, until things got out of hand and such. At a certain point, it's more cost effective to send someone with a gun.

In Soviet Russia (2)

rvw (755107) | about a year ago | (#43989137)

In Soviet Russia, the government hacks you! In the United States however it's not hacking anymore, because the law says all channels are open for Big Brother, and hacking de-facto does not exist anymore. How about that?

Internet Castle Law (3, Insightful)

Anonymous Coward | about a year ago | (#43989163)

What I find interesting is that people seem to equate a hack back with showing up at someone's house after they're long gone from your place and punching out their window in retribution.

As a sysadmin who has dealt with a number of compromised servers, here is where that analogy fails: I have NEVER seen a hack where the hacker just leaves after they gain access. They create backdoors to ensure that they have access to your network in the future, and will likely try to use your assets in future attacks.

To use the break-in analogy: Most hackers are STILL IN YOUR HOUSE.

Now, one can argue all day about whether it's a waste of resources to hack back, but back hack is certainly not equivalent to tracking someone down and throwing a brick throw their window. In the vast majority of hacks I've personally encountered, a hack back would be active defense.

Re:Internet Castle Law (3, Interesting)

Todd Knarr (15451) | about a year ago | (#43989441)

Thing is, most of the "hack back" responses don't involve going after the hacker still in your system. They boil down to trying to figure out who the hacker is, where they live, and then going to that address and attacking whoever's there. Which of course raises such issues as "Did your attacker leave a false trail that would lead you to attack someone not involved in the attack on you?" and "What are you going to do if that uninvolved party decides to hack back themselves?". Few of the proponents of "hack back" seem willing to discuss those issues, they mostly brush them off as "That won't happen.". When probed as to exactly what it won't and what'll keep it from happening, though, they start flailing badly rather than giving coherent answers. And none of them want to commit to accepting full legal liability if it does happen. If it won't happen, what's the problem with agreeing to accept a liability you'll never need to accept?

Just don't do it. (4, Insightful)

Minwee (522556) | about a year ago | (#43989207)

Why? Not because of any failed cowboy analogy, or belief in how the wonderful rule of law will solve all of our problems for us, but for this one simple reason:

I don't trust you, or anybody, to be able to identify who is attacking you, or even to correctly determine if you are even being attacked at all. Do you need a car analogy? Giving people blanket authorization to strike back at their virtual attackers is like handing Dilbert's boss a rocket launcher and asking him to do something about the lack of available spaces in the office parking lot. If you believe that your network is being attacked and feel the need to strike back at the perpetrators, then please:

  • 1) Keep it in your pants. Nobody is really impressed by that, and
  • 2) Collect evidence, read your logs, make an actual effort to figure out what is going on, and then forward that information to the appropriate responsible parties, and finally,
  • 3) Let them investigate and deal with it.

I can't promise you that this will _solve_ your problem, but it will give you some time to cool down, realize that your original reaction was based on faulty and incomplete evidence, and keep you busy for a few hours doing something useful instead of being part of the problem.

Re:Just don't do it. (0)

Anonymous Coward | about a year ago | (#43989385)

You can even create an honeypot, just to help you understand what he is searching or what script/technique he use.
BUT a few nmap and playing the script kiddies won't help...

I tryed a few times and got to somes cheapo "telnet proxies", which was asking for an host and port as target... what's next ? Breaking into to get more logs (IF ANY)? I'm sure you have something more constructive to do at work ;)

Once you hack back... (0)

Anonymous Coward | about a year ago | (#43989247)

... you never go dark !

keep the government out of it (1)

brickmack (2537604) | about a year ago | (#43989309)

Keep the government out of it, if someone hacks you do something about it yourself. Or maybe im the only one that thinks governments shouldn't be allowed to have any legal control over the internet

The idea that you have to deal with this alone... (1)

Lab Rat Jason (2495638) | about a year ago | (#43989313)

... is part of the problem I run a website small enough that I (perhaps foolishly) get an email for EVERY failed http request. This makes it easy for me to spot patterns of failed hacks and even build some automated detection of hack attempts into my system. I have had LIMITED success with reporting the hack back to the machine owner. I do this because I figure, either A) it's almost always a compromised machine and therefore unfair and unhelpful to try to hack back, or B) a rogue admin is using company hardware to launch attacks in the off-hours. Either way, the company is made aware that their assets are being abused, and will hopefully have the smarts to fix it, and in the case of "B", the admin has probably lost their job and doesn't know which site reported his abuse, which in turn improves my chances of not getting a retaliation attack later. I'd guess that 95% of all attempts on my system are from compromised systems, and of those, 90% are script kiddies... always trying to access phpMyAdmin, wp-login, or some other randomly psudo-important folder such as /admin or /login. In the rare cases where the server appears to be out of country, or not owned by a recognizable company, I simply opt for the ban-hammer. I ban via database rather than the router because I don't have access to the router... which is nice because it lets me dream about formulating plans for some XKCD [xkcd.com] style mind-F#@King. Point is: Reporting the abuse will likely not net an arrest let alone fame and glory, but if enough people are reporting the abuse, someone will take notice and do something about it. Also, no matter how you slice it, reporting the abuse through the proper channels decreases the odds that the hacker will KNOW it was you who reported the abuse, and now people with better tracking skills that myself are working on it.

Bad idea (0)

Anonymous Coward | about a year ago | (#43989337)

An attack can come from a pc who the attacker does not own. I.e RAT's. to do damage to no attackers is incredibly stupid. Comparing irl warfare and Internet warfare is incredibly stupid

Valid big conclusion, useless article. (3, Insightful)

AJH16 (940784) | about a year ago | (#43989345)

While hacking back is generally a bad idea for a variety of reasons (such as, it's most likely an innocent user's computer being used as a bot), the article was a monstrosity of uselessness. An individual back hacking a Chinese government hacker isn't going to start cyber world war 3 and the entire notion that it would is stupid. The reasoning for why you don't back hack is completely invalid. It's simply a matter of not being worth it. Most attacks are going to happen through bots and wiping out the bots is just going to hurt innocents and possibly destroy evidence.

Re:Valid big conclusion, useless article. (1)

Lehk228 (705449) | about a year ago | (#43989529)

I disagree, wiping out bots makes the internet safer, except for the knuckleheads with botnet software ont heir machine.

wiping out actual attacker machines is useless because they will be attacking from disposable VM's and such, unless you have a payload that will

a) root the guest OS
b)break out of the hypervisor
c) root the host OS
d) destroy valuable hardware components

you will be wasting time

Are you in the hacking business? (1)

Kittenman (971447) | about a year ago | (#43989407)

If not, you don't hack, or hack back. People/Corporations do things for profit, monetary or otherwise. If I were a CIO (employers, CV available on demand...) I'd be less than impressed in my staff indulging in revenge rather than in selling our product or helping our clients.

And BTW, how come we got hacked? Can we fix that hole please? I've got to tell the board in 20 minutes what happened and that it won't happen again.

The Last Time (1)

presspass (1770650) | about a year ago | (#43989507)

The last time I got hacked, I wrote some software that went in and messed up some centrifuge thingys of the host country my hacker was from.

That'll teach 'em.

Those who have known the whole time (0)

Anonymous Coward | about a year ago | (#43989545)

Have been hacking and hacking and hacking :)

You turds actually trusted the US government? AKA the Rothchilds and Rockefellers? AKA Majestic 12? AKA Bilderberg?

If you knew the whole time you were being fucked in the ass by rape would you fight back to prevent it?

It's a simple concept really.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...