Countermeasures | Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)

I l @ ve RuBoard

Automated responses to an incident can be extremely useful and aid in the rapid response to an incident. Automatically enabling information-gathering systems and disabling vulnerable services can reduce the impact of the attack. However, one may be tempted to take counter measures and strike back at the attacker with a denial-of-service attack or other means to disable the attacker's ability to continue the attack.

One week before Superbowl Sunday, the nation's leading satellite TV service struck back at hackers who have been stealing its signal for up to four years by altering access card codes. DirecTV struck back at satellite pirates with a major electronic counter measure, ECM, which rendered illegal access cards useless. DirecTV satellites delivered a special signal to its millions of receiver boxes in homes across North America instructing them to shut down the unauthorized access cards.

Hackers reporting on websites said it could take weeks to recover from the ECM, if they could recover at all. Not only were the illegal cards, which can connect users to DirecTV programming, deactivated, some were left unusable. Hackers dubbed the day "Black Sunday." ^[85]

^[85] "DSS Wars," System Resource Group , 8 May 2001.

Counterstrike

The concept of retaliation is not new. It is a basic military strategy to eliminate the opponent 's ability to wage war. This appears to be the stance of a growing number of large companies that have been victimized by hacker attacks.

Countermeasures include tools that disable an attacker's browser, block TCP/IP connections, or launch debilitating countermeasures such as denial of services or flooding attacks.

Companies are taking the law into their own hands to beat hackers who cost them millions each year. They are going on the offensive and adopting hacking tools and techniques themselves , according to a former director of information warfare for the U.S. Department of Defense.

A popular tactic is hiring experts to trace the source of a hack and find weaknesses in a culprit's system. One website was offering the facility to overload a hacker's own computer with spam email. But counter-attacks could fall foul of the Computer Misuse Act or hit the wrong target. ^[86]

^[86] McCue, Andy, "Companies Hit by Hackers Fight Back," Computing, 27 April 2001.

However, it is difficult to be assured that the attack is coming from the location it appears to be.

Even though the concept of counterstriking is intriguing, one problem with getting involved in a cyberspace shoot-out is being certain that you are targeting your attacker. It is common for an attacker to route the attack through other sites on the way. Hackers can also forge packet headers to make it appear that an attack is coming from a completely different location. If a company is shooting first and asking questions later, innocent people could be hurt. And the organization that returns fire may open itself up to civil, criminal, or physical risk.

The net-based counterattack described above, although minor in scope, raises important legal and political issues. Do organizations have the right to counter any of the hundreds of hacker attacks they receive everyday with counterattacks of their own? Will this depend on whether the organization is a government or military organization or a private company? Will the source of the attack, being either foreign or domestic, affect this question?

All of these questions will have to be answered in the coming digital years.

I l @ ve RuBoard