Businesses are getting a little fed up with the rampant hacking going on, and some companies are taking matters into their own hands!
According to a recent Reuters article, businesses are using “active defense” technology to strike back against hackers. Traditional security measures focus on protecting the user from threats and addressing software vulnerabilities, but active defense technology focuses on the hacker, usually by forcing the hacker to waste time.
How do companies accomplish this? According to the article, companies that detect a network breach don’t have to automatically deny access to the hacker. Instead, they can slowly allow access to seemingly tempting but actually useless data in the form of bogus files. Companies in industries targeted by hackers can predict security breaches and plant false information to stay ahead of the cybercrooks.
Critics of active defense say it is a waste of company time and may escalate into activity that breaks laws or causes collateral damage. Even if it doesn’t lead to companies committing crimes themselves, critics argue that there is no significant value in attempting to take revenge against hackers.
“There is no business case for it and no possible positive outcome,” John Pescatore, a National Security Agency and Secret Service veteran, told Reuters.
Facebook vs. Koobface
Many aggressive cybersecurity endeavors rely on subtlety. Planting bogus information won’t be effective if the hackers know the info isn’t good. Earlier this year, Facebook took a more upfront approach.
The Koobface Gang is a group of five men operating from Russia. According to an article from The New York Times, they were responsible for spreading a computer worm using several social media websites. Although their identities had been known for years, international law made it difficult for U.S. authorities to go after and stop them. When the group decided to target Facebook, the social media company decided it wasn’t going to let the hackers get away with it.
“We fired all the different guns at the same time,” said Joe Sullivan, chief security officer at Facebook, who was quoted in the article. “If we could literally shut down the command-and-control, all the infections, and just make them have to start over from scratch in all contexts, we figured they might decide to move on.”
Although the gang maintained other operations, it gave up its attacks on Facebook after being on the receiving end of the counter offensive, which included an attempt to break up the botnet the gang had been using.
Are companies justified in striking back against the hackers? Could legal active defense strategies escalate into companies using illegal tactics against cybercriminals?