Self-defense hack-back attack??

[The Heretic]

Do you think that if a computer is trying to hack into your computer, or to send you a viral agent, that you have the right to hack-back into that computer to stop the attack?

This guy does:

http://www.theregister.co.uk/content/4/26593.html

But there are lots of problems with this approach to internet self-defense - and even the approach advocated here is unfeasible and shortsighted.

My response is that what is needed is not a good offense, but rather a good defense in the form of making the internet more secure with regards to protocols, and computers with regards to more secure browsers, firewalls and operating systems.

Of course, the entertainment industry and legislators are trying to take advantage of this issue by saying that copyright holders have the right to hack into your system to disable copying and P2P (peer to peer) file sharing tech:

http://online.securityfocus.com/columnists/103

What do you think?

 

[SINthysist]

I need a stand-alone Apple IIE...

I feel so scared.

 

[His_kitty]

My response is that what is needed is not a good offense, but rather a good defense in the form of making the internet more secure with regards to protocols, and computers with regards to more secure browsers, firewalls and operating systems.

I agree with what you've said. But just as they come out with newer and better ways of protection, hackers counter it with other ways to go around them. Sadly, this will always be a problem.

 

[KillerMuffin]

I would think that one problem with "hack-back" is that in a lot of these email viruses the computer who sends you infected stuff is doing so because it's infected, not because the user ever intended to do that.

My solution to email viruses is to never open attachments I'm not expecting and to keep my email address list on paper next to the computer. If I'm ever infected, there's no way for it to send itself onward. At least not easily.

 

[The Heretic]

Re: Re: Self-defense hack-back attack??

I agree with what you've said. But just as they come out with newer and better ways of protection, hackers counter it with other ways to go around them. Sadly, this will always be a problem.

There will always be an escalation of technology used by both sides, but secure computers are possible if we (and I am speaking as a software engineer) get serious about it. Computers as a whole are a lot less vulnerable than they used to be, and there are sound principles behind designing and implementing secure computer systems that work.

In short, this need not be an ever escalating process - not if software providers and standards bodies got serious about security.

 

[SINthysist]

I don't think anyone should be allowed to access my computer without a warrant...

 

[The Heretic]

I would think that one problem with "hack-back" is that in a lot of these email viruses the computer who sends you infected stuff is doing so because it's infected, not because the user ever intended to do that.

Agreed - and Tim Mullen acknowledges that, but asserts that it is his right to shut down the offending computer until the owner/operator fixes it. That may be fine for him, but it could result in a lot of unintended consequences, and not everybody is going to be as moral or concientious as Tim Mullen in the self-defense. Look at what we have going on in this board with trolls for instance.

My solution to email viruses is to never open attachments I'm not expecting and to keep my email address list on paper next to the computer. If I'm ever infected, there's no way for it to send itself onward. At least not easily.

I do much the same thing, but not having an address book in your email client doesn't stop those viral agents that bypass the address book and go right to your emails.

Just the same, I get sent viral agents about once a week, sometimes once a day, and because I am very careful I have yet to be infected. I have been a computer professional for over 15 years and I have been infected only once (an infected floppy for a software install) and that was ten years ago.

 

[Byron In Exile]

Do you think that if a computer is trying to hack into your computer, or to send you a viral agent, that you have the right to hack-back into that computer to stop the attack?

Absolutely not.

And if it were the case, wouldn't the hack-back victim have the right to hack-back himself to protect against the hack-back, and so on ad absurdum? Or, in a real-world analogy, if I know that a burglar is trying to break into my house every night, is it alright for me to break into his house and steal his tools?

This guy does:

http://www.theregister.co.uk/content/4/26593.html

But there are lots of problems with this approach to internet self-defense - and even the approach advocated here is unfeasible and shortsighted.

Thanks for posting those links. Since September 2001, Nimda-noise has been a constant annoyance on the Internet, but it's scary that someone can get so frustrated over such a situation as to throw principles to the wind, as Mullen wants to do.

My response is that what is needed is not a good offense, but rather a good defense in the form of making the internet more secure with regards to protocols, and computers with regards to more secure browsers, firewalls and operating systems.

I'm inclined to think that Microsoft, having used underhanded means to claw its way to the top of the heap and foist its buggy software on the world, should bear some liability for the Nimda problem.

Of course, the entertainment industry and legislators are trying to take advantage of this issue by saying that copyright holders have the right to hack into your system to disable copying and P2P (peer to peer) file sharing tech:

http://online.securityfocus.com/columnists/103

What do you think?

Machines that attack other machines, whether under manual control or automatically, need to be dealt with at the level of the ISP providing connectivity for that device. Mullen is using newspeak when he calls his proposed right to attack "the right to defend." He wants to engage in the same behavior and have it called the opposite of what it is. I wouldn't be surprised if he were in some way connected with the media giants that would love to see a repeal of the 4th amendment in the interest of protecting their copyrights.

I wonder if Mullen would be willing to assume liability should his "viral neutralizer" malfunction and destroy some company's valuable data? His is a concept that he hasn't put much thought into, it seems to me.

The Nimda problem has gotten old, I admit. However, concerned programmers might better utilize their talents working on some software to automate the reporting of hack attempts to ISPs. If every GET request by Nimda were answered with an email to the sending machine's service provider, the problem machine would not be a problem for very long. But reporting these things manually is such a big time-sponge, nobody does it. Log files fill up with IP addresses of Nimda-infected machines, and are stored and ignored.

I respect whomever designed Nimda -- it is quite an effective piece of work. I've never purchased, nor do I use, any anti-virus software. If I encounter a situation at some point that I can't handle otherwise, I may be forced to, but so far that hasn't happened. In some cases, the anti-virus software can be as bad as a virus infection. In fact, in many ways, Windows itself is not unlike a virus. But in the two cases of actual viral infection I've dealt with, it was possible to fix things manually.

In the first instance, a secretary, noting atypical behavior on a Windows system, ran an anti-virus program which reported the machine infected with SirCam32, and asked permission to remove it. This was granted, with the result that the system was completely disabled. I was presented with a machine which would boot, after a fashion, to the desktop, but could not run any programs. The reason was that the virus had made itself the method whereby EXE files were to be handled. The anti-virus software had removed the virus from the system, but had not repaired the registry, so that when the system attempted to run any program, it aborted with an error because it couldn't find the virus to run the program with. Booting without the GUI wouldn't allow access to the registry, and booting with couldn't be accomplished from floppy, nor would it allow the registry editor to be run without the virus to run it with. Interesting dilemma. (Those so inclined may want to pause at this point, and consider an approach to this problem.) I was able to run command.com, since COM files were not affected, and get to a prompt. I also had a command-line utility to change associations of filename extensions: associate.exe, though running it caused a return to the desktop and an error dialog box to appear. Fortunately, Windows uses the presence of a header to determine the type of executable file, not the extension, and renaming the program to associate.com allowed me to run it and delete the viral EXE association. Some minor registry mop-up and all was as it had been. The infection had apparently been caused by the opening of an email attachment.

The second instance also came from an email attachment, but in this case, it was never opened. It was Nimda, and it infected the target machine by the email simply being viewed. This exploited a bug in Outlook (actually Internet Exploder, which Outlook uses to view attachments) whereby no checking was done to verify consistency between "content type" and the extension of the attachment. The payload was delivered marked as a sound file, which Outlook tried to play automatically, but the file extension was not WAV, it was EXE. Though not terribly destructive, at least on that system, it did make copies of itself in every single directory on that computer, which were a pain to remove. It wrecked only a couple of system files, and made a few registry modifications, all of which were fairly easy to fix. Fortunately, I had set up the LAN so that no machine had write access to another's files, or it would have infected every machine on the network. If you set up a LAN, and need remote write capability, it's a good idea to make a separate partition for the operating system which is read-only -- no system would need the ability to write to another's registry or OS libraries, except to transfer a virus. Had the infected system been an IIS server, the damage would have been so extensive that it could not have been fixed, except by reformatting the hard drive. The infestation was fairly benign in this case only because Nimda was waiting for a chance to infect a real target: a web server.

Its repertoire of propagation methods is quite varied, and without a concerted effort from Microsoft to fix all the bugs it exploits, Nimda will be around a while yet. But it isn't going to be defeated by yahoos hacking into infected systems because they're tired of seeing noise in their log files, and establishing the precedent that "breaking and entering isn't bad -- if one's motives are pure."

 

[Byron In Exile]

Re: Re: Re: Self-defense hack-back attack??

There will always be an escalation of technology used by both sides, but secure computers are possible if we (and I am speaking as a software engineer) get serious about it. Computers as a whole are a lot less vulnerable than they used to be, and there are sound principles behind designing and implementing secure computer systems that work.

It does seem strange that systems created by a company with the resources of Microsoft are so much less secure than those put together by hackers and hobbyists.

In short, this need not be an ever escalating process - not if software providers and standards bodies got serious about security.

It would also be keen if a certain monopolistic software giant previously mentioned would conform to industry standards rather than try to break them.

 

[The Heretic]

Re: Re: Re: Re: Self-defense hack-back attack??

It does seem strange that systems created by a company with the resources of Microsoft are so much less secure than those put together by hackers and hobbyists.
It would also be keen if a certain monopolistic software giant previously mentioned would conform to industry standards rather than try to break them.

MS is making noises about secure and trusted computing, but their focus is all about DRM and not about security or trust from the user's perspective. See my thread yesterday about "Trusted Computing".