Welcome to the Threat Hunter Blog

Observations from out on the rim...

Active Defense

Dr. Peter Stephenson

I'll begin by announcing our new sponsor, Intel471.  Intel471 is a threat actor-centered service that has a database of over a million threat actors and that tracks actors through participation in the underground forums where the hackers do their work and sell their warez.  Click on the link below to visit their web site.Welcome to the Threat Hunter Blog!

An interesting story came across my desk this week – the topic was active defense or, in the vernacular, “hack-back”.  I found this interesting because it seems so controversial and I really don’t understand why.  Before we explore this a bit deeper and I tell you my position on it (you may or may not agree – that’s your prerogative) let’s just get the facts out of the way.  First, in the U.S. it’s illegal and second, more often than not it simply does not work.  When it does work it’s because you were amazingly lucky or very, very skilled.  That certainly narrows the probability for success. 

So if active defense is illegal and unreliable, why would anyone do it? Two answers come to mind: revenge and greed. 

On the revenge side it must feel good to get inside the server of the twerp who just sent a bot into your system through a phishing email.  “I got that sucker… he won’t come after me again!”  Think again… the stories of the hackers turning back on folks who hack back are legion. 

This is Stephenson’s Theory of Rattlesnakes.  If you are stupid enough to pick up one – and it doesn’t bite you – you can’t just put it down.  If you do you’re toast.  The snake will turn on you and now it’s really mad.  You have to fling the snake as far from you as you can.  Same with hack-back.  If you go after the hackers you’d better be prepared for retaliation ‘cause that snake now is really angry.

Now we come to greed.  There are several consultancies – usually boutiques – that specialize in active defense.  They get good money for breaking the law. There is no lack of clients, either.  One consultant who does this told the author of the story:

“It has been attack after attack after attack. My business has skyrocketed. I feel like I should send the Chinese a Christmas card saying thank you for a wonderful year.”

The story that got me thinking about this, (http://www.pymnts.com/in-depth/2015/attacking-hackers-the-next-security-frontier/#/Vco7407D_bU), talks about the “three As” of active defense: annoy, attribution and attack.  Annoy, as the author of this piece describes it is really nothing more than a honeypot. That is useful for research but I fail to see how it would annoy the attacker beyond getting frustrated by not finding anything of value and being led down a rabbit-hole. There’s nothing illegal about this and you may learn something that would allow competent authority to take down the server.

Attribution is the hardest problem in cyber attacks. ADHD has an app called Honey Badger that uses geolocation to pinpoint attackers.  I have not tried it, I have no idea at this pont how – or even if – it works. The other way, of course, is beacons.  These are tokens that are inserted in data that the hacker wants to steal and that reports its true destination.

At this point I must say that so far I would only expect to be successful against script kiddies.  The real bad guys are writing good software (or really bad, depending upon your viewpoint) and the cyber crooks are buying/renting and using it.  There’s a full-blown underground economy here, but that’s a story for another time.

The third piece, obviously, is attack.  This is a bad idea.  It’s illegal (I already said that but it bears repeating) and you are more likely to nuke some computer that belongs to a mom-and-pop store and has been pwned by the bad guys than you are to hit the bad guys themselves.

So, what’s the point?  Can’t answer that, really… I suppose it just feels good… but so does stopping when you’ve been smacking your head against a brick wall.

<< Back Add New Comment
10/18/2017 5:09:47 AM
m <a href= http://viagrabqx.com >viagra</a> case <a href=http://viagrabqx.com>viagra generic</a> buy cialis online
10/18/2017 4:58:19 AM
f <a href= http://topessay5.com >essays website</a> twice <a href=http://topessay5.com>custom essay writing services</a> essay on helping someone
u <a href= http://viagrabqx.com >viagra 100mg</a> run <a href=http://viagrabqx.com>viagra pills</a> viagra prices
p <a href= http://cialisbqx.com >cialis tadalafil tablets</a> spite <a href=http://cialisbqx.com>cialis prices</a> purchasing cialis
10/18/2017 4:51:45 AM
m <a href= http://modafinilbqx.com >modafinil online</a> am <a href=http://modafinilbqx.com>buy modafinil online</a> modafinil purchase
j <a href= http://canadapharmbqx.com >canadian pharmacy review</a> ah <a href=http://canadapharmbqx.com>canadian online pharmacy</a> cheap viagra online canadian pharmacy
l <a href= http://cialisbqx.com >cialis prices</a> others <a href=http://cialisbqx.com>purchasing cialis</a> viagra online
10/18/2017 4:48:41 AM
i <a href= http://modafinilbqx.com >buy provigil</a> exclaimed <a href=http://modafinilbqx.com>modafinil</a> provigil
10/18/2017 4:46:33 AM
t <a href= http://canadapharmbqx.com >canadian pharmacy online</a> beside <a href=http://canadapharmbqx.com>canadian online pharmacy</a> canadian online pharmacy
10/18/2017 4:27:56 AM
s <a href= http://viagrabqx.com >viagra generic</a> sense <a href=http://viagrabqx.com>viagra pills</a> buy cialis online
u <a href= http://canadapharmbqx.com >canadian pharmacy viagra</a> question <a href=http://canadapharmbqx.com>canadian pharmacy</a> cheap viagra online canadian pharmacy
e <a href= http://modafinilbqx.com >provigil cost</a> be <a href=http://modafinilbqx.com>modafinil</a> buy modafinil
10/18/2017 4:23:09 AM
g <a href= http://cialisbqx.com >cialis tadalafil tablets</a> private <a href=http://cialisbqx.com>cialis prices</a> cialis sale
10/18/2017 4:19:36 AM
g <a href= http://canadapharmbqx.com >best canadian pharmacy online</a> full <a href=http://canadapharmbqx.com>best canadian pharmacy online</a> canadian pharmacy online
g <a href= http://bestessay5.com >paper writers online</a> strong <a href=http://bestessay5.com>paper writers online</a> top essay writing reviews
x <a href= http://cialisbqx.com >cialis coupon</a> sweet <a href=http://cialisbqx.com>cialis coupon</a> viagra online
10/18/2017 4:11:43 AM
e <a href= http://modafinilbqx.com >provigil generic</a> below <a href=http://modafinilbqx.com>buy modafinil online</a> buy modafinil online
10/18/2017 3:56:55 AM
f <a href= http://modafinilbqx.com >provigil cost</a> except <a href=http://modafinilbqx.com>modafinil online</a> modafinil purchase
e <a href= http://bestessay5.com >write my essay</a> length <a href=http://bestessay5.com>paper writers online</a> best essay writing service reviews
q <a href= http://topessay5.com >online website writing services</a> live <a href=http://topessay5.com>essays website</a> essay on helping someone
10/18/2017 3:37:05 AM
i <a href= http://paydaybqx.com >best payday loans</a> immediately <a href=http://paydaybqx.com>payday loans online</a> best payday loans
10/18/2017 3:34:36 AM
k <a href= http://viagrabqx.com >viagra prices</a> happened <a href=http://viagrabqx.com>viagra 100mg</a> viagra 100mg
10/18/2017 3:26:28 AM
f <a href= http://bestessay5.com >best essay writing service reviews</a> walk <a href=http://bestessay5.com>top essay writing reviews</a> essay writing service
m <a href= http://cialisbqx.com >cialis generic</a> over <a href=http://cialisbqx.com>cialis sale</a> purchasing cialis
t <a href= http://paydaybqx.com >payday loans online</a> thousand <a href=http://paydaybqx.com>payday loans no credit check</a> instant payday loans
10/18/2017 2:59:02 AM
e <a href= http://paydaybqx.com >best payday loans</a> ma'am <a href=http://paydaybqx.com>payday loans</a> payday loans bad credit
10/18/2017 2:56:00 AM
z <a href= http://canadapharmbqx.com >canadian online pharmacy</a> satisfaction <a href=http://canadapharmbqx.com>cheap viagra online canadian pharmacy</a> canadian pharmacy viagra
b <a href= http://cialisbqx.com >cialis prices</a> history <a href=http://cialisbqx.com>cialis generic</a> purchasing cialis
s <a href= http://bestessay5.com >essay writer</a> weather <a href=http://bestessay5.com>essay writer</a> essay writing service
10/18/2017 2:45:04 AM
t <a href= http://canadapharmbqx.com >canadian pharmacy viagra</a> servant <a href=http://canadapharmbqx.com>best canadian pharmacy online</a> canadian pharmacy online
b <a href= http://cialisbqx.com >cialis tadalafil tablets</a> king <a href=http://cialisbqx.com>cialis</a> purchasing cialis
k <a href= http://viagrabqx.com >viagra on line no prec</a> from <a href=http://viagrabqx.com>viagra without a doctor prescription</a> viagra on line no prec
10/18/2017 2:25:09 AM
u <a href= http://canadapharmbqx.com >canadian pharmacy</a> paid <a href=http://canadapharmbqx.com>canadian pharmacy review</a> canadian pharmacy
p <a href= http://bestessay5.com >paper writers online</a> engaged <a href=http://bestessay5.com>top essay writing reviews</a> essay writer
g <a href= http://topessay5.com >essay on helping someone</a> return <a href=http://topessay5.com>essay writing service</a> online website writing services
10/18/2017 2:22:13 AM
g <a href= http://viagrabqx.com >viagra</a> business <a href=http://viagrabqx.com>viagra coupons</a> viagra without a doctor prescription
10/18/2017 2:12:25 AM
l <a href= http://bestessay5.com >write my essay</a> fresh <a href=http://bestessay5.com>essay writing service</a> write my essay
o <a href= http://paydaybqx.com >payday loans</a> ay <a href=http://paydaybqx.com>fast payday loans</a> payday loans online
v <a href= http://topessay5.com >customize writing help</a> pale <a href=http://topessay5.com>custom essay writing services</a> essays website
10/18/2017 2:04:34 AM
i <a href= http://topessay5.com >custom essay writing</a> across <a href=http://topessay5.com>custom essay writing</a> online website writing services
25370 items total 1  ...  3  4  5  6  7  ...  1269 
Add New Comment
Please type the confirmation code you see on the image*
Reload image