Xygh Offense vs Defense

Going on the offensive in response to a cyber-attack

• General questions: How do we define "offensive counter-attack?" Is a cyber-investigation followed by legal action included in this? How about posing as a hacker to get information? What can a counter-attack accomplish? (Why do we need this capability?) Are there ways to reduce the collateral damage? In what situations is this an appropriate response? (Cases where traditional law enforcement methods are ineffective?)

• What kinds of offensive measures are available? Are they feasible? What are the effects of these attacks? Examples:
  • Trace-back to identify the source of an attack (requires hacking into third-party machines)
  • White worms to neutralize compromised hosts, e.g., Tim Mullen's strikeback idea
  • DDOS for retaliation (is this ever a good idea?)
  • Other possibilities...?

• Legal issues
  • Are there legal principles or precedents (e.g., self-defense) that could justify a counter-attack? (Also, military ideas such as rules of engagement, proportional response?)
  • Legal framework: When is a counter-attack permissible? Who is allowed to do it? Do they need to collect evidence or document their actions?
  • See Karnow's notes