Xygh Offense vs Defense
Going on the offensive in response to a cyber-attack
Contents
I. Introduction
II. History
The history of successful counterattacks in the world of cybersecurity is a short one. There are an increasing number of papers and publications which make proposals, but concerns over legal issues as well as technical challenges have kept the list of successes small.
In Sept. 1998, the Pentagon is reported to have counterattacked some activists who were doing a Denial of Service attack of the Department of Defense's websites, responding to their requests with an applet which ran on the attackers' machines and forced them to reboot. [1]
In 1999, a California ISP Conxion wrote a script which caused DoS packets sent to the World Trade Organization's website to be sent back to the attackers. [2] Of course, such an attack would not have worked if the attackers had used what's known as "IP address spoofing", which would have made the packets appear that they came from a different computer from where they did.
In 2001, several defenses were created in response to the Code Red II worm. One, called CRclean, if it received a probe from the worm, would make use of a back door which the worm placed on the infected machine to load a neutralizing agent and halt the spread of the worm. But it would also install itself on that machine. Another, called CodeGreen, would actually scan the internet for computers with the IIS vulnerability that allowed CodeRed, then download the patch and place it on the machine, and clean up the back doors. [3] It is clear that there are serious legal and ethical issues with both of these worms, even the former, which is still a worm even though it only reacts to attacks.
In late 2004, Lycos Europe got fed up with spammers and launched a popular campaign called "Make Love Not Spam" which attracted over 100,000 users. Users could install a screen saver on their desktop which would send requests to websites which were known to advertise via spam. This effort was sucessful in causing some of the sites to change locations. ( http://www.makelovenotspam.com ) Lycos reportedly got around the illegality of DDoS attacks by claiming to only take 95% of the target sites' bandwidth, though, David Dittrich finds this reasoning dubious at best. [4]
We found no evidence in our research of any organizations who had even remotely well-developed policies of active retaliation. Even the ISP Conxion claimed to have decided on the use of active counter-tactics on a "case-by-case basis."
[1]Niall McKay, "Pentagon Deflects Web Assault," Wired News (September 10, 1998)
[2]Pia Landergren, "Hacker Vigilantes Strike Back," cnn.com (June 20, 2001).
[3]Majik, "Code Green. Are you Serious?!", http://www.xatrix.org/article.php?s=684 (September 6, 2001)
[4] David Dittrich "How bad an idea was 'Make Love Not Spam?' Let me count the ways."
