Establishing Digital Trust: Don't Sacrifice Security for Convenience
Reuters' Joseph Menn reports that U.S. companies are increasingly taking steps to retaliate against cyber attacks.
"Known in the cybersecurity industry as 'active defense' or 'strike-back' technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures," Menn writes. "Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems."
"While most of these attempts are more akin to delaying and diversionary tactics, some US companies are believed to have conducted illegal campaigns against those it believes might be planning hacks, going so far as to hire third-party contractors to hack their hackers pre-emptively," writes Gizmodo's Gary Cutlack. "The less aggressive techniques being employed include the placing of fake material on servers that encourage the hacker to grab something and leave, or leaving exotic and exciting sounding files in view, which the hacker then wastes his time trying to grab, leaving the more mundane stuff safe."
"Counterstrikes, which are almost always covert due to the potential for the victimized company to break the same laws as their attackers, are still controversial among security pros," writes ITworld's Kevin Fogarty. "They raise the stakes of an attack, inviting more serious counterattack, which is a losing game if the attacker is a national security agency rather than an organized crime gang. They also raise the profile of the victimized company along with news that it has been hacked, making it a more likely target for other hackers, some security pros worry."