RealTime IT News

Plan to Counterattack Hackers Draws More Fire

Now that Symbiot, Inc. has released information on its plans to enable companies to counterattack digital threats, some security analysts have stepped up their concerns that it could cause more problems than it solves.

Symbiot's founders are looking to fight back against hackers, virus writers and denial-of-service attacks by launching counterattacks. It's no longer enough to protect a company's perimeter, they say; it's time for the attacked to become the attackers.

But members of the security community are raising concerns that striking back at attackers not only leaves the company open to legal problems, but could double the strain on associated networks, ISPs and Internet hubs. They also say it aims the guns directly at innocent victims of computer viruses.

''Vigilantism didn't work in the wild west and electronic vigilantism is likely to be just as distasteful,'' says George Bakos, a senior security expert with the Institute for Security Technology Studies at Dartmouth College. ''The desire to take action does not justify contributing to the problem... At what point does the escalation stop?''

Nearly a month ago, Symbiot, which is based in Austin, Texas, announced it would be releasing its first product, the Intelligent Security Infrastructure Management Systems platform (iSIMS). The platform, geared to work with existing security tools, such as firewalls and VPNs, is designed to model threats coming into the network and raise alerts about serious attacks.

However, what had people talking was the company's claim that it was going to enable counterstrikes. But details of what those strikes would entail weren't released until late last week.

The Counterstrikes

In a written statement, Symbiot executives say there are many levels of response that can be used against an attacker. Before there would be any response, however, they say the software would check several things, such as risk metrics, reconnaissance, surveillance and confirming identification.

Once that is done, if the intensity, duration and effect of the attack is great enough, the corporate IT or security manager can use countermeasures. Those countermeasures go from benignly blocking traffic or diverting traffic to more aggressive maneuvers like sending the packet content used in the attack back at the attacker.

But the tool goes one step further.

It also enables the IT or security manager to obtain access privileges on the attacker's system and then go in and disable, destroy or seize control of his assets. The IT manager also could launch a counterstrike that would send exploits specific to vulnerabilities on the attacker's machine.

And, finally, the software allows for preemptive strikes on a source known to be orchestrating attacks. ''This retaliation could be far in excess of the attack that the aggressor has underway,'' according to a written statement on the Symbiot Web site.

Symbiot executives could not be reached for this story, but there is a warning posted on the site about legal issues involved with launching an attack. ''Symbiot is continually evaluating the legal aspects of these more aggressive countermeasures... We stress that our customers should obtain appropriate advice and information to make decisions that will not violate applicable laws. In some instances, availability of these countermeasures may be restricted.''

To hear why some analysts are calling the plan dangerous, continue on to the next page...