RealTime IT News

Is it Right For Hackers to Fight Fire With Fire?

Researchers from the University of Mannheim in Germany and the Institut Eurecom have reverse-infiltrated Storm by deliberately allowing the botnet to infect a series of honeypots, bait computers that were intended to be infected.

Those infected computers then sent out their own payload that had incorrect instructions so the bots on the network did not get the real instructions from the worm's controllers. They documented it in this paper.

It all sounds very Independence Day (no word on whether Jeff Goldblum figured out how to do the hack) but it does raise a legal question: Is it right to fight the hackers using the same dirty tricks they use?

The first instinct may be to cheer. Judging by the variety of reactions InternetNews.com received, it seems this is a debate that's about as settled as Net Neutrality. Some say yes, some say no, everyone has a separate reason for why.

"On the surface, a lot of people seem to think that's a good idea," said Ken Dunham, director of global response and threat discovery for iSight Partners. "But a lot of times when changes are made to a system, some unexpected consequences take place. Suppose you remove it from a working server and crash the computer, causing a significant outage?"

Dunham argued that the white hat hackers don't always know what's on the other end. It could be some kid's computer or a department server. It may be infected with the Storm worm but if you bring it down, you face the music. "When you do that, you enter into a liability scenario for which you might be liable," he said.

Extralegal cat-and-mouse games

However, attorney Jonathan Praed of the Internet Law Group said "it's happening today whether you like it or not. There are far more extralegal cat-and-mouse games than people know. There are lots of countermeasures being deployed that help to keep a lid on some of the malevolent activity out there."

Praed said there are "good Samaritan" laws that will protect a person who, for example, might be driving down the street, comes on an accident, and tries to help, even though he or she may not be a doctor. He said white hat hackers have asked up and down for some kind of similar safe harbor protection.

"Every government authority looking at cyber crime has received requests from white hats asking for safe harbor rule, asking for guidance of what they can do and can't do, and what remains the gray area," he said.

The response has been minimal, with the main government concern being the bad guys could pretend to be white hats and say they were gathering dirt and about to turn it in. "Government is concerned it could provide plausible defenses to bad guys to avoid liability. But that can be solved by the subtlety of the safe harbor. Lots of rules can be put in place to distinguish the bad guys," said Praed.

Matthew Prince, president of Unspam, felt playing as dirty as the malicious hackers could lead to an "arms race" that would only make the problem worse. "Attacking consumers machines may stop a few nodes in a botnet, but you are just transferring the costs to ISPs," he said.

He also felt it didn't fix the fundamental problem, which is that individual PCs have become a battleground in botnet fights, and people have to start securing their own computers better.

"I think one of the consequences of this type of a strategy is you aren't targeting the botnet operator, you are targeting individual PCs," said Prince. "To a large extent they are not aware that their machine has been compromised. Merely going after those machines and swamping them … what I'm not sure it does is get at the underlying problem of inadequately secured PCs online."

In the end, it seems like the classic argument against vigilantism. "The last thing we need is a bunch of rogue vigilantes out there attacking one another. We've already got a bad situation and that could make it increasingly chaotic," said Dunham.

"The instinct has to be applauded at some level," replied attorney Praed.