Monday, 14 April 2008

Hacking the hackers

Security researcher Joel Eriksson has given a talk at the 2008 RSA conference, where he discussed counter-attacking hackers.

According to Wired, Eriksson (who works for Swedish security firm Bitsec) suggested that the best defense might be offense. He then described reverse-engineering some malware, the result of which enabled him to attack a computer that was being used to control victim systems. Theoretically the same techniques could be used to infiltrate botnets, the large networks of compromised computers used by attackers to send spam, issue denial of service attacks and perform other crimes.

Aside from the legal implications of attacking a computer, and the moral obstacle of 'two wrongs don't make a right', there is another problem with this approach. How can the counter-attacker be sure that the system he attacks is owned and run by a bad guy?

Attackers are well-known for using zombies, bots, stooges or whatever you want to call them. Can you be sure that you've identified the correct target and that the control system belongs to the attacker himself? And what do you do with a root shell or Administrator command line on a C&C server? If you find you've broken into an 'innocent' zombie/bot, what then - install Norton AntiVirus?