10
2012
Hacking to protect your network?
Not sure this is the greatest idea, apparently big business thinks cybersecurity now means hacking back. So much for the push for “white hat” cybersecurity. A lot of big business now thinks attacking those they think might attack them is the best solution. You know, listening to what the other side says before attacking (if they are protesting), building an intelligent defense network, hiring hackers and paying them decent instead of attacking them, why would they do that?
Big business, and some governments, say they are tired of their crappy defense not working, so why not fire back with napalm? They missed the memo about DDoS attacks using innocents, so apparently they will just be casualties of war. It is understandable they want to defend their sites/networks, they can lose millions with sites being down and even more if they lose private corporate documents. Yet they somehow just do not get why they are getting attacked, who is attacking them, and how they can be stopped.
Big corporations get attacked for a variety of reasons. The indefensible, like theft of money and private documents, and for the understandable, like protesting and bringing to light the evils they have committed. All the corporations point out is the theft, something that could be stopped, and ignore the protesting which will continue until they recognize what is actually being protested. Somehow they have decided to ignore the second, and to overlook the first. Theft can be stopped, especially if they handle it the right way.
Big corporations and governments have decided to overlook “white hat” security/hacking. They would rather pay as little as possible to those who know as little as possible. Their “network security” specialists have no idea what they are doing, and the companies are ok with that. They do not want to pay for those who know what they are doing, instead of just attacking back they could ask “how did you do that?” and “can you stop others?”, and then PAYING for that service. Yet that somehow is just to easy of a concept to understand for most companies and governments.
It seems that a “war” may be brewing, and innocents may be left in the middle. If companies try to go on the offensive with these crappy network security “specialists”, they are going to end up hitting everyone except those they are going after. And when they do that, they will feel repercussions from their own clients, as well as increased attacks from everyone out there. People will start helping hackers, seeing them as the “good guys” (which they can be). And when that happens, look out…
So what can companies do? Well the article that talks about how they are considering going on the offensive has some good points. The “honey pot” ideas as well as the “disinformation campaigns”. These are both actually good defense, and both have been used by hackers for years. The honey pot may be a little bit of offense, but it will at least get the right people instead of the innocents caught in the middle. But what they really need to do is do the right stuff so they will not get attacked as an act of protest, and hire the right people to do the right stuff for the right amount of pay.
See this article for information about the campaigns being considered, and how bad a plan they have.