
Hacked companies fight back with controversial "strike-back" steps - iProject
http://www.reuters.com/article/2012/06/17/us-media-tech-summit-cyber-strikeback-idUSBRE85G07S20120617
======
Paul_S
It amuses me that people are considering whether some of this business should
be taken out of the private sector. And given to whom? The army?

We're not living the cyberpunk future, yet, but sometimes the only thing I
think we're missing are the trench-coats and floating skateboards.

------
spudlyo
This 'strike back' notion is not new. I remember in the mid-90s there was a
silly commercial firewall product called the 'Sidewinder' that touted the
ability to 'strike back' at attackers, which I believe launched a daemon that
tried to trace the origin of the attacker. They were targeted at the
enterprise and cost like $50k.

The pointy-haired types at the place where I worked at the time were extremely
excited by this notion, and thought it was the coolest thing in the world, so
guys I knew on the network team were tasked with deploying them into
production throughout the various zones in our network topology.

I remember the horror stories, our network guys couldn't ever to get them to
work quite right, and they were always 'striking back' seemingly randomly
against phantom threats, eventually causing crippling load on the machine.
Eventually the feature was turned off, and a little bit later they were
replaced by commodity Linux boxes. To this day whenever this group of friends
and I discuss a new firewall product or technology we often ask dramatically
"BUT CAN IT STRIKE BACK!?"

------
iuguy
This is stupid. As John Pescatore said, there's no possible positive outcome
in this situation. You're feeding the bad guys fake documents, great! They're
still on your network, owning your kit, not so great!

Defeating this type of threat is often three small parts technology, three big
parts of HR investment and 1 massive part of user awareness training,
something I recently commented on here[1].

[1] - [http://www.tripwire.com/state-of-security/it-security-
data-p...](http://www.tripwire.com/state-of-security/it-security-data-
protection/myth-or-fact-debunking-15-of-the-biggest-information-security-
myths/)

------
neilwillgettoit
Well that's a nice piece of advertising.

