Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Crime

FBI Monitoring Hacking Targets For Retaliation 96

An anonymous reader writes: As high profile security breaches continue to grab headlines, little is being done visibly by the government to prevent future attacks. This is prompting some victims (and potential victims) to find creative ways to stop the hackers. The FBI is now concerned that U.S. companies and institutions are themselves breaking laws by retaliating with cyberattacks of their own. "In February 2013, U.S officials met with bank executives in New York. There, a JPMorgan official proposed that the banks hit back from offshore locations, disabling the servers from which the attacks were being launched ... Federal investigators later discovered that a third party had taken some of the servers involved in the attack offline, according to the people familiar with the situation. Based on that finding, the FBI began investigating whether any U.S. companies violated anti-hacking laws in connection with the strike on those servers, according to people familiar with the probe."
This discussion has been archived. No new comments can be posted.

FBI Monitoring Hacking Targets For Retaliation

Comments Filter:
  • by Anonymous Coward

    Disabling servers from which an attack is being launched against you isn't "retaliation". That's self-defense. Now, I know that striking back at the right target isn't easy, and some "innocent" people may get hurt, but if you are being attacked, and some third party's stuff is being used to attack you, you're still not "retaliating" if you damage that stuff in an attempt to end the attack.

    • The proper way to answer to an on-going attack is to redirect traffic to analysis site and collect the information or go off-line. Responding to an on-going attack by an attack is not a defensive/self-defense reaction, it is an offensive reaction the site you target is then, following the same logic, completely entitled to reply to in turn. If you believe your reply is legitimate, the reply of the sites you then attack is also legitimate. You cannot pretend you have properly identify the authors when an att

    • Sounds like the rationalization behind drone strikes.
    • by HiThere ( 15173 )

      How certain can you be that you got the right servers? How certain can other people be?

      It's not clear to me that this is justified. It's too easy for it to go wrong, or to "accidentally" target someone other than the ostensible attacker.

  • by Charliemopps ( 1157495 ) on Wednesday December 31, 2014 @09:15AM (#48704229)

    They are concerned because some of these Attacks are perpetrated by the FBI/NSA/CIA.
    Can't have people retaliating against their own infiltration operations...

    Too bad the internet's down in North Korea, they'd be interested in this story for sure!

    • They are concerned because some of these Attacks are perpetrated by the FBI/NSA/CIA.

      DDOS against US/European banks? I highly doubt that.

      Too bad the internet's down in North Korea, they'd be interested in this story for sure!

      Your concern for the "Democratic People's Republic of Korea" is touching.

  • by Anonymous Coward on Wednesday December 31, 2014 @09:15AM (#48704237)

    An i(phone) for and i(phone) and a (blue)tooth for a (blue)tooth.

  • by Anonymous Coward

    I'm not sure what else to infer from a story that implies the fbi is investigating jpmorgan for criminal activity...

  • by Anonymous Coward

    Catch the people defending themselves.

  • Corporate cyberwarfare? Come on, that's right out of Gibson's head.

    And I am all for it.

    • by Anonymous Coward

      Hack the Gibson!

    • by afgam28 ( 48611 )

      Does anyone else feel that using the term "cyberwar" to describe this is an insult to anyone who has ever been through a real war? Insofar as there is a conflict between two or more parties, it is like a war. But that's the furthest that the analogy can be taken without it falling apart. Let's get some things straight: computers aren't people, DDoS attacks cause orders of magnitude less suffering than real war, and using a hyperbolic analogy leads to massive escalations of a conflict (e.g. Obama getting inv

      • by zlives ( 2009072 )

        not that i completely disagree, however just as a counter point...

        If ddos is not really that bad.. suffering and all, what difference does it make if the retaliation strike is done against the perpetrator's computer. its not a real person that's getting affected, just a computer. Or even an entire country, if it was US that retaliated, again its just some computers mostly being used to watch porn and cat videos anyway.

        • by afgam28 ( 48611 )

          Most DDoS attacks are launched from zombie botnets, so there's a lot of collateral damage when someone does a "retaliatory" or "self-defensive" attack. It usually misses the true perpetrator's computer.

          Anyway I'm not saying that DDoS is "not really that bad". My point was more that bad analogies lead to bad conclusions. It looks to me like a disgruntled employee hacked into SPE and hurt the feelings of a few celebrities who made some shitty movie, and somehow this has resulted in two nation-states getting i

          • Is there a term that fits better? You are right that the traditional definition of "war" doesn't really fit, but if you look at the modern usage (http://dictionary.reference.com/browse/war?s=t definitions 5-7) you will see that it is absolutely appropriate. I tend to get a bit pedantic with semantics, so I'm not exactly enthusiastic about what has been done to the term (I want to slap LBJ for "The War on Poverty"), but it is what it is.
            • by zlives ( 2009072 )

              in unrelated news, it seems everything we declare a war on keeps getting to be a bigger issue. Poverty, Drugs, Terrorism... perhaps its time we declared war on good health, wealth and wisdom.

      • I'm not talking about retaliatory DDoS.

        Unless the people behind the attack are physically located in the US or a nation interested in prosecuting them, there is no authority to turn to, no one to track down and prosecute the offender and no hope of restitution. That is where your car analogy falls apart, as there would be no FBI to get involved.

        But under your analogy, leaving cars all over Jersey streets wouldn't be the proper response. Hiring someone to find and beat the perpetrators would be the way

  • by Anonymous Coward on Wednesday December 31, 2014 @09:29AM (#48704341)

    ...should you not defend yourself?

    • ...should you not defend yourself?

      Sure. The problem is, in the absence of an impartial referee everyone can submit to without losing face, things tend to get out of hand. You think someone's been unjust to you? Retaliate! Someone might be planning to attack? Attack them first! Someone's getting dangerously powerful? Take them down while you still can!

      Just look at world politics: areas with functioning hegemons, even completely impotent ones like the EU, have issues settled through legal battles, while area

      • ...should you not defend yourself?

        Sure. The problem is, in the absence of an impartial referee everyone can submit to without losing face, things tend to get out of hand. You think someone's been unjust to you? Retaliate! Someone might be planning to attack? Attack them first! Someone's getting dangerously powerful? Take them down while you still can!

        Just look at world politics: areas with functioning hegemons, even completely impotent ones like the EU, have issues settled through legal battles, while areas without them, like Africa, have an endless supply of militant groups. The hegemon doesn't necessarily have to be a Leviathan, to produce obedience through fear of themselves, they just need to have general recognition as the legitimate ruler so that anyone willing to defect over any particular issue is put back into line by the others for fear of anarchy.

        More importantly, the article mentions using "overseas locations" to retaliate. Really all this is (or would be) doing is dirtying the water to make it harder to find out who the real malicious actors are. Better to spend your resources tracing down the exact source, or better yet on public awareness campaigns about malware (since all DDoS "attacks", and a lot of other attacks, come from compromised bystanders). Otherwise, you are just going to push your attackers on to a different group of hosts and wil

        • by N1AK ( 864906 )

          Better to spend your resources... on public awareness campaigns about malware (since all DDoS "attacks", and a lot of other attacks, come from compromised bystanders).

          I'm sure the first thing people should think of when someone is shooting at them is that they should be putting more money into lobby educating people not to give guns to violent people!

      • by Anonymous Coward

        This is exactly the situation that shipping faced in the sixteenth through eighteenth centuries: state and non-state actors alike were interdicting commerce, seizing assets, and wrecking trade. Privateers arose, working both sides of the dilemma: they were both freebooting pirates and instruments of revenge for losses incurred. Eventually people realized that the only ones profiting from that system were the pirates, precisely because they worked both sides of the issue, while everyone else suffered treme

    • by Jaime2 ( 824950 )

      Nope. The person you are attacking back against is likely another victim whose hardware has been commandeered. In this case, your attack will do nothing to harm the perpetrator and will probably harm a bystander.

      If retaliation becomes the norm, then an effective method of attack amplification will be for a small entity to attack a large entity and frame the intended victim for it.

    • by NoKaOi ( 1415755 )

      ...should you not defend yourself?

      There's also a difference between retaliation and defense.
      Scenario 1: Bank is being hacked. They take down attacking server to stop the attack. That's defense.
      Real world analogy: Somebody is mugging you. You punch them in the face to prevent them stealing your wallet.

      Scenario 2: Bank was hacked. They take down the server that attacked them. That's retaliation.
      Real world analogy: Somebody mugged you. You figure out who they are, go over to their apartment and punch them in the face.

      Of course, in scenar

  • by Connie_Lingus ( 317691 ) on Wednesday December 31, 2014 @09:29AM (#48704343) Homepage

    as if the FBI/CIA/NSA aren't already tools of the plutocratic multi-nationals.

    i believe that the only reason they don't want them doing it on their own is that it robs the 3-letter agencies of political glory.

    • i believe that the only reason they don't want them doing it on their own is that it robs the 3-letter agencies of political glory.

      So you see no downside to unregulated corporate hacking? I would have thought that someone supposedly concerned about "plutocratic multi-nationals" might have a different view. Or does this come back to the question of who's a tool?

  • I know I shouldn't say it but this is completely fucking awesome. We live in a cyberpunk future!

  • by koan ( 80826 )

    Is this the same FBI that told us NK was responsible for the Sony hack?
    Federal Bureau of Incompetence.

    • by TimSSG ( 1068536 )

      Is this the same FBI that told us NK was responsible for the Sony hack?
      Federal Bureau of Incompetence.

      I just wish we could get all the incompetence located in a single bureau. Tim S.

    • by HiThere ( 15173 )

      Why do you think that was incompetence rather that political manuvering? Ask 10 people at random, and if they even know about the Sony hack, most of them will blame North Korea.

      Lies, rather than incompetence, is what you should expect here until there is evidence to the contrary. (OTOH, if they were really competent, and cared, they could at least have come up with some decent evidence. My take is that they didn't care, however, rather than that they were incompetent.)

      • by koan ( 80826 )

        Sure conspiracy is an option, I've covered that multiple times here's one: http://slashdot.org/comments.p... [slashdot.org]

        But here's something else to consider, getting caught at lying IS incompetence, so you see no matter how you look at it they are incompetent.

  • Not real hackers (Score:5, Insightful)

    by Michael MacDonald ( 3967307 ) on Wednesday December 31, 2014 @09:34AM (#48704377)
    Normally I would be against this, but nowadays hackers are mostly just extortionists. Not to mention the damage they've done to the work done by real hackers trying to protect freedom. Really, I think this generation of hackers just need to be purged so the scene can get back to normal.
    • by wbr1 ( 2538558 )
      That used to be the difference between hacker vs cracker. One was for personal enlightenment or social gain, while the other was for various profit/greed/destructive motives. Then the mass media co-opted hacker to be the bad guy.

      Now we have 'hacktivists' (whether you love or loathe the term) who are supposed to use their powers for perceived social good. As is often the case, the distinction is not always black and white.

      • by HiThere ( 15173 )

        Sorry, but the term "cracker" was only created after the media started to refering to ANY computer exploit as the work of a hacker, and only publicizing the unlawful ones. It never caught on outside of a quite limited community. Give up the battle, it's time to invent a new word to mean what hacker used to mean.

  • by Lawrence_Bird ( 67278 ) on Wednesday December 31, 2014 @10:10AM (#48704607) Homepage

    but not ok for anyone else. this is what happens when governments routinely skirt the law.

  • by azav ( 469988 ) on Wednesday December 31, 2014 @10:22AM (#48704711) Homepage Journal

    the companies wouldn't have an incentive to do that.

  • Is anyone surprised by the attitude of the FBI? They're cops. Cops are people who ignore you when you report a theft or assault, protect their own skins instead of the public, then throw you in jail for carrying a weapon to defend yourself.
  • Dog in the manger. Can't protect you, can punish you for doing anything to protect yourself.

  • Great idea... why didn't we think of that?

    o.0

Keep up the good work! But please don't ask me to help.

Working...