Legal Hack Back Lets You Go After Attackers In Your Network

itwbennett writes: Security startup Cymmetria has a new offering for customers: "legal hack back." The hack back tools have been added to the company's MazeHunter deception technology and will enable "tracking down the attack servers and wiping data originally stolen from their servers, probing the attack infrastructure for weaknesses to exploit, disabling the systems controlling malware, looking for information about the attackers to use in attribution, and launching distributed denial-of-service attacks to slow down criminal operations," but security teams are restricted to taking these actions on systems within their organizations, writes Fahmida Rashid in CSO Online. "Legal hack back via MazeHunter is more than traditional incident response because the organization can run a payload on the infected machine to engage with the attacker even before the forensics part of the investigation is complete," said Gadi Evron, founder and CEO of Cymmetria.

If it is in your network...

[aepervius]

...And assuming it cannot be sometimes very sensitive, why do you need to hack back your own machine ? Pull the Lan cord, re-image it, at worst copy essential document, et voila.

Re:

[freeze128]

"If thyne eye doth offend thee, pluck it out!"

but he is with 99+% chance OUTSIDE your network

[aepervius]

And this is illegal is nigh all places to hack outside. The story is about hacking and gathering information INSIDE your own network.

Cyberpunk is coming

[budsetr]

Black ICE

Spoof the source IP and get them to eat themselves

[HornWumpus]

Better still, trick them into 'hacking back' at the NSA. Laughs all around.

Re:

[DontBeAMoran]

http://hoaxes.org/weblog/comme... [hoaxes.org]

Re:

[AHuxley]

In a fictional movie script setting.
Will that ip always point to a 8/16, early 32 bit desktop computer at home in real time?
In terms of a user's home desktop 8/16/32 bit computer with, dial up modem, big HD storage, a set ip for hours and dial up isp ip range.
The interesting person uses their home ISP account to get into to a computer network and slowly move files back to their own home computer over hours.
Logs show a clear moment of files from the network to a home computer ISP account.

The skill lev

Re:

[Hognoxious]

Indeed. The words "false", "flag" & "lawsuit" spring immediately to mind.

Legal Pre-Emptive Hack . . .

[PolygamousRanchKid]

Legal hack back via MazeHunter is more than traditional incident response because the organization can run a payload on the infected machine to engage with the attacker even before the forensics part of the investigation is complete

Well, that might be enough for some primitive folks, but for folks expecting American Defense Quality, I want a system that will attack the hackers before they even think about hacking.

Yeah, sure, you haven't done anything yet, and you are still innocent, but the NSA/CIA/FBI AI models say you WILL be guilty sooner or later, so we might as well take you out right now.

Re:

[Anonymous Coward]

Yeah, sure, you haven't done anything yet, and you are still innocent, but the NSA/CIA/FBI AI models say you WILL be guilty sooner or later, so we might as well take you out right now.

At which point, there is no law. Anyone can be manipulated to commit any crime given enough subtle changes to their environment. Do it early enough and you can be the grand master of your own conspiracy, letting others take the fall for their role in the final act, but leaving you free and clear despite your careful domino pla

Lets see how this works the other way around

[Anonymous Coward]

I run a hosting company which houses tens of thousands of servers and one of my customer machines is compromised. This malware hacks another company who has this HackBack(TM) service which then hacks back into my customer machine and begins to probe my network for weakness. My IDS detects this which launches its own HackBack(TM) service into this other company. Who sees me attacking and launches another HackBack(TM) attack.

2002 called, they want their lazy worms back

And this is "legal" because...

[Anonymous Coward]

... we want it to be? ... the CEO saw it in a movie? ... the check is in the mail?

Inquiring minds want to know.

Because...

[Anonymous Coward]

Because this is HACKING the HACKERS with HACKS. That's why.

You have now read the entire substance of the thing. You are up-to-date.

Re:

[Anonymous Coward]

ONLY Hackers can Hack Hacky Hackings, not LUDDITE Users

Hacks!

Re:

[Big Hairy Ian]

... we want it to be? ... the CEO saw it in a movie? ... the check is in the mail?

Inquiring minds want to know.

It isn't and you'll probably be hacking a third party machine which has already been hacked by your attacker and when they do their forensics they'll see they got hacked twice once by the attacker (Who covered his tracks) and once by you (Who didn't cover his tracks). See you in court

Re:

[Bugdanoff]

... because some smart legislators introduced the ACDC Act [slate.com], again.

Okay not a lawyer

[coolmoe2]

But if its my network who is gonna press charges.
Just sayin

Sound pretty interesting if true but..

[Neuronwelder]

What if they get smart (which they will) and immediately take the data and store it off site.

What will actually happen

[whitroth]

instead of companies hiring folks who actually know what they're doing, they'll tell someone to run this. And the next thing you know, the person who doesn't actually know what's going on will "fix" it so it includes anyone attacking them, and then someone's mother or grandmother, whose machine was compromised by malware that they had no clue about, will suddenly be toast, all their emails, and writings and pictures of their kids gone. And they won't have a clue what happened.