Page 1 of 2

Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 3:24 am
by MNP_Hikaru
I just finished reading this article and figured I'd share it here and see what everyone thinks.

How far, if at all, do you think people would be willing to go to fight back?

Re: Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 10:27 am
by limdis
This is guy is starting to figure it out. It's a shame really they haven't already largely switched over to this method. He is basically saying they need counter intelligence operations. Which includes (and more) of all he just said. Unfortunately I have a feeling this won't begin to come into play for a while and this is probably as far as this idea will go, for now.

Re: Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 11:57 am
by MNP_Hikaru
limdis wrote:Which includes (and more) of all he just said.


What else would you suggest? Just to keep the ball rolling... XD

Re: Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 2:06 pm
by mShred
Well who knows. It's not like they can turn around and have a bot DDoS their system. Like the dude said, it could be aimed at trying to identify the attackers. But with that, I don't know how well that'd work depending on the attacker's security measures. But either way, I like it.

Re: Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 3:10 pm
by centip3de
mShred wrote:Well who knows. It's not like they can turn around and have a bot DDoS their system. Like the dude said, it could be aimed at trying to identify the attackers. But with that, I don't know how well that'd work depending on the attacker's security measures. But either way, I like it.


I dunno, if the attacker was an idiot and made no attempts to use a proxy, and or hid there I.P. in any way shape or form, I'd love to see an automated-rehacking-bot.

Re: Companies switching from defense to offense

PostPosted: Fri Jul 27, 2012 3:11 pm
by limdis
Have files by design set up to continually communicate with companies servers. Very small, low bandwidth process that always runs simply giving the location of the file. If it gets downloaded by a hacker... the file continues to do its job. Lawsuit.

Re: Companies switching from defense to offense

PostPosted: Wed Aug 01, 2012 5:45 pm
by cyberdrain
Say, how exactly would you do that? Doesn't a hacker who downloads that be stupid enough to run the program to get infected? Furthermore, in companies the data of interest usually is just, well... data, not programs a hacker will run. Or did you have something else in mind?

Re: Companies switching from defense to offense

PostPosted: Wed Aug 01, 2012 6:01 pm
by limdis
I'm basically talking about a RAT being attached to something. But that is stripped of all the normal RAT fun tools. It's just a theory but I don't see why it couldn't be done.

Re: Companies switching from defense to offense

PostPosted: Sun Aug 05, 2012 4:37 pm
by cyberdrain
Ok, thinking with you here: a simplified RAT would need a vector then, otherwise it won't start. So you need some kind of worm, trojan or virus which will infect you when trying to read it. Could be as simple as a movie with an infected codec for WMplayer or something more difficult. But that would only activate if not on the original server, as otherwise you'd create a chaos on your own network. However you look at it, it would be malware and I'm not sure you can legally create those in a company. Interesting idea though...

Re: Companies switching from defense to offense

PostPosted: Mon Aug 06, 2012 6:58 am
by Jonnycake
If I understand correctly, it isn't illegal to create a RAT (depending on the country of course, I'm in the U.S.), it's just illegal to intentionally release it into the wild. That being said, if you had a RAT hidden within a "password file" and the attacker downloaded it or executed it in some way, you could simply argue that you didn't intend for it to get out, but it would have to be stored on a non-public directory. As long as your RAT doesn't self-propagate and spread to other victim machines, you should be all good from a legal standpoint (especially since it wouldn't be revealed until you reported it), but as cyberdrain pointed out, this would be impractical and half of the time wouldn't work because of the system dependency.