Letting Companies Hack the Hackers: What Could Go Wrong?

Hah! Doom and gloom on the hacker front as usual. Hacking is much much more than a technical problem...it is a human problem. Hacking the bad guy's computers is pointless because of course, they don't use THEIR computers! They use somebody else's computers.

I read about a fellow who got back at a hacker who got people to download a "fix" from an annoying bug he had installed. Everybody has seen examples! The "fix" was a fairly common remote app. Our guy had an old computer with nothing particular on it (hey,everybody has one of those!), loaded the "fix", and waited for the bad guy to drop in. He was fascinated by the search which resulted...he watched some dude (I call him a perp) crawl all over his computer, finding some old pron, and chortled in glee when the dude found the file called "online banking passwords", and downloaded the cocktail of viruses he had loaded into that file.

He figured that a valuable file like that would be transferred back to the perp's computer asap. And if it ends up staying on somebody's zombified computer, no harm done as long as the owner doesn't start combing through the lines of code and wonder what this new file was.

As far as hacking back at the perp's computer...that might be harder. I imagine you could hide an easter egg inside an attractive file which would do a lot of damage, but could you be sure to get the right person? The third person to open that file maybe? As tempting as that might be...fact is...you might get the wrong person, and just like that you become "one of them".

Personally, I virus scan hourly, and update daily. There seems to be a lot of lowlife out there....like the mice in the walls, you just have to keep 'em out. That seems to take care of hackers, so far. I reply to spammers with movies. I figure if enough people do that, then we create a DOS attack against the spammers. At least, for a few moments. At least we fill up their mail boxes.... And if they are using YOUR mailbox? Oh well, no harm done. (this has actually worked on one occassion! The company who was being zombied didn't know it, and didn't care until after I sent him a week of movies. They fixed the problem!)

That's an awesome response, I like it. But then again, hackers should be savvy enough to use VMWare and the like to limit damage back to their own machines. Also using separate computers with ghost images to back up their system that is completely separate from their 'personal' machine.

I believe the term might be 'honey pot' as an attractive target/trap rather than an 'easter egg'. Easter eggs were intended to be benign, fun little undocumented features embedded within a system.

Whether private companies should attempt retaliation or not is still very much a gray area. This is a new area of international warfare with nation states and organized crime and we need to be capable of fully defending ourselves as well as mounting an over-whelming offense when warranted.

Oh, it would make ME smile....grin! Its been MY experience that hackers, like all crooks, are rarely very intelligent. After all, how many Nigerian spammers have bothered to get their appeals proof read by a native English speaker? And how many times do you get the tired old call to "please send me prices for (product) to Mr. whatever in SW Africa? They can't be bothered to remove the brackets around the product they have spotted on your web site. Yet, they will pay for your (product) with a stolen credit card number. How did they get that number? Ahh..... (places finger along side nose. Thats where the hackers come in!)

Trouble is, they play the numbers game, and as Adams says in his book "The Dilbert Principle", people by and large are idiots, so one or two out of thousands spammed makes it all worth while.

The "war" has been going on for a long time. Have you ever visited a site called "419eater dot com"? A large number of people string these mu-goos along, wasting their time, resources, and energy, all while having a ball. I rather enjoy rick-rolling them myself!

Once in a while, when I feel particularly in a trolling mood, I submit a file with a list of false information. Flooding the interwebs with bullshit, reducing the value of the lists of stolen information. If enough of us DO that, then the buggers will starve on the vine.

Well, thats the plan anyway!

A honey pot is designed to foil computer hacking. It might be what I am thinking of....there are hundreds of varieties of honey pots in use. Most seem to be designed to find the perp, rather than to destroy the perp with a logic bomb. I rather like "project honey pot". More useful I think for sys ops than individuals though.

This is fun! Until they start targeting ME!

The human element will continue to cause problems. Getting through and around fire walls will continue as long as there are people.

Good trickery as a "sting."

I have advocated for Sandboxie in the past. That coupled with a new add-on for Firefox I recently discovered, NoScript, has greatly decreased my anxiety over being infected because it hasn't happened. I do scan for viruses occasionally, but, so far, nothing is found since I started using sandboxie ~3+ years, now. I have been using NoScript ~1 month. But it makes a lot of sense to use, too. I also use Sandboxie to install and run any programs that I am not sure of -- what they might try to install or do to my system. They run in the virtual space.

One of my students told me that they loaded a virus (re-director) onto their computer from a memory stick he inserted brand new from the package. It had been "got to" back at the factory!

I wonder about that story though. But I suppose scamming and spamming is a very competitive market.

Certainly a possibility.

I keep real-time virus detection running on my work computer, because of USB drives, as much as anything. I think I remember 1 instance of detection, and false at that, due to the aggressiveness of the virus program. But then my USB exposure is quite limited.

At home, maybe at my peril, I don't worry so much about it because I'm the only user and so only my USB sticks ever get plugged in to the system. If any of them had gotten infected at the factory, I might discover it too late. I've also heard of instances where commercial software discs were infected, too.

It is prudent to leave real-time virus protection running; especially on systems where there are multiple users who frequently use USB drives.

An interesting test file can be created using a text editor. (Note: On the Download page there is a Zip version, as well.)

When I do scan I tend to use several programs in a row. Virus, then Spybot. SuperAnti-Spyware Blaster. Ad-aware, Spywareblaster - not necessarily in that order. Probably overkill and, no doubt, overlap. But since I don't do it but 2-3 times a year (or less even ) it isn't so bad.

I am more ashamed of my lack of regular HD backups. Having had the "accident" several times in my computing life, I should know better.