[Full-disclosure] BBC cybercrime probe backfires
ACastigliola at UNUM.COM
Sat Mar 14 17:22:49 GMT 2009
Using the same technology to spread malicious viruses and worms and apply fixes for the very same exploits they used to obtain access to a remote computer is an age old debate. It has been discussed by industry heavyweights such as Microsoft Research to college grad students (http://www.newscientist.com/article/dn13318 <http://www.newscientist.com/article/dn13318> ). Information Week published an informative article last week titled "Offensive Computing: A Bad Idea That Never Dies" (http://www.informationweek.com/blog/main/archives/2009/03/offensive_compu.html <http://www.informationweek.com/blog/main/archives/2009/03/offensive_compu.html> ). The author George Hulme does an excellent job of documenting the history of this debate in ideology and discuses the ethics questions surrounding the "offensive computing" theory.
The "friendly worm" or "anti-worm" theory has been applied to the field already in October of 2001 with the release of the "Codegreen" worm (http://www.vnunet.com/vnunet/news/2115989/anti-worms-fight-code-red-threat <http://www.vnunet.com/vnunet/news/2115989/anti-worms-fight-code-red-threat> ). The "friendly worm" intended to spread and fix remote computers vulnerable to Microsoft Security Bulletin MS01-033. It is currently detected by anti-virus programs as W32/CodeGreen.worm, quarantined then removed.
My opinion is that "offensive computing" isn't justified. Vital networks important to the operation of government, internet, and private industries are often protected by layers of defenses against conventional hacking attempts. Likewise botnets are also an old idea that has been put into practice in the field. More recently sophisticated botnet software has been easily obtainable on the internet with very detailed operations manuals. This old idea has now manifest to a new threat and the defense layers protecting vital computer infrastructure will eventually be reengineered to handle these threats.
By releasing "friendly\anti-worms" you are dictating a patch release scheduled to the internet and enforcing your policies with "offensive computing" techniques. Large production business networks often have very detailed patch release cycles and procedures for critical patches. These patch release cycles include testing, a pilot release then finally a full deployment. These production environments are very controlled and any changes are track through a change management system for approvals from various information technology departments that have a steak in ensuring the successful uninterrupted operation of these systems. These IT professionals are responsible and sometimes liable for the systems in these controlled environments. How would a "friendly\anti-worm" tell if this computer is a part of a controlled environment? What happens if the "offensive computing" applications spreads to one of these controlled environments because someone was infected at lunch at an internet café then unknowing plugged their infected laptop into a controlled business environment?
You can slice the debate many ways but ultimately "offensive computing" is software that will consume CPU time and additional memory which degrades performance without an operators consent and that is why it is illegal.
Angelo Castigliola III
EISRM - Application Security Architecture
acastigliola at unum.com
Disclaimer: The opinions expressed are my own personal opinions and do not represent my employer's view in any way.
From: full-disclosure-bounces at lists.grok.org.uk on behalf of Ron
Sent: Sat 3/14/2009 10:57 AM
To: Ivan .
Subject: Re: [Full-disclosure] BBC cybercrime probe backfires
Ivan . wrote:
> The BBC hacked into 22,000 computers as part of an investigation into
> cybercrime but the move quickly backfired, with legal experts claiming
> the broadcaster broke the law and security gurus saying the experiment
> went too far.
They keep saying that the BBC "hacked" 22,000 computers, when in reality
the original articles said the BBC "acquired" or "hijacked" the botnet.
Strawman for the win?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.