Related link: http://www.securitypipeline.com/showArticle.jhtml?articleID=20800218
I’m glad Security Pipeline published the news so explicitly. After the company Symbiot published a white paper suggesting that it was time to turn against network intruders and launch denial of service attacks from the white hats against the black hats, I haven’t been able to find anyone in the traditional computer security community to back it. A typical response is to go over to the wall and put one’s head up to it in despair–and that’s one of the more polite responses I’ve gotten. Some experts withhold judgement, but they don’t seem to think the proposal was serious.
Now Security Pipeline ran a poll and found (probably to everyone’s surprise) that a strong majority of readers like the idea of counter-attack. And this is what Symbiot is telling me when they approach customers–even government agencies. There’s a positive response to the idea.
As an interview I published with Symbiot shows, their concept of returning fire is more sophisticated than most people realize. And their product features much more than counter-attack; that’s probably a minor feature of the overall approach. Further confounding people who make snap judgements, Symbiot is going to open source much of their solution. I’m not an adherent to their cause yet, but I’m keeping in touch with them and expect this approach is not going to go away.
Open sourcing it
Hey, if they're going to open source it, that adds a lot of credibility to their approach IMO. Not to say that open source necessarily means it's the "right" thing to do, but that I'd be a lot more confident of their good intentions in a general sense (that they're trying to do what they consider do be the "right" thing) and in a technical one (that they're trying to avoid hammering the "good" guys by accident) if they really do open source a considerable amount of their code.
The transparency of the process through open source, especially when (in theory) crackers could review the code for weaknesses also, means (IMO) that they've put a considerably amount of thought into the approach.
I think the appeal of a counter-attack comes from the Wild Wild West nature of the Internet where 1) address spoofing is so easy and 2) even if you knew someone's true address the hodgepodge of overlapping and inapplicable laws makes it useless to go after someone outside the G7 anyway.
Due to these things, I think there's a sense of helplessness against these pests (spam) and criminals (crackers). Right now, it's like we have one hand tied behind our back and the other one is holding a Nerf bat, facing a sea of nasty beasties.
The fact is, it does boil down to economics. It's currently worth it for spammers to send spam because the fraction of a percent of customers who buy through it allow spammers to be paid by their clients, and there is little or no cost to sending the spam. IMO, the urge to counter-attack stems from an intuitive understanding that we have to increase the cost of sending spam in order to tilt the economic equation such that spammers will no longer be as motivated to send it in the first place. Bruce Schneier has written something along these lines, The Economics of Spam, also.
Preview option
Suggestion to the O'Reilly Network: A "Preview" button next to the "Submit" button when posting would be nice, to catch unclosed tags as in the first post below.
I'm making the suggestion here because I've tried the convential methods of contacting TPTB in the past and it's been spotty. For example, I never received an answer as to how to change one's displayed name with the new single sign on system.
Open sourcing it
a major problem with open sourcing tools like this is that the black hats get immediate access to them in order to subvert them for their own dark purposes.