On a daily basis, companies and governments are targeted by cyber criminals and hackers from all over the world. The question that comes to everyone’s mind is how do we counteract these attacks…or better yet, why don’t we fight back? By understanding the technology that hackers utilize, companies and governments certainly have the strength and computer skills to fire back at a cyber attack. So why don’t they?
Recently, companies have created cyber weapons that can be used by governments to retaliate and bring down the specific websites that attacked them. Some of these are Symbiot Security’s program:
The first IT security solution that can both repel hostile attacks on enterprise networks and accurately identify the malicious attackers in order to plan and execute appropriate countermeasures – effectively fighting fire with fire. “While other companies offer only passive defense barriers, Symbiot provides the equivalent of an active missile defense system.
A few years after Symbiot, Rsignia’s CyWarfius was launched:
The CyWarfius CyberScope is an offensive capable cyber weapon specifically designed to address the unique requirements of the cyber warrior. With the ability to conduct a surgical offensive strike on a specific target, the CyberScope is the first offensive tool of its kind to provide pseudo-kinetic countermeasures against cyber threats.
The truth is that hackers rarely use their own websites and networks to launch cyber attacks. Instead of leaving footprints that can be traced back to them, they would rather hack into somebody else’s website or network, and make it seem like that network is launching the attack. This is backed up by recent date from 2009 that showed 71% of the websites with malicious code on them were legitimate websites that got hacked.
So in the case that a nation would experience a cyber attack (DDoS or Distributed Denial of Service attack) and decide to launch one back, it might bring down an innocent site or network that might not even have known that it was hijacked. Or worse yet, it might send out a counter attack that will be sent to it’s own infrastructure network.
Another risk here is that if a nation says that it will counter attack anyone that launches a cyber attack on them, this can be exploited by other nations to start cyber wars. Here are two examples of the exploitations:
“Country A (Russia) knows that country B (United States) would DDoS back anyone. It hates country C (China), so it rents bots within country C (China) to DDoS country B (United States). Ultimately, B (United States) DDoS-es C (China)…
Country A (China) wants to undermine the offensive DDoS capabilities of country B (Russia). It DDoS-es from bots located within country B (Russia). If B (Russia) starts DDoS-ing back the cyber attackers, it would ultimately end up DDoS-ing its own infrastructure.”
Aside from ethical reasons, these examples show us of why we can’t just choose to attack everyone back that attacks us. And even if do choose to launch the attack, we might as well start picking targets at random, as we can never be sure of who really launched the attack.