Every day I take a quick glance at my tools I can see evidence of the constant attempts to gain illegal access to my company’s computer networks. Each day there are 10s of thousands of probes from thousands of IP address.
To the best of my knowledge my company doesn’t do this sort of thing but people on my team sometimes talk about it and wonder if we should do it:
So far, the company said its Digital Crimes Unit, through 24 lawsuits—five of which were against nation-state actors—had taken down more than 10,000 malicious websites used by cybercriminals and almost 600 used by nation-state actors, and had blocked the registration of 600,000 more.
It’s very resource intensive to push these things through the legal system. Resources that could be used to harden and/or detect and remediate breaches. There are no easy answers and I don’t fault management for the decisions they have made.
I just know that, for me, as long as there are evil people out there, it means I will have job security.
So many who hold the pulse strings don’t have a clue about the damage that they are inviting.
Interesting parallels to the analog world.
Continuing with Boris’ thought RE: the analog world, and Joe’s, “…as long as there are evil people out there…” gun ownership, and use of those tools, will not go away, despite the devoted, but misguided, efforts of some.
In fact, those who seek to restrict it should be included in the “evil people out there” group.
You don’t even get a moment to breathe.
When we set up a security systems demo at my company, we instantiate a new service in the AWS cloud, and in the first 60 seconds of it powering up, it has already been probed dozens of times for exploitable vulnerabilities. If any of those reconnaissance attacks has come up positive, I’m sure an automated follow-up attack would have fired from a botnet to pwn the box, install rootkits and/or botnet nodes, and the cloud virtual machine that you’re paying for would happily sit there waiting to do what you want while it silently does what what someone else wants.
The attack systems are automated, and the whole cloud, every IPv4 address owned by cloud providers, is monitored.
That’s the sort of thing that you’d think ‘burner ICE’ would be developed to defend against.
Try to pry into my computer? I run right back down the connection and cause yours to melt into a puddle of plastic and metal bits.
Subscribe to an upstream signaling service and report your failed attackers to an aggregating service. Help automate blackholing the bot nodes.
I realize that just sounded like I was reading out of a William Gibson novel.
Yeah, that has a nice cyberpunk ring to it. I’m thinking a lot of these shenanigans would subside if our megacorps would dispatch mercenaries to exterminate the troublemakers. I guess we haven’t gone full Gibson just yet.
That’s a very problematic response that relies on a fantasy fostered by speculative fiction. You are more likely to harm otherwise innocent infrastructure that has been infected than bother the perpetrators, and, given that you probably have far less knowledge about how to do that than they do, and far fewer resources, you are more likely to run afoul of law enforcement or just be overwhelmed..
Patch, mind your configurations, monitor your traffic, and engage with your providers and law enforcement as needed.
Kurt
Lie back and think of England, eh? And trust law enforcement to do the right thing?
Haha no.
I expect that at some point a group of various experts will get together to hunt down the perps that do the various ransomware and malware and send their hunter/killer people in to lay waste to all involved. I think lots of people would be willing to donate to a fund to support them in this endevour.
I suspect that nothing less will ever have a measurable effect on the problem. When people who want to screw with other people find that they actually have skin in the game, things change.