Plan to Fight Back Against Hackers Causes Stir

A new security company is up and running with the idea that it’s simply not enough to

protect a corporate network anymore. They say it’s time to fight back.

But some members of the security industry worry that giving IT managers the tools to attack

their attackers could cause far more serious problems than it would solve.

Symbiot, Inc., a fledgling infrastructure security company based in Austin, Texas, is

getting ready to release its first product at the end of this month. The company’s

Intelligent Security Infrastructure Management Solution uses artificial intelligence

software to analyze network patterns, manage attacks on the network and respond to them.

What is causing a stir in the security community is the response part of the plan.

Symbiot’s founders are looking to fight back against hackers, virus writers and

denial-of-service attacks by launching counterattacks. It’s time, they say, for the

attacked to become the attackers.

”Threats to the enterprise network are evolving at an unprecedented pace,” says Mike W.

Erwin, president of Symbiot. ”Businesses can no longer afford the substantial financial

resources and manpower associated with the endless loop of building walls and repairing and

rebuilding them after each attack — only to repeat the process day in and day out.

”Responses would include many different levels, graduated from blocking and quarantining

to more invasive techniques,” he adds.

So far, however, Symbiot executives are not saying exactly what these ‘invasive techniques’

will be. Erwin would only go so far as classifying the countermeasures as ‘non-destructive,

destructive-recoverable, and destructive non-recoverable’. He does say that blocking,

shunning and diverting attacks will take care of most threats.

But it’s the term ‘counterattacks’ and what that might mean that has security analysts

concerned.

Launching a retaliatory denial-of-service attack against an aggressor opens up the door to a

whole host of questions. How would that counterattack affect ISPs? What would it do to

network traffic and corporate bandwidth? Would the attack target unsuspecting users whose

computers have been compromised by a virus and now are being used to send spam or

denial-of-service attacks?

”This is not the best of ideas,” says Steve Sundermeier, a vice president with Medina,

Ohio-based Central Command, Inc., an anti-virus company. ”Think about how Code Red or

Blaster affected bandwidth as a whole. A counterattack would only add additional weight to

the to the bandwidth pressure. That could put the Internet into a crawl.

”You’re putting companies at risk,” he adds. ”You’re putting people’s livelihoods at

risk… It just isn’t a good idea to repay evil with evil.”

See Continuation: How Will ISPs and Users be Affected?

Sundermeier also worries that ISPs, which deal with such large amounts of network traffic,

would be pummeled by the weight of counterattacks.

Erwin, however, says ISPs are already suffering.

”Intermediaries, such as ISPs, are already caught in the middle when one of their

customers is engaged in, or is the target of, a network-based attack,” he says. ”Our

system empowers customers to mount a supportable response at the moment they are being

attacked and their network assets are placed at risk by an attacker.”

Both Sundermeier and Ken Dunham, director of malicious code at iDefense, a security and

anti-virus company, say innocent users, whether individuals or corporate users, would feel

the brunt of many counterattacks.

A significant number of worms in the past several months have been geared to infect a

machine and then open a backdoor that the virus author can use to remotely control that

computer. Once thousands or hundreds of thousands of machines have been compromised this

way, the hacker can then use this army of ‘zombie’ machines to send malignant waves of spam

or hit a company with an aggressive denial-of-service attack. If the company under attack

traced the source of the attack, it would take them back to these compromised machines.

That means a counterattack might be more likely to hit an elderly woman living in Duluth or

a remote worker who didn’t download the security update in time, as it would the virus

author who actually infected those machines and launched the attack.

Symbiot’s Erwin says those compromised computers are a part of the problem, leaving them

open to response.

”When a zombied host or infected computer has been clearly identified as the source of an

attack, it is our responsibility to empower customers to defend themselves,” says Erwin.

”An infected machine, one no longer under the control of its owner, is no longer an

innocent bystander.”

Dunham of iDefense disagrees.

”This is riddled with problems,” says Dunham. ”You don’t want to make it any more awful

for a victim than it already is. If someone’s computer has been compromised, you don’t want

to slam them again with a counterattack… What kind of online community would this lead

to?”

Dunham adds that he’d be interested to find out what would happen if a computer on a

military network was compromised and used in a denial-of-service attack. The company that

launched a counterattack against that machine might find itself in a situation it hadn’t

expected.

Symbiot executives say they’ll release more information about their product the closer they

get to the release day, which is scheduled for March 31.

Want to talk about this topic? Go to our IT Management Forum: http://forums.datamation.com/forumdisplay.php?s=&forumid=1

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

  SEE ALL
ARTICLES  

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Subscribe