[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] BBC cybercrime probe backfires

To: "Ron" <ron@xxxxxxxxxxxxxxxxx>, "Ivan ." <ivanhec@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <tbiehn@xxxxxxxxx>, <elazar@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] BBC cybercrime probe backfires
From: "Castigliola, Angelo" <ACastigliola@xxxxxxxx>
Date: Sat, 14 Mar 2009 13:22:49 -0400

Using the same technology to spread malicious viruses and worms and apply fixes 
for the very same exploits they used to obtain access to a remote computer is 
an age old debate. It has been discussed by industry heavyweights such as 
Microsoft Research to college grad students 
(http://www.newscientist.com/article/dn13318 
<http://www.newscientist.com/article/dn13318> ). Information Week published an 
informative article last week titled "Offensive Computing: A Bad Idea That 
Never Dies" 
(http://www.informationweek.com/blog/main/archives/2009/03/offensive_compu.html 
<http://www.informationweek.com/blog/main/archives/2009/03/offensive_compu.html>
 ). The author George Hulme does an excellent job of documenting the history of 
this debate in ideology and discuses the ethics questions surrounding the 
"offensive computing" theory.  

The "friendly worm" or "anti-worm" theory has been applied to the field already 
in October of 2001 with the release of the "Codegreen" worm 
(http://www.vnunet.com/vnunet/news/2115989/anti-worms-fight-code-red-threat 
<http://www.vnunet.com/vnunet/news/2115989/anti-worms-fight-code-red-threat> ). 
The "friendly worm" intended to spread and fix remote computers vulnerable to 
Microsoft Security Bulletin MS01-033. It is currently detected by anti-virus 
programs as W32/CodeGreen.worm, quarantined then removed.

My opinion is that "offensive computing" isn't justified. Vital networks 
important to the operation of government, internet, and private industries are 
often protected by layers of defenses against conventional hacking attempts. 
Likewise botnets are also an old idea that has been put into practice in the 
field. More recently sophisticated botnet software has been easily obtainable 
on the internet with very detailed operations manuals. This old idea has now 
manifest to a new threat and the defense layers protecting vital computer 
infrastructure will eventually be reengineered to handle these threats. 

By releasing "friendly\anti-worms" you are dictating a patch release scheduled 
to the internet and enforcing your policies with "offensive computing" 
techniques. Large production business networks often have very detailed patch 
release cycles and procedures for critical patches. These patch release cycles 
include testing, a pilot release then finally a full deployment. These 
production environments are very controlled and any changes are track through a 
change management system for approvals from various information technology 
departments that have a steak in ensuring the successful uninterrupted 
operation of these systems. These IT professionals are responsible and 
sometimes liable for the systems in these controlled environments. How would a 
"friendly\anti-worm" tell if this computer is a part of a controlled 
environment? What happens if the "offensive computing" applications spreads to 
one of these controlled environments because someone was infected at lunch at 
an internet café then unknowing plugged their infected laptop into a controlled 
business environment?

You can slice the debate many ways but ultimately "offensive computing" is 
software that will consume CPU time and additional memory which degrades 
performance without an operators consent and that is why it is illegal.

Angelo Castigliola III
EISRM - Application Security Architecture
Unum
acastigliola@xxxxxxxx

Disclaimer: The opinions expressed are my own personal opinions and do not 
represent my employer's view in any way.

________________________________

From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx on behalf of Ron
Sent: Sat 3/14/2009 10:57 AM
To: Ivan .
Cc: full-disclosure
Subject: Re: [Full-disclosure] BBC cybercrime probe backfires

Ivan . wrote:
> The BBC hacked into 22,000 computers as part of an investigation into
> cybercrime but the move quickly backfired, with legal experts claiming
> the broadcaster broke the law and security gurus saying the experiment
> went too far.
>
> http://www.smh.com.au/news/technology/security/bbc-cybercrime-probe-backfires/2009/03/13/1236447465056.html

They keep saying that the BBC "hacked" 22,000 computers, when in reality
the original articles said the BBC "acquired" or "hijacked" the botnet.
Strawman for the win?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] BBC cybercrime probe backfires
  - From: Ivan .
- Re: [Full-disclosure] BBC cybercrime probe backfires
  - From: Ron

Prev by Date: [Full-disclosure] cryptographp v1.4: file contents disclosure bug
Next by Date: [Full-disclosure] [ GLSA 200903-28 ] libpng: Multiple vulnerabilities
Previous by thread: Re: [Full-disclosure] BBC cybercrime probe backfires
Next by thread: Re: [Full-disclosure] BBC cybercrime probe backfires
Index(es):
- Date
- Thread