Security Company Launches Hacker Counterstrike

Texas-based security company Symbiot is planning to release a corporate defense system later this month designed to fight back against distributed denial-of-service and hacker attacks. Security experts, however, are expressing concern over the company's plans for the product.

In an article on CNET News.com, Munir Kotadia says Symbiot's president Mike Erwin and chief scientist Paco Nathan have posted a set of "rules of engagement for information warfare" on the company's Website prior to releasing the product. The pair says the rules should be part of corporate security policy to help companies determine their exact response to an incoming attack.

Symbiot says it bases its theory on the military doctrine of necessity and proportionality, which means the response to an attack is proportionate to the attack's ferocity. According to the company, its response to a hacker attack could range from "profiling and blacklisting upstream providers" to launching a distributed denial-of-service counterstrike.

The strategy, however, is raising the eyebrows of some security experts. Graham Titterington, principal analyst at Ovum, told Kotadia that "such a counterattack would not be regarded as self-defense and would therefore be an attack. It would be illegal in those jurisdictions where an anti-hacking law is in place."

Richard Starnes, director of incident response at Cable & Wireless, agreed, saying he would not employ an active defense technique because of the legal and ethical issues involved.

The experts also agree that an offensive strategy has a chance of hitting the wrong target. "Attacks are often launched from a site that has been hijacked, making it an unwitting and innocent - although possibly slightly negligent - party," Titterington told Kotadia.

To read the full article , Click Here>>