(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

“Active Defense” The New Digital Wild West Justice

with 3 comments

Bringing A Knife To A Gun Fight

So, companies are starting to consider what is being called “Active Defense” against would be attackers online. Given what I know about the places I have seen over the years as a consultant, I would have to say that this would be the net effect of bringing a knife to a gunfight. Why you ask? Well, because as we have seen generally, and are being told all of the time by numerous people, we, generally, do not have very good defenses in many companies never mind the wherewithal to “strike back at” anyone that might be knocking on your digital door. This my friends, is one of the worst ideas in all of human kinds existence.

No doubt it will be the norm soon though, with a vendor on every stoop selling the next whizbang “blackice” to get those pesky APT’s

Wheeee, I can’t wait! Look, why not just fix the stuff you have and work on keeping it secure and not letting the bad men in first shall we? What? That’s not sexy enough? You say it’s not proactive? You need to see blood once you have been hacked?

Oy vey…

Earps, Clantons, And The Duck Of Death

I can see it now, it’s going to be akin to Old West gangs on the internets. The Duck of Death will be out gun-slinging, calling out all those weaker sorts in his clipped British accent.

“Come now sir, you really think that firewall will stop me? Don’t you know who I am? I am the Duke of Death”

This will just get out of hand and incredibly stupid. Sure, you can say that you are just going to maybe tarpit those attackers to prevent them from getting in quickly, but, you have to know that there will be (already are) services where blackhat types will hack back against those who “dun you wrong”

*spits into spitoon*

“Yup, I can git a cyber posse together and we can capture those there cyber varmints that done you harm lil missy”

This won’t end well…

Seriously? We Can’t Even Secure Our Shit

On a more serious note though, how many companies are really in a position to even think that they are near being secure? What we have developing here is just a reactionary “for hire” model of blackhats, and really, who’s to say that this company you are hiring isn’t going to rat you out in the end anyway? Or, for that matter, that their super blinky light appliance really will do what they claim and.. Well… What? Attack who? God, don’t even get me going on attribution here! I mean, really, c’mon, I have been all over this, who’s to say that Pharmacombinate A actually hacked your secret sauce in the first place? Especially if you have poor defensed already and no real way to tell if you are right.

Oh, and do you have a proactive and knowledgeable security team anyway? Do they have control over the environment (as much as anyone can) to respond not only to an incident, but also the aftermath? Are they in fact going to push the button on countermeasures? Will it be automated and perhaps cut off business operations because someone forgot to enter an IP address into a firewall or “hack back” appliance? What if it’s a client or business partner under that same scenario? Are you going to hack them? Block their traffic and thus go back to the issue of stopping work flow?

Nope, this is an idea that will just end in heartburn and law suits I suspect….

Bad Ideas, Like Cockroaches, Proliferate Quickly

Oh well, I am sure there are plenty of vendors out there printing up color glossies for the rubes to  buy. Others are making appliances with blinky lights and maybe even sound effects


Oh there will be douchery, and lots of it I suspect. Say, how long does snake oil take to ferment anyway?



Written by Krypt3ia

2012/06/19 at 20:32

3 Responses

Subscribe to comments with RSS.

  1. Pshaw, we be attackin’ dem ne’er-do-good’ers and we be havin’ loads of fun, guv!

    The telling quote by Kevin Mandia (which was also rather quickly removed from the original article, but not before I got my Instapaper copy of it):
    “This is the new cybersecurity game: Hunting the cyber adversary, tracking him down wherever he goes on a computer network, and confronting him over and over.

    Alperovitch and his Mandiant competitors are veterans in the cybersecurity field. They know each other, and their rivalry is friendly.

    “[Alperovitch] learned it’s a lot more fun to fight the adversary than to guard against him,” Mandia says.”

    Edited article is still here:

    So now you know, it’s just more fun to play war games on someone else’s network than it is to secure it outright. Not much different to the rest of the infosec industry, are they?

    Saso Virag

    2012/06/20 at 05:50

  2. Nope.. sad…


    2012/06/20 at 18:47

  3. I agree that having an offensive strategy will be folly in so many ways. As the W.O.P.R. found out in Wargames, the only way to win is not to play. The best solution for anyone seeking shelter from this anarchy is a little privacy tool called Jumpto. Use Jumpto to erect your own private cloud and to the masses who would track you or attack you, you become faceless and unreachable. The best strategy to foil the would be attacker is anonymity.

    Fred Luchetti

    2012/07/11 at 16:59

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: