Posted on 20th Jun 2012 @ 12:28 PM
As hacking continues, many more people are finding themselves targeted by dangerous hackers. Individuals, businesses, and government offices have all been attacked by individuals or groups of hackers over the last few years. There are always certain methods that can be taken to protect yourself and your assets. But now, businesses are finally becoming so fed up with the entire hacking situation that they are now investing in countermeasures to prevent hacking, some of them more controversial than others.
So far, it is only American companies that have started to fully retaliate against the hacking situation. However, it is only a matter of time before other companies all over the world who have been targeted begin to fight back. What exactly are the countermeasures that are being taken, and how effective can they really be?
In the cyber security industry, these countermeasures are known as "active defense" or "strike-back" technology, and they range from very modest initiatives meant to deter or distract hackers to more controversial and potentially dangerous acts. Some security experts in the field have even said that they know of a few cases where companies have actually broken the law themselves while trying to protect themselves from hackers. An example of this would be that some companies hire their own hackers to hack the systems of the people who have hacked them.
This is very different than the most common reaction to a hack attack by companies, which would be to try to repair any damage that has been done and increase security. It is only now that companies are starting to strike back rather than just put up their shields.
But as prevention is increasingly difficult in an era when malicious software is widely available on the Internet for anyone wanting to cause mischief, security experts say companies are growing more aggressive in going after cyber criminals.
"Not only do we put out the fire, but we also look for the arsonist," said Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new cyber security company CrowdStrike, which aims to provide clients with a menu of active responses.
Once a company detects a network breach, rather than expel the intruder immediately, it can waste the hacker's time and resources by appearing to grant access to tempting material that proves impossible to extract. Companies can also allow intruders to make off with bogus files or "beacons" that reveal information about the thieves' own machines, experts say.
Henry and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent's computers, but they say the private sector does need to fight back more boldly against cyber espionage.
It is commonplace for law firms to have their emails read during negotiations for ventures in China, Alperovich told the Reuters Global Media and Technology Summit. That has given the other side tremendous leverage because they know the Western client company's strategy, including the most they would be willing to pay for a certain stake.
But if a company knows its lawyers will be hacked, it can plant false information and get the upper hand.
"Deception plays an enormous role," Alperovich said.