LAS VEGAS--Can vigilantism save computers from the next big virus
threat?
Striking back against a computer that is attacking you may be illegal
under U.S. law, but a security researcher says people should be allowed
to neutralize one that is unwittingly spreading destructive Internet
worms such as Nimda.
"Arguably the biggest threat the Internet faces today is the
propagation of a big worm," said Timothy Mullen, chief information
officer of AnchorIS, at the Defcon hacker conference here.
Worms are a form of self-propagating virus that, once set in motion, can
wreak havoc by taking control of other machines. Once the virus has
claimed a PC, it can then use the machine to launch attacks on the wider
Internet.
"The next worm is going to happen, and it's going to be worse,"
Mullen said.
The defensive strategy of "strike back" is gaining some support
among politicians, who will be voting on a bill backed by movie and music
studios that would allow retaliation to help thwart Internet piracy.
The bill, proposed by Congressman
Howard Berman, D-Calif., would protect copyright holders from liability
if they place destructive decoy digital files into peer-to-peer networks
to penalize users.
Mullen said his hack-back idea is different because it is designed to
improve the security of cyberspace and would not harm any computer
systems.
The Code Red and Nimda worms that hit last year shut down corporate
computer systems and gobbled up bandwidth. Nimda was the most widespread
and one of the most destructive worms of 2001.
To counter this, Mullen has come up with a way for machines that have
been attacked--but not infected--to trace the worm back to the attacking
machine and prevent it from spreading the worm to other computers.
Using his technique, the computer that launches an attack is paralyzed
and requires an administrator to restart it, but it stays online and is
not otherwise harmed, said Mullen, who is a columnist for
SecurityFocus.com.
"What we're doing, (according) to the letter of the law, is
illegal," he said. "I would like to see the law changed...We've
illustrated not just a reasonable recourse, but a minimal
responsibility."
Contacting the administrators of infected and attacking computers is not
adequate, Mullen said. "This after-the-fact stuff clearly doesn't
work. I'm still getting Nimda attacks," often from the same person,
he said.
However, several U.S. officials questioned the ethics of the idea.
"You have trespassed on their system," said Mark Eckenwiler,
senior counsel at the U.S. Justice Department's computer crime division.
"There are more legally acceptable ways to deal with the problem
than what is essentially hacking into their system."
There also is also the possibility of hacking back at the wrong computer,
said C.H. "Chuck" Chassot of the Department of Defense's
Command, Control, Communications & Intelligence office.
"It is the DoD's policy not to take active measures against anybody
because of the lack of certainty of getting the right person,"
Chassot said.
Jennifer Stisa Grannick, litigation director at the Center for Internet
and Society at Stanford Law School, said she felt Mullen's idea may be
protected under a self-defense provision.
"This is a type of defense of property," she said. "There
is a lot of sympathy for that (kind of action) from law enforcement and
vendors because we do have such a big problem with viruses."
http://news.com.com/2100-1001-948309.html?tag=fd_top