Yet, numerous tools today offer retaliatory measures that can obfuscate and befuddle attackers, track them back to their origination and even break into their servers depending on how these tools are configured by their users.
Some experts call this process “intrusion deception,” while others refer to it as creating a hostile environment for the enemy. “The point is to confuse the enemy and provide them with false information and create operations that waste their resources,” says Shawn Henry (left), former executive assistant director of the FBI and now president of CrowdStrike, a computer security start-up that provides this type of service for its clients.
But, before using any of these tools or tactics, the U.S. Army's Clark suggests consulting a lawyer knowledgeable in computer crime, trespass and espionage laws. He also points to the need to improve laws that inhibit the private sector from following forensic and track-back processes.
However, even if there were better laws on the side of the private sector, a key concern of taking action against attackers is escalation into all-out cyber war, says Righard Zwienenberg, senior research fellow at security company ESET. He was the lead analyst on ESET's discovery in May of the Medre.A worm targeting industrial systems in South America.
“We saw this huge spike in intellectual property leaking from Peru to a recipient account in China,” he says. “Tens of thousands of blueprints and AutoCAD [architectural] drawings were leaking to this recipient with a China-based email address. This was clearly an industrial espionage attack, but had the possibility to be state sponsored if there was a target in there, which would make the remaining infections collateral damage.”
At last report, ESET received “some confirmation” from the Chinese National Computer Virus Emergency Response Center that the email addresses used for relay would be shut down. There were 63 email accounts the data could have used to relay and there was only one final recipient address.