Why Payback isn’t such a Good Idea when Victim of Cyber attacks?

cyber attacks

Cyber attacks as payback is trendy nowadays.

Given the increasing phenomenon of using cyber attacks as revenge, it's right to question: What consequences does it have?

Using cyber attacks to payback when victims of them seem to have more supporters than detractors day after day.

Then, taking avenge through cyber attacks has become a dangerous fashion. But, why?

Easy: Because it permits that illegal actions go unpunished, anonymously.

In this fashion, we find this:

In 2005, security company TippingPoint begun rewarding researchers who informed about vulnerabilities.  From then on, more than 1,600 individuals have been compensated to inform about almost 5,000 zero days.

Wu Shi, a hacker in Shanghai, earned almost $ 300,000 for warning about more than 100 errors in Web browsers.

This system seemed to be ideal, except for one thing: Software manufacturers often do not pay much attention on warnings. (In Spanish: Benedicto, M.A. (2012): EEUU Ante el reto de los ciberataques. Gobernas - www.gobernas.com)

In other words, it seems like all efforts to stop cyber attacks have no effects. As result, their impunity reinforces while increasing their attractiveness.

In conclusion, paying with the same coin seems to be the best policy when speaking about cyber attacks.

But there’s something we don’t take into account when doing this: we imperceptibly trespass the limits of legality.  Also, we lost sight of the snowball effect that our actions may bring.

Let’s see why from the very beginning.

What is a cyber attack?

odhmjq0According to Wikipedia:

Cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems.

For Auditool (in Spanish):

(...) Cyber attacks are acts whereby individuals or groups of people result aggrieved (...) generally through and from computers, and the Internet.

(...) they can be addressed against devices and/or operative systems in global scale; or against the information and data stored in the data bases.

When addressed against devices and systems, cyber attacks seek for the denial or annulment of access service, introducing external elements that hinder regular operations.

Attacks against data include robbery with military or economical purposes.

In few words, any action taken against 1) computer-based systems; 2) services to block or hinder them up; or 3) third parties databases; are cyber attacks.

What is behind cyber attacks as payback?

On the one hand, we have the pattern of cyber attack as payback:

  1. Scorn is the premise;
  2. Cyberspace is the mean;
  3. Using the same principles as hackers is the way.

On the other hand, we can resume the motivations behind cyber attacks as payback as follows:

  1. Showing off strength, supremacy and power over the target, and sending a convincing message to the rest of the world;
  2. Gaining control over influential individuals or groups of people in economic, political or social spheres;
  3. Economic benefits may or may not be pursued.

All in all: With narcissistic, moralizing, lucrative or criminal features, cyber attacks as revenge is the new way to instill fear, controlling, humiliating and bending ‘enemies’ without showing faces.

Common cyber attacksrapid7 security advisory

  • Spyware

Gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge. [1]

  • Malware

Any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. [2]

  • Ransomware

Computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. [3]

  • Adware

Intrusive advertising.

The term adware is frequently used to describe a form of malware (malicious software) which presents unwanted advertisements to the user of a computer.

The advertisements produced by adware are sometimes in the form of a pop-up or sometimes in an "unclosable window" [4]

  • Worm

Standalone malware computer program that replicates itself in order to spread to other computers.

Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.

Unlike a computer virus, it does not need to attach itself to an existing program. [5]

  • Trojans

Any malicious computer program which is used to hack into a computer by misleading users of its true intent. [6]

  • Denial-of-service attack (DoS attack)

Makes a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. [7]

  • Phishing

Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. [8]

  • Backdoors

A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc.

They are not always an error in the sequence, but they can be exploited with fraudulent purposes. [9]

  • Botnets

Number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C); or by passing messages to one another (C&C might be built into the botnet as P2P).

Botnets have been used many times to send spam email or participate in distributed denial-of-service attacks. [10]

Cyber attacks: Legal aspects and other implications

businessman with handcuffsProvided that cyber attacks are still hot issue, legal frames on this subject are equally on development.  

So, legal actions regarding to cyber attacks still have a wide range of interpretations. However,  some advances have been ahead:

After the global attacks of years 2007, 2008, 2009, 2013, the United States of America recognizes that both, its governmental systems and private industries, are vulnerable targets to cyber attacks.

As consequence of this open declaration, the US presents a ferocious answer: It will respond to attacks in such manner as it considers appropriate, even if it means to resort to a warlike attack. (...)

The US sets out to respond to cyber attacks using the following means:

  • Diplomatic means
  • Computing environments
  • Military environments
  • Economic means

Beyond interpretations and taking into consideration the proportionality of the actions, cyber attacks as revenge may bring the next consequences:

  1. Responding to a cyber attack with another cyber attack puts you at the same level of your aggressor.

    In other words, you may be subjected to eventual legal actions, as consequence of having trespassed the law.

  2. You may always be mistaken.

    Instead of thinking about relieving your anger, have you ever thought about what would it happen if you retaliate against the wrong person? Would you like to gain more enemies? Is it worthy to take that chance?

  3. It’s an open invitation to more attacks.

    If you cross that line, hackers may put their eyes on you to look for more vulnerabilities in your systems. Does snowball effect rings a bell? And you won’t go out unscathed.

  4. Immunity is not in the package.

    Although satisfactory, avenging does not give you special powers: You can always be a potential victim of cyber attacks.

So... If cyber attacks as payback is trendy nowadays in a lawless environment, what can we do to stop them? What the future will bring in digital security?

Although the Bieber - Kristopik impasse (the revenge tweet) -just to name an almost innocuous cyber attack- gives a secret satisfaction, the truth is that the best defense against cyber attacks are protection and integrity. 

In this sense, we invite you to give a look to our options in digital security to give you integral protection to your networks, systems and devices.

 [1] ... [10]: Source: Wikipedia.

 

To see the credits of the images, Here

One thought on “Why Payback isn’t such a Good Idea when Victim of Cyber attacks?

  1. There’s absolutely no good reason to use cyber attacks as revenge on someone. Since violence breeds violence, if we tolerate the use of cyber attacks.. we might be stuck in a loop of sending cyber attacks on one another and the thing is that many innocent lives will be affected with a single person’s actions. Take for example a DDoS attack, some individuals use bots. Some individuals actually intrude on other’s computers and use them in order to send DDoS attacks to someone.

Leave a Reply

Your email address will not be published. Required fields are marked *