Security vendor exposes vulnerabilities in DDoS rootkit
Info designed to help enterprises mitigate attacks, Prolexic says
Computerworld - In what it says is an attempt to turn the tables on malicious hackers, security vendor Prolexic on Tuesday released details of vulnerabilities it has discovered in a toolkit family used by hackers to launch distributed denial of service attacks against corporate networks.
The disclosure is designed to give IT security staff information they can use to mitigate attacks launched using the DDoS toolkit, according to Prolexic.
The company's vulnerability report specifically details flaws in the command & control component of the Dirt Jumper DDoS toolkit that has been associated with DDoS attacks recently. The flaws allow "counter-attackers to obtain access to the Command and Control (C&C) database backend, and potentially server-side files," the company noted in a statement.
Such counterattacks can result in a total compromise of the toolkit's attack capabilities, Prolexic said.
"With this information, it is possible to access the C&C server and stop the attack," Prolexic CEO Scott Hammack said in statement. "Part of our mission is to clean up the Internet. It is our duty to share this vulnerability with the security community at large."
While such vulnerability disclosures involving malware products are likely to be welcomed by many in the security community, the legality of enterprises using the information to actually launch a counter attack against hackers remains an open question.
In 2004, when a security researcher at Sandia National Laboratories used reverse engineering techniques to trace attacks against the lab to a Chinese hacking group called Titan Rain, he was suspended and eventually fired. The researcher later sued the laboratory for unfair termination and was awarded $4.3 million in damages by a New Mexico jury. The case was later settled for an undisclosed sum.
Attitudes appear to have changed quite a bit since then though.
Earlier this week, for example, the Washington Post reported that the Pentagon is said to be considering allowing its Cyber Command specialists to take whatever defensive actions may be necessary to protect U.S. cyber assets even if it means combating attackers on private networks and in foreign countries.
The plan apparently is to introduce new rules that would permit U.S. military cyber specialists to take action outside U.S. military networks under some pretty narrow circumstances involving threats that could result in "deaths, severe injury or damage to national security", the Post reported.
The proposed rules, if adopted, would represent a marked change from present policies that allow the military to take defensive actions only on its own networks.
With traditional network defenses and security products increasingly unable to stop targeted cyber threats, even many enterprise security executives have begun looking at more military-style approaches for protecting their networks.
In a recent survey of 100 security executives from companies having revenues of $100 million or more, a majority 80% advocated the use of intelligence gathering and situational awareness building as key to defending their networks.
More the half (54%) of the IT security executives surveyed believed their companies would be well served if they were legally allowed to strike back either defensively or pre-emptively at those seeking to attack their network infrastructures, according to the survey which was commissioned by security vendor CounterTack.
Another 27% said they wouldn't mind launching an offensive against an attacker if such a move would help law enforcement.
A growing number of organizations have begun breaking back into servers and networks belonging to their attackers to see what data might have been stolen from them, or to disrupt the attackers command and control capabilities, said Richard Stiennon, a principal at IT-Harvest who contributed to the report.
"All of a sudden it has become a bit of the Wild West out there," said Stiennon.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Cybercrime and Hacking White Papers | Webcasts