Article from Network World: http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html?hpg1=bn
This may come off as somewhat of a rant but.. Disclosure given in advance.
In this Handlers opinion there is no such thing as benevolent crime. Network world is running a piece that states Is retaliation the answer to cyber attacks? Pretty sure that I can speak for the handler team that if that was the answer we would be doing it. It might be a little bold to state that but I guarantee you that most of us have at least thought it occasionally.
Now after reading this article in depth it does make some significant arguments for and against but law is the law. We have common international law, regional law and local law. It seems that government and local law enforcement should be the responsible parties for retaliation or investigation. If we are at a point of taking the law into our own hands then perhaps it is evident that pressure should be placed on local and regional government to take Cybercrimeserious.
The article reminds me of a time in US History usually referred to as The Old West when law was sometimes conducted in what we here in the US of A call Frontier Justice. There is probably reference to this in most cultural history and it seems that the Internet may still be in this phase of growth.
The Internet Storm Center is dedicated to understanding and defending against the threat and before heeding the advice of Retaliate remember that you may be breaking the law in your local region. In several SANS classes they teach Get Written Permission from the owner of the network. We teach this for a reason.
So, to conclude, a quote from one of my favorite movies You want that gun, pick it up. I wish you would. -- Rio Bravo, said by the late John Wayne as the character Chance. The concept that needs to be brought across is that things escalate, and you should weigh your decisions carefully as well as legal responsibilities.
Question to the Diary readers? What are your thoughts on the subject?
--- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.