Cybersecurity: Offensive/Defense

So I was setting up my own server with the Foundstone Labs on it (Online Bank, etc).

Anyway, with groups such as Wiki Leaks in existence is just defending against cyberterrorists enough.

No mater what computer security, companies, banks and the goverment has, it was designed and built by humans. Which means that it can be invaded and taken down by humans.

Should we be standing by and reinforcing our walls, and just taking the crap thats thrown at us (DDOS a good example). Or should we not be more proactively taking these groups down as they do pose a real threat.

Obvioulsy I know I have mention Anonymous a few times, but where as I admire the skills of some of its members, I do not agree with the damage they cause and their intent.

For example, lets take Wikileaks. The moment you have a secure network, you become a target as they must get your data posted, in the name of "freedom". Instead of hiring security Analysts and personnel, why not just go straight for the bee's nest and take it out.

Obviously there are other sites with similar intentions out there and surely a more proactive approach should be taken.

I think thats what the US was trying to do when they got Sweden to chase the founder for pedophilia, as it came after a string of chargers.

As for what they are legitimately- Exposing under hand and dirty tactics by companies and governments IMHO is fair game, but secrets that put people in danger, either personal details from a bank, or soldiers in the field that are at risk because of leaking a secret, when you cross the line I think you should be shut down, and as its the internet dont bother about court orders, just go in and f*** their website, repeatedly.

So the internet is a place where governments and law enforcement officers should be allowed to violate peoples rights?

Different people will look at these sites and these people with different views I guess. To some people, they will be a bunch of Liberaters and social justice warriors, to others they will be cyberterrorists.

I suppose there is no right or wrong view, as its different from person to person.

But I just think that as far as cybersecurity goes, it should be more offensive.

Im talking about things like taking down paypal, the attacks on Amazon.
I specifically mentioned DDOS attacks. Or do you have no problems with things like that~??

Do people have a right to control massive Botnets?

If I wanted to launch a DDOS against TFS (Hypothetically) should I be allowed to do so as not to violate my rights.

Also are you saying that people have the right to attack goverment and military sites and put Secret documentation online?

So using your argument wiki leaks should be allowed to violate my security and publish personal information that would allow someone to pretend to be me or get information that would put my personal security or my finances at risk? I also never the government alone, If the do something like that to me I would feel well within my rights to shut them down.

Sorry if that offends your sensibility, Actually I'm not!

Also what if I write a document in Microsoft Word and store it on my computer. Or you do.

Does that mean that everyone should have the "right" to attack my computer, gain access at administrator level, bypass my encryption and publicsh this document online for the world to see.

Or should I not have the "right" to store personal documents on my computer.

If what I write is a threat to the goverment, then they have every right to gather evidence on me, goto a court magistrate for a search warrent and kick my door down and sieze my computer.

Last time I checked these processes were still in place.

Lets use you for an example. Your college course, should other students be allowed to hack your PC and copy your work? If you find someone doing this, should you not be able to defend yourself a bit more aggresively than just update your firewall policies.

Feel free to quote my exact argument.

This will be difficult for you as I didn't present an argument.

I asked a question... essentially giving you the chance to clarify your position, which seemed to be suggesting that it is OK to violate peoples rights.

I read your post and understand part of what you are saying.

The "proactive" part is a little light on details.



Where did you get that from my question?

You seem to be suggesting that it is OK to violated laws when investigating internet crimes.

Is that what you are saying?

What right would be posting information that doesn't belong to you?

I dont think my position needs clarifying, I think it seems rather strait forward and easy to understand that if you post information to the detriment of someones security, safety or financial stability, then they have the right to hack your site, ditto info that directly threatens a country or company's security or staff/customers.




So in answer, yes I do, providing that they are acting as I have described.

YOU said: "...don't bother about court orders..."

So, I guess you are right, your position doesn't need clarifying,

You are apparently OK with Governments and Law Enforcement just going after people without following legal procedures that protect innocent people's rights.

Interesting.

Well there would probably need to be a change of laws.
But sites like Wikileaks and others do have the potential to become security threats.

Instead of standing by and letting them do what they do, maybe some form of counter attack.

After all what are they going to do "Hi Mr Cyberjustice Department, last night I was hacking a site illegally to obtain clssified information , and I got attacked in response by a proactive security system".

Its not going to happen.

Obviously with these sorts of countermeasures, again, more legislation put into place. But if someone is attacking you via cyberattack, should you not be allowed to defend yourself.

Lets take the following Application for example.



Say me and my mates all agree to run this on IP address 69.16.219.70 as a random example.

All the packets used to attack this site will come from specific IP's (Im keeping it simple). SHould the administrators be able to counterattack this or not, or should they just sit by and let the site potentially be taken offline?

Obviously I know this gets very complicated though as different countries have different cyber laws. So I could potentilly get a virtual server in some third world s*** hole, which has laxer laws and launch attacks from there. As far as a trace would go, the attacks would be coming from a country where there is no jurasdiction, so investigations will cease.

But with sites like wiki leaks, they are actively supporting hackers and publishing illegally obtained information. So I dont think,. personally that they should have a leg to stand on if they are attacked.

How would you feel if I hacked your facebook profile and published your information, in the name of freedom of information?

Or if I gained access to your home computer, and published those documents. DO you not think you should be able to defend.

Or if I found an online store you used an fired SQL into it, to obtain your records? And then published it on a site like Wikileaks?

I view wikileaks as the site that brin gs these people together. ALone they have no purpose, but with wikileaks they work together. Kill the Queen Bee, the rest die off. The world is a safer place.

Sort of like what our (USA) CIA did with secret prisons in various places in the world... to get around laws.

IF a website that is attacked fits that bill, then the evidence of them NOT being innocent would be there for all to see, and they would not be innocent
as the holder of one of the accounts I would feel within my rights to have the information removed from the web, if its by overloading the servers with requests then fine, its fairly easy to do.
as the government involved feel that the safety is rightly threatened they would be within their rights to have the information removed from the web, its the government so would be fairly easy for them to do permanently.

Then this would be legitimate use for the website and should not see any repercussions..