Inside Cyber Warfare - Jeffrey Carr [116]
Option 4
TeraBank contacts a “hacker for hire” and pays him to launch a distributed denial of service (DDoS) attack against the phishing website, making it inaccessible. Launching DDoS attacks typically are illegal in many countries. While TeraBank is financing an illegal act, this DDoS attack may impact the businesses of innocent parties, especially if their businesses are hosted on the same website as the phishing website.
Scenario 2
Security researcher Fred Blinks discovers a website, http://www.secshare.com, that has been hacked and is hosting drive-by-download malicious software or malware, which means that any visitors to the website could potentially have their computers infected with malware.
Option 1
Fred Blinks contacts the administrators of http://www.secshare.com, advising them about the malware being served on their website and the fact their website has been hacked.
Option 2
Fred Blinks investigates the malware served on http://www.secshare.com further and discovers that it connects to http://mybotnethome.cn. Fred also notices that mybotnethome.cn provides statistics to the bot herder, such as from which website users were infected. Knowing this, Fred purposely infects a machine of his and inserts a piece of programming code into the section that the malware uses to tell the bot herder from which website the user was infected (in technical speak, this is known as the HTTP referrer).
This piece of programming code will cause the bot herder’s Internet browser to connect to Fred’s machine when the bot herder views the statistics of its bots, therefore providing Fred with the IP address of the bot herder.
Scenario 3
Law enforcement official John Smith discovers that an online hacking and credit card bulletin board, http://www.ccmarket.ws, has been compromised and that the hacker has advertised her alias and front web page of the hacked bulletin board.
Option
Knowing that obtaining a copy of the ccmarket bulletin board database would provide an enormous amount of information, John Smith, using the alias “da_man,” contacts the perpetrators of the www.ccmarket.ws compromise, asking if they would be willing to sell him a copy of the ccmarket database. This database would include information such as private messages, email addresses, and IP addresses. Here, John is financing a person who committed an illegal act.
Scenario 4
Law enforcement official Michael McDonald has been investigating an online group that is involved with sharing child abuse material. Michael believes he has identified the alias of the person who is leading the group, but he is unsure where this person is geographically located. Michael knows that this person uses anonymous proxies to mask his IP address when on the Internet and is reasonably technical. Michael also knows that this person appears to be sexually abusing children and uploading images of his crimes onto the Internet.
Option
Michael, in consultation with his technical people, decides that the only way to identify the leader of this online child exploitation group is to compromise his computer.
Michael’s technical people are able to successfully compromise the leader’s computer, providing them with information that can positively identify the leader and the leader’s whereabouts. Michael, who is based in the United States, now knows that the leader is based in Belarus and knows that his technical people may have broken the laws there.
In Summary
Policymakers would be well-advised to consider these scenarios as realistic depictions of events that could and do occur in many nation-states. The only question is which option