Tech Industry

Vigilante hacking touted as virus cure

A security researcher says striking back against a computer that is spreading a worm is the best way to thwart a destructive attack.

LAS VEGAS--Can vigilantism save computers from the next big virus threat?

Striking back against a computer that is attacking you may be illegal under U.S. law, but a security researcher says people should be allowed to neutralize one that is unwittingly spreading destructive Internet worms such as Nimda.

"Arguably the biggest threat the Internet faces today is the propagation of a big worm," said Timothy Mullen, chief information officer of AnchorIS, at the Defcon hacker conference here.

Worms are a form of self-propagating virus that, once set in motion, can wreak havoc by taking control of other machines. Once the virus has claimed a PC, it can then use the machine to launch attacks on the wider Internet.

"The next worm is going to happen, and it's going to be worse," Mullen said.

The defensive strategy of "strike back" is gaining some support among politicians, who will be voting on a bill backed by movie and music studios that would allow retaliation to help thwart Internet piracy.

The bill, proposed by Congressman Howard Berman, D-Calif., would protect copyright holders from liability if they place destructive decoy digital files into peer-to-peer networks to penalize users.

Mullen said his hack-back idea is different because it is designed to improve the security of cyberspace and would not harm any computer systems.

The Code Red and Nimda worms that hit last year shut down corporate computer systems and gobbled up bandwidth. Nimda was the most widespread and one of the most destructive worms of 2001.

To counter this, Mullen has come up with a way for machines that have been attacked--but not infected--to trace the worm back to the attacking machine and prevent it from spreading the worm to other computers.

Using his technique, the computer that launches an attack is paralyzed and requires an administrator to restart it, but it stays online and is not otherwise harmed, said Mullen, who is a columnist for

"What we're doing, (according) to the letter of the law, is illegal," he said. "I would like to see the law changed...We've illustrated not just a reasonable recourse, but a minimal responsibility."

Contacting the administrators of infected and attacking computers is not adequate, Mullen said. "This after-the-fact stuff clearly doesn't work. I'm still getting Nimda attacks," often from the same person, he said.

However, several U.S. officials questioned the ethics of the idea.

"You have trespassed on their system," said Mark Eckenwiler, senior counsel at the U.S. Justice Department's computer crime division. "There are more legally acceptable ways to deal with the problem than what is essentially hacking into their system."

There also is also the possibility of hacking back at the wrong computer, said C.H. "Chuck" Chassot of the Department of Defense's Command, Control, Communications & Intelligence office.

"It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person," Chassot said.

Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School, said she felt Mullen's idea may be protected under a self-defense provision.

"This is a type of defense of property," she said. "There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses."

Story Copyright  © 2002 Reuters Limited.  All rights reserved.