The concept is not necessarily new. In 2009, two researchers argued that some groups be allowed to act on behalf of victims to shut down botnets. Microsoft has, to some extent, done just that with its MARS (Microsoft Active Response for Security) program, which has taken legal measures against four botnets in the past two years. At the RSA Security Conference in February, Greg Hoglund, the founder of HBGary, recommended that companies develop the capability to gather intelligence on threats and to take a more active approach to detecting attackers in their network.
Amit stressed that companies should consult with their lawyers to make sure that they are abiding by all laws. However, companies need lawyers who will seek creative legal solutions to the problems, Amit said. "Get a real lawyer, not one who will tell you, 'No, you can't do that,"" he said. "Get a lawyer who will tell you, 'You can't do it like this, but if we put a server over there, then, yeah, you can do that.'"
Amit, who operates out of Israel, has infiltrated communities of adversaries targeting his clients to gather intelligence. In one case, he replaced their remote access trojan with another one that would allow him to remotely access any computer with the software on it. In another case, his client replaced a program that creates fully undetectable malware with a version that would send defenders the signature of any code created with the program.
In the end, defenders have to be careful not to cause collateral damage, but they should not shy away from an offensive approach, he said.
"It is attack and defense; it is conflict," Amit said. "You can't be too naive."
This story, "The new cyber defense: Hack the attackers," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
Correction: In this article as originally posted, Greg Hoglund's statements at the RSA Security Conference could be misconstrued. He only recommended that companies develop more active intelligence and monitoring operations. The story has been amended.