Been hacked? Now to decide if you chase the WHO or the HOW

Marketers want the bad guys named. Security pros aren't sure they're right

Think before you trash reputations

Not everyone can afford to hire big forensics firms like Mandiant. Nor can everyone spare the time to fully flesh out the identities of more operational security -savvy attackers; fortunately the web is littered with learner hackers whose handiwork is sufficiently poor that a little bit of peeking under the covers will reveal real identities.

But for the budding attribution-chaser, Naughton offers warning: Think before you expose. "Be extremely careful before deciding to go public with any identification claims because it can have huge implications for the people named, tarnishing them permanently."

There are some other edge case benefits from actor attribution that experts say are being regularly used to ward off attackers. These typically involve establishing communication channels with thieves to exploit their tendency to brag about what they stole and even how they stole it.

Those communications channels could also be used to frighten off probing hackers before they breach. One system administrator for a British retail chain speaking on the condition of anonymity faced such an adversary. The overworked operator had plucked the name of his would-be assailant from lazy domain registrations and social media accounts, and sent the script kiddie a strongly-worded letter urging him to "disappear before that option is removed for him".

Naughton's more direct approach works too: "Find out who's attacking you and call their mum." ®


Biting the hand that feeds IT © 1998–2017