Hacking Back Is A Bad Idea

•Download as PPTX, PDF•

0 likes•1,495 views

The document discusses hacking back and argues that it is a bad idea for several reasons. Hacking back refers to using offensive hacking techniques to retaliate against or profile attackers. However, hacking back could have legal repercussions and attribution of attacks is difficult. Additionally, most organizations are not skilled enough to hack back without risk and there are better uses of time than retaliation. Hacking back also risks escalating conflicts. The document concludes by asking for questions.

Technology News & Politics

Hacking Back
Is A Bad Idea
Steven Maske
SOURCE Boston 2013

Who Am I

Steven Maske

 Email: steven@stevenmaske.com
 Twitter: @ITSecurity
 Blog: securityramblings.com

Please Complete The Survey :-)

DISCLAIMER
The opinions expressed here are my own
and do not necessarily represent those of
my employer or any group I am affiliated
with. This talk is intended to provoke
thought on the subject and is not intended
as advice. Every business is different and
sufficient due diligence should be exercised
when determining the appropriate
response to an attack.

Definition
hack∙ing back [hak-ing bak]
verb

1. The act of using offensive techniques to
retaliate for a real or perceived attack.
2. The use of offensive techniques in an
attempt to gain access to the attackers
system for the purpose of alleviating the
attack or profiling the attacker.

Definition

Hacking Back ≠ Active Defense

Contact

Steven Maske

 Email: steven@stevenmaske.com
 Twitter: @ITSecurity
 Blog: securityramblings.com

Please Complete The Survey

Similar to Hacking Back Is A Bad Idea

A whaling attack is a malicious attack on a company or organisation for ﬁnancial gain or to steal sensitive information. A whaling attack diﬀers from traditional hacking and phishing attempts in that the attacker will use information they have gathered from the internet to impersonate a working colleague and target high level employees. This guide has been produce by Astec Computing to help you understand and avoid the dangers of a whaling attack. http://www.astec.website/whale-phishing

Data Security: A Guide To Whale Phishing

Phil Astell

Social Engineering Attacks & Principles

LearningwithRayYT

Security Assurance

Roger Johnston

Assertiveness: How to Stand-up for What You Deserve

Dan Beverly

Cyber Security: Why your business needs protection & prevention measures

CBIZ, Inc.

Empowering Employees to Deter Workplace Violence - White Paper

Warrior Concepts International, Inc.

CISO Interview Question.pdf

infosec train

cybersecurity-series-2019-threat-hunting.pdf

CecilSu

How "Backwards-Thinking" is getting in the way of effective Workplace Violence Prevention Training that actually saves lives, mitigates injuries, and protects a company's reputation! Learn the Single, greatest factor that threatens most companies and why your workplace violence plan may be missing elements that will render It useless when you and your people need it the most! This white paper uncovers a common thinking methodology that, in the case of workplace violence and employee safety issues, can put your company at even greater risk. And offers a way to institute critical OSHA-suggested training and practices that can insure that your workplace violence plan will protect you in the face of actual... violence!

Backwards Thinking and Workplace Violence Prevention Training - White Paper

Warrior Concepts International, Inc.

Every enterprise is exposed to losing up to $400 million over two years from attacks against cryptographic keys and digital certificates—yet few enterprises are managing these critical resources, which are the foundation of trust. The “Cost of Failed Trust” on demand webinar reveals new threats and challenges, and quantifies the costs of key and certificate management security failures. View the on-demand webinar at http://www.venafi.com/cost-of-failed-trust-webinar/?cid=70150000000noHV

Ponemon - Cost of Failed Trust: Threats and Attacks

Venafi

How are insurance companies faring when it comes to protecting their assets and their customers from fraud, malware, cyber attacks and a host of other security breaches? The question is important. Insurance companies hold a vast amount of data including personally identifiable information, personal health information, credit card and bank account data, and trade secrets (their own and sometimes their clients’). Insurers have a very distributed model for servicing, increasing the risk across the value chain. Aging legacy systems complicate matters even more.

Insuring your future: Cybersecurity and the insurance industry

Accenture Insurance

How to Create a Security-Aware Culture in Your Company

David McHale

Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...

Dana Gardner

Wisegate_GeekSpeak_LG

Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP

CFO Forum: 5 questions for your CISO

Sankarson Banerjee

Threat Hunters

infosec train

SOCW 6520 WK 3 peer responses Respond to the blog post of three colleagues ( They have to be responded to separately) in one or more of the following ways: Make a suggestion to your colleague's post. Expand on your colleague's posting. Intext citation and full references for each peer response after the response of each Pe er 1: Amber Hopf A description of your personal safety plan for your field education experience Approximately 85 percent of social workers experience aggression during their career and 30 percent experience assault (National Association of Social Workers Massachusetts Chapter, n.d.). Often times these individuals engage on the negative thoughts or beliefs regarding their social worker (Regehr & Glancy, 2010). For example, some clients may stalk social workers due to the relationship they developed inside their mind. While most cases the client does not wish to cause harm, it is still important for social workers to develop a safety plan. In this case the first step would be to set boundaries with clients to reduce these negative tendencies. This may consist of making sure clients do not have any personal information. However, setting boundaries may not always be a barrier to these behaviors. Therefore, social workers should also be aware of their surroundings. This would consist of being aware when leaving work to make sure no one is following. In addition, to prevent this from happening social workers should never walk alone after dark when leaving work. This is important as many mental health professionals are at a higher risk for stalking (Regehr & Glancy, 2010). Thus, social workers should have a set safety plan when working in the field. In my field agency, my plan is to set boundaries with clients to keep the relationship professional. Another plan is to make sure that I do not leave the agency alone or without telling someone that I am leaving. I will also be keeping an eye on my surrounding area rather than looking down at my phone. On the other hand, creating and sticking to a safety plan helps professionals with decreasing the risk of burnout (National Association of Social Workers Massachusetts Chapter, n.d.). In fact, the risk of burnout can negatively impact a clinician’s mental health. In order to reduce my risk of burnout my personal safety plan is to make sure that I am not bringing my work home with me. In doing so, I am working on self-care so that I may return the following day in a better mindset to better provide services to clients. There are many ways that not taking care of oneself can negative influence a client seeking services. Thus, it is important that social workers engage in developing a safety plan to ensure not only themselves but their clients are safe and being taken care of. An explanation of how your personal safety plan might differ from your agency safety plan during your field education experience After looking over my agencies safety plan there are not many difference.

SOCW 6520 WK 3 peer responses Respond to the blog post of th.docx

rronald3

Banning Whining, Avoiding Cyber Wolves, and Creating Warrior

Sandra (Sandy) Dunn

Is there a place for ethics in the security business? I have talked to several professionals about this and have got lukewarm answers. So is it a firm YES, or a MAYBE? I then looked at parallels in other industries and found trends that we could observe and study for future reference. I spoke to Yoganand Rao, a senior professional in advertising and an old friend of mine - I asked him about “ethics” in his industry. He was keen to state at the very beginning that his responses were not to be taken as an attempt to paint the whole industry in an unflattering way. And here’s what Yoganand had to say, on ethics in advertising.

Just wondering about professionalism in the Security Industry

PODUVATHRAVINDRANATH

Social engineering

Vîñàý Pãtêl

Similar to Hacking Back Is A Bad Idea (20)

Data Security: A Guide To Whale Phishing

Social Engineering Attacks & Principles

Security Assurance

Assertiveness: How to Stand-up for What You Deserve

Cyber Security: Why your business needs protection & prevention measures

Empowering Employees to Deter Workplace Violence - White Paper

CISO Interview Question.pdf

cybersecurity-series-2019-threat-hunting.pdf

Backwards Thinking and Workplace Violence Prevention Training - White Paper

Ponemon - Cost of Failed Trust: Threats and Attacks

Insuring your future: Cybersecurity and the insurance industry

How to Create a Security-Aware Culture in Your Company

Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...

Wisegate_GeekSpeak_LG

CFO Forum: 5 questions for your CISO

Threat Hunters

SOCW 6520 WK 3 peer responses Respond to the blog post of th.docx

Banning Whining, Avoiding Cyber Wolves, and Creating Warrior

Just wondering about professionalism in the Security Industry

Social engineering

Recently uploaded

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

DBX First Quarter 2024 Investor Presentation

Dropbox

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Recently uploaded (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

presentation ICT roal in 21st century education

Platformless Horizons for Digital Adaptability

Understanding the FAA Part 107 License ..

[BuildWithAI] Introduction to Gemini.pdf

MS Copilot expands with MS Graph connectors

DBX First Quarter 2024 Investor Presentation

MINDCTI Revenue Release Quarter One 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

CNIC Information System with Pakdata Cf In Pakistan

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Why Teams call analytics are critical to your entire business

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Hacking Back Is A Bad Idea

1. Hacking Back Is A Bad Idea Steven Maske SOURCE Boston 2013

2. Who Am I Steven Maske  Email: steven@stevenmaske.com  Twitter: @ITSecurity  Blog: securityramblings.com Please Complete The Survey :-)

3. DISCLAIMER The opinions expressed here are my own and do not necessarily represent those of my employer or any group I am affiliated with. This talk is intended to provoke thought on the subject and is not intended as advice. Every business is different and sufficient due diligence should be exercised when determining the appropriate response to an attack.

4. What is Hacking Back?

5. Definition hack∙ing back [hak-ing bak] verb 1. The act of using offensive techniques to retaliate for a real or perceived attack. 2. The use of offensive techniques in an attempt to gain access to the attackers system for the purpose of alleviating the attack or profiling the attacker.

6. Definition Hacking Back ≠ Active Defense

7. Legal Repercussions

8. Attribution

9. You’re Not That Good

10. You Have Better Things To Do

11. Escalation

12. Conclusion

13. Questions?

14. Contact Steven Maske  Email: steven@stevenmaske.com  Twitter: @ITSecurity  Blog: securityramblings.com Please Complete The Survey