Articles/papers related to the Active Response Continuum

• A Framework for Understanding and Applying Ethical Principles in Network and Security Research, by Erin Kenneally, Michael Bailey, and Douglas Maughan, Proceedings of the Workshop on Ethics in Computer Security Research (WECSR) 2010, January, 2010
• Immformation Operations, Sinan Eren, ImmunitySec, SOURCE Boston 2008
• Study shows how spammers cash in, BBC News, November 10, 2008 [academic researchers control 75,869 hijacked machines to send out 496 million of their own spam messages, directing recipients to their own fake web site to see how many would attempt a purchase]
• Chertoff Describes `Manhattan Project` for Cyber-defenses, by Ryan Naraine, eWEEK.com, April 8, 2008
• Wanted: Cyberbandits, dead or alive: British Parliament members compare the Net to the Wild West and say the online industry and governments must protect people., Reuters (via CNet News.com), August 10, 2007
• Tonight on Dateline This Man Will Die, Esquire magazine, August 2, 2007 [An argument for carefully defining how the private sector and law enforcement work together.]
• Defense Net Attacks Should Be Countered With 'Disproportionate Response', "What's Brewin?" column, by Bob Brewin, Govexec.com, July 27, 2007 [Of course its not clear exactly how the "highly undesirable consequences" will be directed at the right "attacker's systems" and not 100,000 mom's and pop's PCs on broadband connections.]
• UK needs cyber-crime reporting body, by Gemma Simpson, Silicon.com, July 19, 2007
• CIOs Look Beyond Cops for Help Fighting Cybercrime, by Christopher Koch, CIO magazine, June 11, 2007
• Attacks on Google accounts and servers
  • Google to enlist NSA to help it ward off cyberattacks, by Ellen Nakashima, The Washington Post, February 4, 2010
  • Report Details Hacks Targeting Google, Others, by Kim Zetter, Wired.com, February 3, 2010
  • A New Approach to China, by David Drummond, SVP, Corporate Development and Chief Legal Officer, Google, January 12, 2010
  • Google to Stop Censoring Search Results in China After Hack Attack, by Kim Zetter, Wired.com, January 12, 2010
  • Companies Fight Endless War Against Computer Attacks, by Steve Lohr, New York Times, January 18, 2010
  • Google complaint highlights China-based hacking, by Joe McDonald, Associated Press, March 4, 2010
• Anti-Spyware laws
  • Sandia backhacker wins $4.3 million judgment against Sandia Labs, By Bob Brewin, FCW.com, February 13, 2007
  • Spyware act gutted: The would-be "Computer Spyware Protection Act" was deleted in a legislative committee at the end of this year's regular session. The Senate author of the bill said the companies originally behind writing it dropped their support., by Ben Fenwick, Oklahoma Gazette, June 07, 2006
  • "Spyware": Research, Testing, Legislation, and Suits, by Benjamin Edelman (See specifically his list of State and Federal Spyware Legislation)
• U.S. Air Force to create cyberspace command: Major command would be established to protect both civilian and military online networks, by Reuters, November 2, 2006
• Sharing data is crucial to cyberdefense, by Patience Wait, GCN.com, August 21, 2006
• Shared Threats require a Shared Response, by Robert Schmidt, The Gardian (InfraGard National Members Alliance newsletter)
• The Longest Con, On The Media, February 24, 2006 [Story about "scam baiters" who go after Nigerian 419 scammers, either to waste their time or actually track them down physically and/or shut down their computers]
• The topology of covert conflict, Shishir Nagaraja and Ross Anderson, July 2005
• Hack the hackers (muhahaha), by Gadi Evron, SecuriTeam Blog posting, December 18, 2005
• Hacking Back: Optimal Use Of Self-Defense In Cyberspace, by Jay Kesan, Safety & paper presented at the "Security in a Networked World: Balancing Cyber-Right & Responsibilities" conference, September 9, 2005
• From Russia with spam, by Martin Brampton, Silicon.com (Published on ZDNet News), August 15, 2005
• Police forced to turn away e-crime victims, by Bill Goodwin, Computerworld, April 12, 2005
• Vigilantes launch attack on scam sites, by Dan Ilett, ZDNet (UK), February 10, 2005
• Oz police given computer spy powers, December 14, 2004
• Cybercrime remains a hard nut to crack, news.com.au, December 7, 2004
• Police to sign up IT special constables in war on hackers, by Bill Goodwin, June 10, 2003
• Under attack, spammer begs for mercy, Spam Kings Blog, January 17, 2006
• Palin explains her actions in Ruedrich case, by Richard Mauer, Anchorage Daily News, September 19, 2004
• Lycos Europe "Make Love Not Spam"
  • p2pnet.net News:- Lycos Europe is now has a screen saver with a difference.
  • Hackers nobble Lycos anti-spam plan, by John Oates, The Register, December 1, 2004
  • Lycos Europe denies attack on zombie army, by Dan Ilett, ZDNet News (UK), December 1, 2004
  • Lycos Anti-Spam Site Compromised [Updated], Slashdot discussion, posted December 1, 2004
  • Antispam screensaver downs two sites in China, by Dan Ilett, ZDNet News (UK), December 2, 2004
  • Lycos Europe's antispam tool no longer available, by Graeme Wearden, ZDNet News (UK), December 3, 2004
  • Lycos Fights Spam With DDOS, posted by eejit, Kuro5hin.org, December 3, 2004
  • Antispam campaign bites the dust, by Dan Ilett and Graeme Wearden, ZDNet News (UK), December 6, 2004
  • Lycos, Spammers & Electronic Civil Disobedience, Internet Censorship Explorer
• Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks, Sydney Morning Herald, May 16, 2007
• German cops and spooks prep own spyware: Federal Trojan for 'online searches', by Matthias Becker, TheRegister.co.uk, February 27, 2007
• Singapore tackles 'cyber terror', BBC News UK, November 11, 2003
• Hacker evidence admissible in court? It could soon be in New Zealand, by Stephen Bell, Computerworld New Zealand, November 26, 2004
• New Weapons of Information Warfare, opinion by Paul Strassman, Computerworld, December 1, 2003
• Cloaking Device Made for Spammers, by Brian McWilliams, October 9, 2003
• Computer Offensive: While the new cyberspace security strategy focuses on defending crucial information networks, some U.S. officials are studying the possibility of launching cyberattacks against other countries, by Mickey McCarter, Military Information Technology, November 15, 2002
• Hacking the hacker: How a consultant shut down a malicious user on a client's FTP server, by John Verry, TechRepublic, August 19, 2003
• Email from oudot@rstack.org to honeypots to honeypots mailing, detailing an active defense against the Blaster worm using Niels Provos' honeyd, August 19, 2003
• Well-intended computer worm slows Asian networks, by Kim Peterson, Seattle Times, August 19, 2003
• Good version of worm circulates: More than 500,000 computers still infected by MSBlaster, by MSNBC staff and wire reports, August 18, 2003
• Romania Emerges As Nexus of Cybercrime, by William J. Kole, Associated Press Writer, October 19, 2003 (hack, hack back, and get hacked-back-hacked?)
• Hacking for Dollars, by Adam Piore, Newsweek International (via MSNBC), December 22, 2003
• Hackback or the High Road? The question goes beyond Nimda, by Markus DeShon, September 20, 2002
• The Right to Defend: Is it criminal to reach out and hack an infected machine that's attacking your network?, by Tim Mullen, SecurityFocus.com, July 29 2002
• Music/Video related stories
  • Who has the right to control your PC?, by John Borland, CNET News.com, November 21, 2005
  • Hitting P2P Users Where It Hurts, by James Maguire, Wired News, January 13, 2003 [Note: Using 10,000 servers in a peer-to-peer network could mean compromising them first and taking them over. You don't go around buying 10,000 PCs and sticking them on 10,000 DSL lines.]
  • Is the RIAA "hacking you back?", by Andrew Orlowski, The Register
  • Phony Advisory Attacks RIAA, by Dennis Fischer, eWEEK, January 14, 2003
  • RIAA calls hacking claim a hoax, by Robert Lemos, CNET News.com, January 14, 2003
  • US music industry suffers net attack, by Will Knight, NewScientist.com news service, July 31, 2002
  • Hollywood hacking bill hits House, by Declan McCullagh, CNET News.com, July 25, 2002
  • Software Bullet Sought to Kill Music Piracy, by Andrew Ross Sorkin, The New York Times, May 4, 2003
  • Senator OK with zapping pirates' PCs, By Declan McCullagh, CNET News.com, June 18, 2003
  • Hatch Takes Aim at Illegal Downloading, By Ted Bridis, Associated Press, June 17, 2003
  • Orrin Hatch: Software Pirate?, By Leander Kahney, Wired.com, June 19, 2003
• Public/Private Partnerships to Improve Cyber Response
  • APWG suggests e-crime reporting system, by Jeremy Kirk, IDG News Service, March 11, 2009
  • Police maintain uneasy relations with cybervigilantes: London-area police are working with certain cybervigilante groups as sources of information in the fight against online fraud., by Tom Espiner, special to CNET News.com, January 17, 2007
  • Public-Private Sector Intelligence Coordination, National Infrastructure Advisory Council, December, 2006
  • Private Intrusion Response, by Stevan D. Mitchell and Elizabeth A. Banker, 11 Harvard Journal of Law & Technology 699 (Spring 1998)
  • Adequacy of Criminal Law and Procedure (Cyber), A "Legal Foundations" Study -- Report 7 of 12
  • Toward Deterrence in the Cyber Dimension
  • Private-Public & Non-Governmental Organizations, Cyber Security Organization Catalog, Georgia Tech
• History of Public and Private Police Forces
  • The Interweaving Of Public And Private Police Undercover Work (In C. Shearing and P. Stenning, "Private Policing," Sage Publications, 1987)
  • A Brief Guide to Police History
  • Policing in London before the Bobbies
  • Transcript of "The American Experience: Jesse James" (documentary about Jesse James, including Alan Pinkerton's pursuit of the James Gang) [Timeline]
• Privateering ("Letters of Marque and Reprisal")
  • Piracy and Privateering
  • Letter of Marque carried by Captain Millin of the American privateer Prince of Neufchâtel during the War of 1812
• Approaches to Cyber Intrusion Response, A "Legal Foundations" Study -- Report 12 of 12 (.pdf)
• Adequacy of Criminal Law and Procedure (Cyber), A "Legal Foundations" Study -- Report 7 of 12 (.pdf)
• Toward Deterrence in the Cyber Dimension (.pdf)
• Private Intrusion Response, by Stevan D. Mitchell and Elizabeth A. Banker, 11 Harvard Journal of Law & Technology 699 (Spring 1998) (.pdf) [Here is a brief of the article]
• Tesimony of Mario Balakgie, Cheif Information Assurance Officer, DIA, before the Subcomittee on Government Management, Information, and Technology, July 26, 2000
• Appropriate Response: More Questions Than Answers, by Chris Loomis, SecurityFocus INFOCUS
• Computers under attack can hack back, expert says, Mercury News, Auguest 3, 2002
• Can you hack back?, by Deborah Radcliff, NetworkWorld Fusion, June 1, 2000
• Should You Strike Back?, by Deborah Radcliff, Computerworld, November 13, 2000
• Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism?, by Vikas Jayawal, William Yurcik, David Doss, Illinois State University
• Information Warfare Survivability:Is the Best Defense a Good Offense?, by William Yurcik, Illinois State University
• Internet Attacks: A Policy Framework for Rules of Engagement, by William Yurcik and David Doss, Illinois State University
• E-SECURE-DB: Attack Response Center: Information on Counter attack and monitoring
• FM 100-12 Appendix A: Intelligence Preparation of the Battlespace
• (See also the Cyberwarfare section)

Attribution

• Techniques for Cyber Attack Attribution, by David A. Wheeler, Institute for Defense Analyses, October 2003
• Information Operations, Deterrence, and the Use of Force, by Roger W. Barnett, Naval War College, 1998
• ARDA BAA-05-04-IFKA on Network Attack Traceback
• Survey/Analysis of Levels I, II, and III: Attack Attribution Techniques, Don Cohen & K. Narayanaswamy, April 27, 2004
• Statistics on crime clearance
• Tracking a Computer Hacker, by Daniel A. Morris, Assistant United States Attorney, Computer and Telecommunications Coordinator, District of Nebraska, May 2001
• Toward Deterrence in the Cyber Dimension (.pdf)
• Caught in the Net: An online posse tracks down an Internet stalker, by Jack Mingo
• Hack and Counter-Hack -- Active Forensics: Tracking that Intruder., by Dragos Ruiu, January 30, 2001
• Tracing Based Active Intrusion Response, by Xinyuan Wang, Douglas S. Reeves, S. Felix Wu, 2001
• Intelligence Preparation of the Information Battlespace -- A Cyber Playbook for Information Survivability, by James K. Williams, Roderick A. Moore, and Charles McCain
• BAA 03-03-FH (Information Assurance For the US Intelligence Community Broad Agency Announcement aimed at attack attribution. Defines four levels of attribution that are useful in framing the topic.)

Law

• US Federal Code related to Cybercrime, Department of Justice Computer Crime and Intellectual Property Section
• 2001-02 Cyberterrorism/Computer Crime Legislation
• Council of Europe Convention on Cybercrime (ETS No: 185)
• Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries (CSIRT Project Survey)
• FindLaw > Legal Subjects > Cyberspace Law > Computer Crime > Primary Materials - Laws and Government Documents
• THE LEGAL FRAMEWORK - UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS (PENAL LEGISLATION IN 44 COUNTRIES), by Stein Schjolberg, Chief Judge, Moss District Court, Norway, April 7, 2003
• LEGAL ASPECTS OF INFORMATION OPERATIONS
• Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in Computer Misuse Statutes, by Orin S. Kerr, New York University Law Review, Vol. 78, November 2003
• The Legal Risks of Computer Pests and Hacker Tools, by Benjamin Wright, J.D., September 25, 2001
• Port Scanning and its Legal Implications, by Adv. Abhinav Bhatt, Asian School of Cyber Laws
• International response to piracy on the high seas
  • The United Nations Convention on the Law of the Sea
  • United Nations Conference on Trade and Development (UNCTAD) conference on Arrest of Ships
• Statutes re: use of force in defense of property (c/o Ivan Orton)
  • 9 GCA: Crim es and Corrections, Chapter 7 (See Section 7.90: "Force in Defense of Property: Defined and Allowed")
  • Judges and Legis latures in 21st Century Torts: Integrating Cases and Statutes, by David W. [Jake] Barnes, Seton Hall University School of Law (See pp. 2-4)
  • State of South Carol ina v. Jeffrey M. Thompson, South Carolina Supreme Court opinion 25459 (Use of force against fur bearing animals)
  • Bear Shootings under fire, by Stefan Hard, Times Argus, July 25, 2003 (Laws re: use of force against moose more specific than laws re: use of force against bears)
• Criminal complaint in case of U.S. v. John Lin, Shao Yui, Elaine Espinosa, and Daniel Mankani, U.S. District Court, Eastern District of Michigan (spam honeypots used to collect evidence in CAN-SPAM Act case)
• Tony Martin: convicted killer or defender of householders' rights?, EDP24
• Scott Moulton and Network Installation Computer Services, Inc. v. VC3, Civ. Act. No. 1:00-CV-434-TWT (N.D. Ga. November 6, 2000)
• Port scans legal, judge says: Federal court finds that scanning a network doesn't cause damage, or threaten public health and safety, by Kevin Poulsen, SecurityFocus Dec 18 2000
• Finding Fences in Cyberspace: Privacy and Open Access on the Internet by Ethan Preston

Books related to Active Defense

• Aggressive Network Self-Defense," by Neil R. Wyler, Syngress, ISBN 1-931836-20-5, 2005
• Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, by Ed Skoudis, Prentice Hall, ISBN 0130332739
• Anti Hacker Toolkit, by Keith J. Jones, Mike Shema, and Bradley C. Johnson
• Hacking Linux Exposed, by Brian Hatch and James Lee
• Hacking Windows 2000 Exposed, by Joel Scambray, Stuart McClure, Chip Andrews, Erik Pace Birkholz, Clinton Mugge and David Wong

Tools and software systems related to Active Defense

• National Information Exchange Model (NIEM), IJIS Institute
• The Emergent Law Enforcement Network Security Initiative (eLENS), APWG
• Knoppix Security Tools Distribution (STD)
• Penguin Sleuthkit (a remaster of Knoppix)
• Anti-Hacker Toolkit tool references
• An Intelligent Decision Support System for Intrusion Detection and Response, by Dipankar Dasgupta and Fabio A. Gonzalez, Intelligent Security Systems Research Lab, Division of Computer Science, The University of Memphis, 2001
• Intelligence Network Attack Traceback (ARDA BAA 05-04), archived at cryptome.org
• Security Incident Fusion Tools (SIFT) Research Project
• Security Event Management (SEM)/Security Incident Management (SIM)
  • Security Information Management Systems (SIMS), Schneier on Security, October 20, 2004
  • Big picture security, by Paul Roberts, Computerworld, November 04, 2004
  • SEM: Navigating the Seas of Security Event Data, by By Christopher M. King, Network Magazine, January 05, 2004
  • Magic Quadrant for Security Information and Event Management, Gartner RAS Core Research Note G00167782, by Mark Nicolett and Kelly M. Kavanagh, 29 May 2009
  • Commercial products
    • Alien Vault
    • ArcSight
    • eiQnetworks SecureVue
    • Excel Networks SecureVue SIEM
    • IBM Tivoli Security Information and Event Manager (TSIEM)
    • Intellitactics Security Manager for SIEM
    • LogLogic
    • LogMatrix
    • LogRhythm
    • netForensics
    • NetIQ Security Manager
    • NitroSecurity
    • Novell Sentinel
    • Prism Microsystems EventTracker
    • Q1 Labs QRadar SIEM
    • RSA Envision
    • SenSage
    • Snare
    • Splunk
    • Tenable Security Center (SC) and Log Correlation Engine (LCE)
    • TriGeo SIM
    • Tripwire Log Center
    • Vigilant
  • Open source products
    • The Alient Vault Open Source SIM
    • LogZilla
    • OpenSIMS (Open Source Security Infrastructure Management System)
    • Zenoss Open Source Server and Network Monitoring

Reading list for Active Defense Workshop

• Can you hack back?, by Deborah Radcliff, NetworkWorld Fusion, June 1, 2000
• Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism?, by Vikas Jayawal, William Yurcik, David Doss, Illinois State University
• Private Intrusion Response, by Stevan D. Mitchell and Elizabeth A. Banker, 11 Harvard Journal of Law & Technology 699 (Spring 1998) (.pdf)
• Adequacy of Criminal Law and Procedure (Cyber), A "Legal Foundations" Study -- Report 7 of 12 (.pdf)
• Toward Deterrence in the Cyber Dimension (.pdf)
• Software Bullet Sought to Kill Music Piracy, by Andrew Ross Sorkin, The New York Times, May 4, 2003
• Email from outdot@rstack.org to honeypots to honeypots mailing, detailing an active defense against the Blaster worm using Neils Provost's honeyed, August 19, 2003
• Well-intended computer worm slows Asian networks, by Kim Peterson, Seattle Times, August 19, 2003
• Bush pushes for cybercrime treaty, by Declan McCullagh, CNET News.com, November 18, 2003