Tag Archives: Hack back

Security News for the Week Ending December 10, 2021


A proof of concept for a zero-day vulnerability in the very popular Apache Log4j Java library is being shared online. Log4j is used both in enterprises and in cloud services. Products from Apple, Amazon, Twitter and Steam, among others may be vulnerable to remote code execution exploits. All versions through 2.14.1 are vulnerable CISA and other government agencies have issued alerts. Many Managed Service Providers are finding themselves under attack. Find details at Bleeping Computer and US CERT and Huntress Labs.

Researcher Found Method to Brute Force Verizon PINs

A researcher discovered a bug that allowed him to brute force any customer’s Verizon security PIN. After reporting it to Verizon, Verizon told Vice that they solved the problem by taking down the vulnerable website pages. Hopefully, when those pages return, the bug will be fixed. Credit: Vice

US Military Admits to Offensive Hacking

Cyber Command, AKA the NSA, has confirmed that they have taken unspecified hacking to disrupt hackers ability to hack. This comes from none other than General Paul Nakasone, head of the NSA and CyberCom. While they know that they can’t shut down hackers, they also know that they can make it more costly. Nakasone said that a number of elements of the government (i.e. more than just the NSA) have taken actions and we have imposed costs. Just speculating, but hackers are often not good programmers and even worse at operational security, so it is not at all surprising that they can be hacked. Historically we haven’t done that, but it looks like now we are. Credit: CNN

A Camera the Size of a Grain of Salt

It can take better full color images than a camera 500,000 times its size. It even works in ordinary light. The surface is made from silicon nitride, meaning that it can be made in microchip manufacturing plants. It could be used in medicine (like in an endoscope), but think about the uses by spies. What an incredible spy cam. No one is going to see a grain of salt. Credit: Vice

In the Face of a $150 BILLION Lawsuit, Facebook Bans Myanmar Military

Facebook announced this week that it will remove pages, groups and accounts representing military controlled businesses. Many criticized it as a cynical ploy to deflect criticism coming from the billion dollar lawsuit. The US lawsuit illustrates how Facebook’s algorithms often recommend extremist groups and violent content in exchange for more customers. Credit: ZDNet

The Active Cyber Defense Certainty Act – What COULD Go Wrong

Most of the time we feel pretty helpless when it comes to going after hackers.  There is a good reason for that  – for the most part, we are helpless.  The hackers operate under their own rules and law enforcement really isn’t equipped to deal with them.  It is hard enough for the cops to catch burglars and murderers (how many of those cases go unsolved every year), but when it comes to cyber crimes, I would hazard a guess that 999 out of every 1,000 go unsolved.

Enter ACDC, the Active Cyber Defense Certainty Act.  This bill would allow businesses, within certain parameters to hack back at the hackers to destroy stolen information and try to unmask the hackers as long as they don’t do damage.

There was a recent case where this was tried with no success and I think this is going to be the normal situation – no success.

London Bridge Plastic Surgery is a high end plastic surgery practice in England – they do plastic surgery on the rich and the famous, including the Royals.   They were hacked and the hackers shared graphic photos of their patients with the media.  So far, I don’t think they have published those photos.

Apparently, the chief surgeon fancies himself a bit of an amateur hacker and sent the hackers a word document with a link to a file on their server with the hopes of getting the hacker’s IP address from this.

Not surprisingly, the hackers detected this attempt and publicly scolded the doctor who said that he didn’t do it.  The hackers now say that they are going to punish the doctor for attempting to uncover them, although they have not said what that might be.

In the end, you run the risk of upsetting folks who may have backdoors into your system and, in this case, claim to have terabytes of your sensitive data, which they could easily dump on the web.

So if ACDC passes and you choose to hack the hackers, understand that the hackers might be smarter than you and there could be serious consequences for you, your company, your data and your clients.

On the other hand, if you think you are smarter than the hackers then why were they able to hack you?

Information for this post came from The Daily Beast.