Hacker News new | ask | show | jobs
by JumpCrisscross 89 days ago
> what makes them think they have the knowledge/expertise to fight back?

If the goal is simply breaking shit (versus e.g. exfiltrating data) offense is way easier than defense. Also, security is an ongoing expense. Retaliation is one time.
1 comments
conductr 89 days ago
> Also, security is an ongoing expense. Retaliation is one time.

Disagree. Retaliating draws a larger target on you. Increasing need for ongoing security. And increasing need to retaliate. You’re retaliating against multiple fronts and vectors. It’s all very expensive and an arms race.

link
JumpCrisscross 89 days ago
> Retaliating draws a larger target on you. Increasing need for ongoing security

Does it? I feel like I could pretty easily pay a mercenary group to fuck around with Iran without being particularly concerned about blowback. (My main risk would be getting scammed.)

link
conductr 89 days ago
If you could keep your association with that mercenary a secret then sure. But if you were IDK, Walmart, and you went on this offensive or openly admitted to backing the mercenary. Well, now that Iranian group may want to push harder. Instead of attacking your servers, they begin attacking your POS, thermostats, security cameras, time clocks, inventory mgmt hardware, etc. they eventually start targeting your employees and their personal homes and such.

They could do all this now, but they generally don’t. Poke the bear and it might bite.

link
antonymoose 89 days ago
Having worked in anti-Phishing brand protection firm on behalf of firms like Apple, it absolutely draws a target on your back.

We used to receive routine threats from the IRGC on top of the usual DDoS attacks on our systems. Turns out cybercriminals don’t like it when you disrupt their cash flow. Thankfully we never got SWAT’d or had a box of heroin shipped to our office like that one journalist.

link
nostrademons 89 days ago
This is likely why the administration is suggesting that private firms to hack back. It draws a larger target on the private firms instead of the administration.
link
conductr 89 days ago
I think it’s a good strategy to tell firms, don’t hold back and essentially they won’t be held liable for damages they cause but it’s another thing entirely for those firms to actually go on an offensive mission.

But yes, I think it’s understood that you’re on your own on this front and the government isn’t going to come to your rescue or protect you, which I feel like isn’t really a change from status quo but just being more direct in admitting it

link