Security tools are now officially accomplices to hackers
According to lots of publicly released reports ,there is conclusive evidence that security tools are used for attack purpose rather than their original purposes (proof of concept or education purpose ).
A lot of incidents of information system are related to a serious offense, especially in violation of security tools in a criminal manner.It’s easy to downlad the tools for the young guys and lots of tools are designed to be automatic.Even for a newbie,he or she is able to become a “super” hacker in cyberspace. They are attempting to shield themselves from the internet and arbitrarily attack anyone around the world they don’t like. Any viewpoints that it deems harmful to their images, they attack them too, however in nowadays, this action is more related to profit than ever. That’s the notorious Cyber Terrorism and underground economy.
to ant, you can find the clud from news or search the web for computer crimes survey .
Michael, I agree to you points. It’s similar to the kicken knife. It could be used to kill people. The cars kill thousands of people very year. However, the society need to find other ways to prevent abuse/mis-use of them. It’s their fault to develop search engines, “ping/traceroute…” tools. –Richard
Hi, what are these public released reports, and where I could get?
I can see your viewpoint: easy to use security tools are available for download, and doesn’t require much expertise to use. Point taken.
But let us go a bit further: Lets say that any serious security researcher is keeping his tools and knowledge under wraps. Normal admins won’t get hold of the tools and can’t test their security posture. However, in the underground not much has changed: exploits, toolkits (frameworks, rootkits etc) and other software are traded within the community and so is the knowledge how they are being used. So, the good guys lose out because now they are even less able to keep a track on how they are doing.
Ok, lets play with the thought of making security tools illegal (like they have done in UK and Germany). How far are you willing to take such a law? Ping? Traceroute? GCC & Visual Studio? All these has been used in the process of breaking in.
I do not believe that you should outlaw the tools, but instead getting some power behind the laws to bring people who actually committing the real crime (unauthorized access to computer system) to justice.
All these lobby and fear sponsored laws we have gotten the last 10 years or so has done absolutely nothing to protect what they were supposed to protect, but instead made criminals out of ordinary citizens.