Offensive Computing: A Bad Idea That Never Dies

Your network is getting scanned from some system on the other side of the country, or perhaps the globe. You traceroute the IP address, and discern the offending system is infected with a bot that's trying to infect you. You take a look at the device and see it's not patched for a multitude of OS vulnerabilities. Is it ethical (never mind legal) for you to take the system down with some exploits of your own?

Dark Reading logo in a gray background | Dark Reading

Your network is getting scanned from some system on the other side of the country, or perhaps the globe. You traceroute the IP address, and discern the offending system is infected with a bot that's trying to infect you. You take a look at the device and see it's not patched for a multitude of OS vulnerabilities. Is it ethical (never mind legal) for you to take the system down with some exploits of your own?It's clearly not legal in most areas I'm familiar with. But let's set that annoying fact aside for a moment.

I despise the topic of "offensive computing." The controversial subject seems to come up every couple of years. Following the massive Code Red worm outbreak in the summer of 2001, which brought many networks to a crawl. Shortly thereafter we had the counter-worms Code Green and CRclean surface: both were devised to spread and patch Code Red's target: unpatched IIS Web servers.

It was a desperate time, and sometimes those times call for desperate measures. But these types of worms aren't a good idea. Too many potential unintended consequences. Too high of a risk of collateral damage: innocent networks clogged -- or even data destroyed -- because of a programming error.

In fact, the very idea of offensive computer actions goes against the 10 Commandments of Computer Ethics, created in 1992, by the Computer Ethics Institute, and are supposedly the foundation for the CISSP's own ethics rules:

"The Commandments"

About the Author

George V. Hulme, Contributing Writer

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights