Cyberwar: Is Offense the New Defense?

Many experts - including some in the military - argue that cyber weapons could make our networks safer. But will they? Robert Lemos reports from the Conference on Cyber Warfare in Estonia.

Tallinn, Estonia -- Eight months after it started spreading, the Conficker worm remains on hundreds of thousands, if not millions, of computer systems. While the furor over the worm has died down, worries over the capabilities of the sleeper botnet continue to concern cybersecurity experts.

The call to do something about the latent threat is growing louder. This week, two German researchers -- Felix Leder and Tillmann Werner, PhD students at the University of Bonn -- advocated attacking back at the botnet, before it's used for another purpose.

"Most counter measures nowadays are reactive, you wait for an attack to happen, and then you take the countermeasure," Werner said at the Conference on Cyber Warfare, an event held by the Cooperative Cyber Defence Centre of Excellence in Tallin. "We need something that will stop the attack in advance."

The two students are well known among security researchers. In March, they discovered a way to detect Conficker-infected machines using network scanning, a method that allowed defenders to detect and remove a large number of compromised hosts. In their latest research, Leder and Werner have focused on four sophisticated botnets -- Conficker, Waledac, Storm and Kraken -- and claim that they have learned enough about each one to successfully attack, and dismantle, the malicious networks.

See also: What a Botnet Looks Like

"We could do disinfection like an outbreak," Leder told attendees.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!