Attribution is a commonly bemoaned issue in cybersecurity, with many cyber experts claiming that the inability to attribute attacks definitively to a source is a problem in developing a coherent cyber-response strategy. However, a security researcher may have found a way to solve that problem, according to The Register.
Laurent Oudot, CEO of French security consultancy Tehtri-Security, has released details regarding vulnerabilities in commonly-used crime-ware kits. Oudot pointed to 13 different bugs that could be exploited to trace the attacks back to the source.
Investigators and law enforcement officials will be able to use the exploits to take-out command and control servers, launch attacks against the cyber miscreants and hunt them down.
“The offensive concepts that we’ve shown today were how to strike back at attackers who use evil web tools like Exploit Packs, Web backdoors, etc.,” Oudot said. “Basically, we explained that it is possible to create traps or to remotely attack the malicious web tools used by people controlling botnets.”
One of the exploits allows cyber investigators to steal authentication cookies from cyber criminals trying to login to the admin panel.
“It’s time to have strike-back capabilities for real, and to have alternative and innovate solutions against those security issues,” Oudot writes in a blog post. “We have shown how to know, identify, exploit, neutralize or destroy attackers using those kind of tools.”