Summary of “The first ever botwall could change the economics of hacking forever” By Tim Fernholz, January 21 2014. Qz.com

by mbertrand on January 29, 2014 - 4:16pm

This article highlights aspects of hacking websites, notable distributed denial of service attacks (DDOS attacks) and protections against them. The technology in question, Shape Shifter, is what is called a ‘botwall’ which stops hackers from making DDOS attacks by scrambling the web application code. This effectively makes the hackers incapable of making an attack against a single source as the source is constantly changing. The article asserts that every computer system has been breached by internet hackerws and the only difference between companies is whether their network administrators know it or not. If they know they have been hacked, they can learn from that, and so came the inception of this botwall. The difficulty with this, however, is being able to let legitimate users in while keeping undesirables out. The current method is allowing certain internet protocol addresses (IP Addresses) in a certain amount of times, but this is easily passable. Shape Shifter learns from hackers and does something similar to the IP spoofing tactic (where hackers will use a program that constantly changes their internet protocol address, effectively their global location on the web, to one that is not their own) called “polymorphism”, which scrambles any spambot’s frame of reference for website weaknesses through scrambling the site’s code. The aim of Shape Shifter is to make the web a safer place for online business.

Such technology has little to it that is morally questionable, but the debate is there. It is developed with hackers as the basis. Hackers do this sort of call bouncing or IP spoofing all the time to dodge network security, so why should network security grids not do the same? The question of morals however is whether or not companies have the right to play as dirty as hackers do and whether there is a welled reasoned argument for why they should act this way. I think that this is a fair measure, as the hackers aren’t likely to follow any set of rules but their own codes and creeds, so yes, there is fair reasoning for this action. As such there is little to worry about as the malicious already have access to these means. Shape Shifter is merely using the workarounds against them. The implications of this technology is a safer and less hack-able internet, with less scandals occurring in the future, such as the Target client information scandal of the past month. The technology is largely beneficial for all proprietors of online business and for their potential client base, leading to peace of mind for both sides of a transaction. Another issue for the purchaser is the question of why this program needs its own separate device, though it may be argued that it is to save an operating system from being worked too hard. Really, it seems to me that online trade looks a lot safer all of a sudden.This article highlights aspects of hacking websites, notable distributed denial of service attacks (DDOS attacks) and protections against them. The technology in question, Shape Shifter, is what is called a ‘botwall’ which stops hackers from making DDOS attacks by scrambling the web application code. This effectively makes the hackers incapable of making an attack against a single source as the source is constantly changing. The article asserts that every computer system has been breached by internet hackerws and the only difference between companies is whether their network administrators know it or not. If they know they have been hacked, they can learn from that, and so came the inception of this botwall. The difficulty with this, however, is being able to let legitimate users in while keeping undesirables out. The current method is allowing certain internet protocol addresses (IP Addresses) in a certain amount of times, but this is easily passable. Shape Shifter learns from hackers and does something similar to the IP spoofing tactic (where hackers will use a program that constantly changes their internet protocol address, effectively their global location on the web, to one that is not their own) called “polymorphism”, which scrambles any spambot’s frame of reference for website weaknesses through scrambling the site’s code. The aim of Shape Shifter is to make the web a safer place for online business.
Such technology has little to it that is morally questionable, but the debate is there. It is developed with hackers as the basis. Hackers do this sort of call bouncing or IP spoofing all the time to dodge network security, so why should network security grids not do the same? The question of morals however is whether or not companies have the right to play as dirty as hackers do and whether there is a welled reasoned argument for why they should act this way. I think that this is a fair measure, as the hackers aren’t likely to follow any set of rules but their own codes and creeds, so yes, there is fair reasoning for this action. As such there is little to worry about as the malicious already have access to these means. Shape Shifter is merely using the workarounds against them. The implications of this technology is a safer and less hack-able internet, with less scandals occurring in the future, such as the Target client information scandal of the past month. The technology is largely beneficial for all proprietors of online business and for their potential client base, leading to peace of mind for both sides of a transaction. Another issue for the purchaser is the question of why this program needs its own separate device, though it may be argued that it is to save an operating system from being worked too hard. Really, it seems to me that online trade looks a lot safer all of a sudden.

Comments

Very informative, interesting and gave me a bit more insight into DDOS attacks and how to prevent them. However, by mimicking the actions of these hackers and protecting from attacks in the same manner, doesn't that enable the company, or at least maybe people within the company, to perform their own attacks independent of the company but still using the servers? Also, wouldn't companies be able to target opposition in this way and still remain hidden? This is just speculation by me with limited knowledge of DDOS attacks and so forth, so it's merely an idea.

On the question of whether companies should play as dirty as the hackers who hack them, I agree with you. Hackers, botters, etc do not follow the rules that have been placed around the company (primarily gaming companies). This exploits the games which honest people play and succeed at, and all the prevention into hacking these games would greatly increase the players devotion to the company. On more of a corporate level, hacking is used to get client information the majority of the time. But with the development of DDOS attack blockers, hackers will always find newer and newer ways of obtaining their goal in hacking companies.