Wired News article on the FBI sting on a Russian hacker - the so-called 'Invita' case. A US federal judge gave the FBI the authority to hack the Russian's computers on Russian soil.

Crosbie and Spafford's tech report

M. Crosbie and G. Spafford, "Active Defense of a Computer System Using Autonomous Agents," Purdue University, West Lafayette, IN, Technical Report 95-008, February 1995.

My thesis regarding Active Response.

Sergio Caltagirone, "Active Response," Master's Thesis in Computer Science. Moscow, ID: University of Idaho, 2005, pp. 183.

[Book] Publisher's Comments: Are you tired of feeling vulnerable to the latest security vulnerabilities? Are you fed up with vendors who take too long to release security patches, while criminals waste no time in exploiting those very same holes? Do you want to know who, exactly, is really trying to hack your network? Do you think EVERYONE should be responsible for securing their owns systems so they can't be used to attack yours? Do you think you have the right to defend yourself, your network, and ultimately your business against aggressors and adversaries?

ABSTRACT: In this paper we present a tool designed to intercept attacks at the host where they are launched so as to block them before they reach their targets. The tool works both for attacks targeted on the local host and on hosts connected to the network

D. Bruschi and E. Rosti, "AngeL: A Tool To Disarm Computer Systems," presented at 2001 Workshop on New Security Paradigms, Cloudcroft, New Mexico, 2001.

Chris Loomis, in this article attempts to generate discussion regarding response and its problems.

Army Theater missile Defense Operations

Discusses information warfare possibilities from North Korea into Australia and other countries

J. C. Harsanyi, "Bayesian Decision Theory and Utilitarian Ethics," presented at Ninth Annual Meeting of the American Economic Association, 1978.

General article about response, nothing really new

Charter of the United Nations

Media article about Tim Mullen's 2002 Defcon presentation about hack-back and active defense.

The first fully international treaty on cybercrime - the US is a signatory

An article on vigilantism in response to security threats (some include physical responses - baseball bats)

Presidential Decision Directive 63 describes the need for critical infrastructure protection from attacks of may types (including cyber)

Bruce Schneier states that the community needs to look increasingly at active defense for protection

Bruce Schneier's attack on active defense in the hands of the RIAA and individuals

Col. Cabana argues that in an information war, the military should only play a support role to civilian entities

Col. N. C. Cabana, "Cyber Attack Response: The Military in a Support Role," vol. 2005: http://www.airpower.maxwell.af.mil/airchronicles/cc/cabana.html, 2000.

Governments and critical infrastructures rely increasingly on networked computing technologies and are thus ever more vulnerable to cyber-attacks. International law is not fully formed on this issue, but the UN Charter and the laws of armed conflict establish certain baseline rules.

Cyber-attacks and international law
Gregory D Grove, Seymour E Goodman, Stephen J Lukasik. Survival London:Autumn 2000. Vol. 42, Iss. 3, p. 89-103 (15 pp.)
ISSN/ISBN: 00396338

Dave Dittrich's bibliography of active defense resources on the Internet. Lots of interesting reading

Timothy Mullen's electronic essay in defense of active defense as a legitimate security tool

A presentation (in PDF) regarding active defense, its potential, and limitation

A paper published at the New Security Paradigms workshop describing using active defense.

D. Bruschi and E. Rosti, "Disarming Offense to Facilitate Defense," presented at 2000 Workshop on New Security Paradigms, Ballycotton, County Cork, Ireland, 2000.

Department of Defense Dictionary of Military and Associated Terms. Defines 'active defense'

Porras and Neumann's EMERALD IDS

P. A. Porras and P. G. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances," presented at 20th National Information Systems Security Conference, 1997.

The state of security on the Internet is bad and becoming worse. One reaction to this state of affairs is a behavior termed "Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. Ethical hackers may beta test unreleased software, stress test released software, and scan networks of computers for vulnerabilities.

Attorney General's Office asks Congress for more lenient statutes in regards to tracking network traffic along multiple phone networks (currently must get seperate warrants for each phone network)

J. C. Harsanyi, "Games with Incomplete Information," The American Economic Review, vol. 85, pp. 291-303, 1995.

News story about hackers compromising GMU servers with potential identity theft implications

Article on Symbiot's IDS

HSPD-7 is a document which categorizes the threats to critical infrastructure (see PPD 63), and assigns the responsibilities of protecting those infrastructures to various federal agencies

Paul Joyal discusses the history of espionage with respect to industrial espionage and the upcoming threat of information warfare against a nation's economic infrastructure and intellectual property

P. M. Joyal, "Industrial Espionage Today and Information Wars of Tomarrow," presented at 19th National Information Systems Security Conference, 1996.

International law perspectives of information warfare

J. Barkham, "Information Warfare and International Law on the Use of Force," New York University Journal of International Law and Politics, vol. 34, pp. 57-113, 2001.

Discusses active defense as a component of information warfare, potential consequences and alternatives to active defense

Jayawal, Yurcik, and Doss discuss the possibility of using hack-back

V. Jayawal, W. Yurcik, and D. Doss, "Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism?" presented at International Symposium on Technology and Society, Raleigh, North Carolina, 2002.

A short bibliography of intrusion detection research

DoD Joint Doctrine for combating weapons of mass destruction. Details the use of 'active defense' as a method of counterproliferation of WMD

Judge allows FBI to hack russian computer and install keylogger to trace attacks in US

Describes use of force in defense of property statutes

D. W. Barnes, "Judges and Legistlatures in 21st Century Torts: Integrating Cases and Statutes," presented at Association of American Law Schools Conference on Torts, New York, New York, 2003.

Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective

D. Bruschi, C. L., and E. Rosti, "Less Harm, Less Worry or How To Improve Network Security by Bounding System Offensiveness," presented at 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, 2000.

Tim Mullen's presentation at Defcon 2002 regarding strike-back in response to Nimda infections

J. Nash, "Non-Cooperative Games," The Annals of Mathematics, vol. 54, pp. 286-295, 1951.

Response article to Symbiot Inc.'s new IDS that can respond

An excellent article on the application of laws to intrusion response (generally regarding physical intrusions of homes/businesses)

S. D. Mitchell and E. A. Banker, "Private Intrusion Response," Harvard Journal of Law and Technology, vol. 11, pp. 700-7

Being able to, remotely, determine the identity of a machine using clock skew. Has potential applications in hack-back to reduce the probability that the wrong machine is targeted

T. Kohno, A. Broido, and K. Claffy, Remote Physical Device Fingerprinting, Presented at the IEEE Symposium on Security and Privacy, May 8-11, 2005

A method to dynamically alter the exposure of a host to contain an intrusion when it occurs

A. Gehani and G. Kedem, "RheoStat: Real-time Risk Management," presented at 7th International Symposium, RAID 2004, Sophia Antipolis, France, 2004.

Robert Axelrod uses game theory and decision theory to analyze risk in information systems

R. Axelrod, "Risk in Networked Information Systems," Office of the Assistant Secretary of Defense for Networks and Information Integration, 2003.

Discusses meeting at SRI to discuss security vulnerabilities in networks

The news story of the slammer worm infecting a nuke power plant in Ohio and shutting down safety systems

A critical and important book in the evolution of military strategy and doctrine. Many point to this work as the first formalization of an 'active defense'

V. D. Sokolovskii, Soviet Military Strategy. Englewood Cliffs, New Jersey: Prentice-Hall, 1963.

Timothy Mullen's online column regarding strike back technology - attached is also a very interesting discussion about the article

A Whitepaper on taking over a train station's wireless network - with implications to privacy and identity theft

Hacker got into Air Traffic Control system

J. Nash, "The Bargaining Problem," Econometrica, vol. 18, pp. 155-162, 1950.

A good summary of ethical properties in regards to active defense

A case for the use of active defense in almost any situation

Using sleepy watermark tracing (SWT) to trace the detected intrusion that utilizing stepping stone to disguise its origin in real-time

X. Wang, D. S. Reeves, and S. F. Wu, "Tracing Based Active Intrusion Response," Journal of Information Warfare, vol. 1, 2001.

J. Nash, "Two-Person Cooperative Games," Econometrica, vol. 21, pp. 128-140, 1953.

A good guide to the many U.S. supreme court resources on the web