Is IT Security on the verge of becoming a vigilante term? It seems like the internet has become the Wild Wild West and IT Security Professionals are being forced to defend their domains with ruthless unconventional responses…an eye for an eye if you will.
After multiple attempts to report a CryptoJacker, the miner is still allowed to continue mining and making profits from your infrastructure.
Because this was reported almost 2 weeks ago, I can’t help but wonder why authorities have done nothing to protect the victims? Is it our duty as ethical practitioners to protect our infrastructure by shutting down the mining pool provider for harboring a criminal?
The obvious questions are:
- Where do you report these CryptoJackers?
- What is the responsibility of the mining pool providers to ensure our security?
- What is the alternative if cyber crime reports go unanswered?
- When does retaliation become justifiable?
It certainly seems that there is no single authoritative entity to manage the flood of cyber crimes being discovered daily and victims are left to bear the lasting damage caused by these breaches while the criminals are allowed to roam free, protected by the anonymity of blockchain and ethical standards set out by the authorities for IT Security Professionals.
We are certainly getting to that frustrating point where we have to go on the offensive rather than just defend against an ever increasing list of vulnerabilities and cyber criminals.