Active defense and fighting back: cyber analogies to real world

Real world context: you’re on holidays in a foreign land. You don’t know the local language all that well and you’re still grappling with all the cultural differences between Sweet Home A’la Bummer and this place here.

You are walking home from the bar late at night when confronted by a mugger. He holds you at a knife point. He demands your wallet.

Fighting back: you unleash your superpowers and whip out a can of whoop ass. The mugger had an accomplice, whom you didn’t notice. You wake up in a hospital bed with severe aches and pains.

Active defense: you do as your mugger demands, stalling, speaking loudly to attract the attention of the people passing by mere 5m away. You slowly pull out your fake wallet filled with spare change and never activated cards that are in your cat’s name.


Cyberspace context: you have a nice little online presence. Your organisation is new to this internet craze, you prefer to keep all your valuable IT stuff behind a sturdy firewall.

One Saturday afternoon your phone rings. It’s an unknown person telling you they have access to your financials data and your M&A (mergers and acquisitions) plans and are ready to use them unless you pay.

Fighting back: your company goes into crisis mode, decides to hire a company that promises to hack back the perpetrators in record time and make sure they never do anything like that to your company again. The hacking attack goes well until federal police calls in. The hacking attack you unleashed was against an innocent third party that is now ready to sue you for the damages done. Your attackers call you up to say their demands have doubled.

Active defense: You never trusted your perimeter defences to really keep determined attackers out. You also know that your staff is likely to fall prey to a social engineering attack, so you created a number of decoy systems and files on your local network. You also spent time on cheap monitoring system that shows any unusual activity. You call a crisis situation. Crisis management group decides that the best course of action is for the company CEO to inform the stockmarket and the media that your organisation was attacked and that the attackers stole fake information. You provide a copy of the fake information that was stolen. Your attackers are never heard from again.