Hacking Back: Revenge is Sweet, But is it Legal?

Hacking Back: Revenge is Sweet, But is it Legal?

Before you go ahead hack backing intruders, you should proceed with caution.

You may have heard the term “active cyber defense” lately and would like to know if it can help your business, particularly if you work in a sensitive sector like financial services. In theory, active cyber defense (or ACD) sounds like what you need: You want to do more than firewall your systems and instead, actively defend your company against hackers.

But before you go ahead hack backing intruders, you should proceed with caution. Many active cyber defense strategies are currently illegal for financial services and other private companies.

U.S. law around active cyber defense

Introduced as a bill to the U.S. House of Representatives in October by Rep. Tom Graves, the Active Cyber Defense Certainty Act (ACDCA) is still under consideration. Currently, the Computer Fraud and Abuse Act deems many active cyber defense methods to be illegal, including accessing a computer – such as a hacker’s computer – without authorization. ACDCA aims to address new cyber security norms, particularly ones unaddressed in the Computer Fraud and Abuse Act, which was passed as an amendment in 1986.

Ultimately, ACDCA wants to enable broader active cyber defense abilities to the private sector. The bill proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.”

If the ACDCA passes, Symantec writes that private companies could participate in a two-year pilot program where their activities would be closely coordinated with the FBI. Doing so would empower these companies to employ certain ACD tactics such as hack backs and not face criminal repercussions – though not civil.

They claim companies could legally hack into a suspected intruder’s computer as part of an ACDCA program for the following reasons:

  • To get information that could demonstrate whether or not the suspect penetrated the company’s systems.
  • To block the intruder from entering the company’s systems, and;
  • To watch how the intruder is acting.

However, Symantec notes that destroying information on a suspect’s computer that doesn’t belong to the company, causing excessive physical or financial damage, hacking an intermediary’s computer, or causing a public health threat would not be allowed in an ACDCA-backed program.

As this U.S. regulation gets resolved, however, we can explain some common ACD strategies and the pros and cons – both legally and logistically – of using them.

Hack-backs

Let’s start with hack backs, since this at the crux of the ACDCA program. While an increasing number of politicians are advocating for hacking back, particularly in response to wide-scale cyber attacks, many security professionals are skeptical of hack backs’ efficacy. For example, because of the internet’s interconnected nature, it is difficult to ensure a hack back will only target one’s intended intruders. Sadly and not surprisingly, many hackers will realistically just become savvier about hiding their exploits because of ACDCA legislation. Legalizing hacking back may not fundamentally damage intruders’ abilities to penetrate critical systems.

Also, many private companies are too optimistic about their abilities to find the right intruder through hack backs and may think they have the right hacker through a hack back scheme, but don’t. Even with hack backs, it is very hard to attribute the correct intruder.

So, even if you can hack back your attacker, it may not be the wisest move.

Honeypots

Honeypots are an increasingly popular ACD method that are less aggressive than hack backs. Honeypots create decoys placed within one’s networks with fake information and simulated software that encourage hackers to infiltrate. Once a hacker enters a honeypot, they are used to gather information on the attacker.

They can be quite effective. However, they are also resource intensive and if employed on a WiFi network, can be difficult not to encourage others to fall for the decoy as well.

Beacons

While honeypots are good at identifying who is attacking a given system, it does not follow their behavior once they’ve left the honeypot. Here, beacons enter.

Deploying marketing techniques like cookies, a web beacon contains a web link that can be embedded in various real documents without probably being noticed. Once the intruder clicks on the web link, a company’s servers gather information about the hacker, including their IP address, operating system, and other important details.

Thankfully, beacons are also legal.

White worms

White worms bring the idea of beacons one level further: Malware (known as “white worms” for their beneficial purpose) is actually infected into an intruder’s systems. While a lot can be learned from deploying such malware, the consequences are significant, particularly if uninvolved individuals are affected. For this reason, white worms are not commonly implemented.

Address hopping

For private companies with a lot of cash at hand, address hopping is another effective and legal ACD strategy. As a security researcher at ETH Zurich details, a company’s IP address is changed on a regular and random basis while data is transmitted. This makes a hacker need to search for a company’s data packets constantly. It is a strategy adopted from military communications where radio frequencies were regularly changed to throw off enemy forces.

In short, beyond hack backs and white worms – which are largely illegal or problematic – private companies can deploy legal and effective ACD tactics such as honeypots, beacons, and address hopping. Even if the ACDCA passes, financial services companies may still prefer to use these strategies rather than hack back.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.