Hacking Back: Revenge is Sweet, But is it Legal?

Hacking Back: Revenge is Sweet, But is it Legal?

Before you go ahead hack backing intruders, you should proceed with caution.

You may have heard the term “active cyber defense” lately and would like to know if it can help your business, particularly if you work in a sensitive sector like financial services. In theory, active cyber defense (or ACD) sounds like what you need: You want to do more than firewall your systems and instead, actively defend your company against hackers.

But before you go ahead hack backing intruders, you should proceed with caution. Many active cyber defense strategies are currently illegal for financial services and other private companies.

U.S. law around active cyber defense

Introduced as a bill to the U.S. House of Representatives in October by Rep. Tom Graves, the Active Cyber Defense Certainty Act (ACDCA) is still under consideration. Currently, the Computer Fraud and Abuse Act deems many active cyber defense methods to be illegal, including accessing a computer – such as a hacker’s computer – without authorization. ACDCA aims to address new cyber security norms, particularly ones unaddressed in the Computer Fraud and Abuse Act, which was passed as an amendment in 1986.

Ultimately, ACDCA wants to enable broader active cyber defense abilities to the private sector. The bill proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.”

If the ACDCA passes, Symantec writes that private companies could participate in a two-year pilot program where their activities would be closely coordinated with the FBI. Doing so would empower these companies to employ certain ACD tactics such as hack backs and not face criminal repercussions – though not civil.

They claim companies could legally hack into a suspected intruder’s computer as part of an ACDCA program for the following reasons:

  • To get information that could demonstrate whether or not the suspect penetrated the company’s systems.
  • To block the intruder from entering the company’s systems, and;
  • To watch how the intruder is acting.

However, Symantec notes that destroying information on a suspect’s computer that doesn’t belong to the company, causing excessive physical or financial damage, hacking an intermediary’s computer, or causing a public health threat would not be allowed in an ACDCA-backed program.

As this U.S. regulation gets resolved, however, we can explain some common ACD strategies and the pros and cons – both legally and logistically – of using them.

Hack-backs

Let’s start with hack backs, since this at the crux of the ACDCA program. While an increasing number of politicians are advocating for hacking back, particularly in response to wide-scale cyber attacks, many security professionals are skeptical of hack backs’ efficacy. For example, because of the internet’s interconnected nature, it is difficult to ensure a hack back will only target one’s intended intruders. Sadly and not surprisingly, many hackers will realistically just become savvier about hiding their exploits because of ACDCA legislation. Legalizing hacking back may not fundamentally damage intruders’ abilities to penetrate critical systems.

Also, many private companies are too optimistic about their abilities to find the right intruder through hack backs and may think they have the right hacker through a hack back scheme, but don’t. Even with hack backs, it is very hard to attribute the correct intruder.

So, even if you can hack back your attacker, it may not be the wisest move.

Honeypots

Honeypots are an increasingly popular ACD method that are less aggressive than hack backs. Honeypots create decoys placed within one’s networks with fake information and simulated software that encourage hackers to infiltrate. Once a hacker enters a honeypot, they are used to gather information on the attacker.

They can be quite effective. However, they are also resource intensive and if employed on a WiFi network, can be difficult not to encourage others to fall for the decoy as well.

Beacons

While honeypots are good at identifying who is attacking a given system, it does not follow their behavior once they’ve left the honeypot. Here, beacons enter.

Deploying marketing techniques like cookies, a web beacon contains a web link that can be embedded in various real documents without probably being noticed. Once the intruder clicks on the web link, a company’s servers gather information about the hacker, including their IP address, operating system, and other important details.

Thankfully, beacons are also legal.

White worms

White worms bring the idea of beacons one level further: Malware (known as “white worms” for their beneficial purpose) is actually infected into an intruder’s systems. While a lot can be learned from deploying such malware, the consequences are significant, particularly if uninvolved individuals are affected. For this reason, white worms are not commonly implemented.

Address hopping

For private companies with a lot of cash at hand, address hopping is another effective and legal ACD strategy. As a security researcher at ETH Zurich details, a company’s IP address is changed on a regular and random basis while data is transmitted. This makes a hacker need to search for a company’s data packets constantly. It is a strategy adopted from military communications where radio frequencies were regularly changed to throw off enemy forces.

In short, beyond hack backs and white worms – which are largely illegal or problematic – private companies can deploy legal and effective ACD tactics such as honeypots, beacons, and address hopping. Even if the ACDCA passes, financial services companies may still prefer to use these strategies rather than hack back.

Featured

  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.