Hacking Back: Revenge is Sweet, But is it Legal?

Hacking Back: Revenge is Sweet, But is it Legal?

Before you go ahead hack backing intruders, you should proceed with caution.

You may have heard the term “active cyber defense” lately and would like to know if it can help your business, particularly if you work in a sensitive sector like financial services. In theory, active cyber defense (or ACD) sounds like what you need: You want to do more than firewall your systems and instead, actively defend your company against hackers.

But before you go ahead hack backing intruders, you should proceed with caution. Many active cyber defense strategies are currently illegal for financial services and other private companies.

U.S. law around active cyber defense

Introduced as a bill to the U.S. House of Representatives in October by Rep. Tom Graves, the Active Cyber Defense Certainty Act (ACDCA) is still under consideration. Currently, the Computer Fraud and Abuse Act deems many active cyber defense methods to be illegal, including accessing a computer – such as a hacker’s computer – without authorization. ACDCA aims to address new cyber security norms, particularly ones unaddressed in the Computer Fraud and Abuse Act, which was passed as an amendment in 1986.

Ultimately, ACDCA wants to enable broader active cyber defense abilities to the private sector. The bill proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.”

If the ACDCA passes, Symantec writes that private companies could participate in a two-year pilot program where their activities would be closely coordinated with the FBI. Doing so would empower these companies to employ certain ACD tactics such as hack backs and not face criminal repercussions – though not civil.

They claim companies could legally hack into a suspected intruder’s computer as part of an ACDCA program for the following reasons:

  • To get information that could demonstrate whether or not the suspect penetrated the company’s systems.
  • To block the intruder from entering the company’s systems, and;
  • To watch how the intruder is acting.

However, Symantec notes that destroying information on a suspect’s computer that doesn’t belong to the company, causing excessive physical or financial damage, hacking an intermediary’s computer, or causing a public health threat would not be allowed in an ACDCA-backed program.

As this U.S. regulation gets resolved, however, we can explain some common ACD strategies and the pros and cons – both legally and logistically – of using them.

Hack-backs

Let’s start with hack backs, since this at the crux of the ACDCA program. While an increasing number of politicians are advocating for hacking back, particularly in response to wide-scale cyber attacks, many security professionals are skeptical of hack backs’ efficacy. For example, because of the internet’s interconnected nature, it is difficult to ensure a hack back will only target one’s intended intruders. Sadly and not surprisingly, many hackers will realistically just become savvier about hiding their exploits because of ACDCA legislation. Legalizing hacking back may not fundamentally damage intruders’ abilities to penetrate critical systems.

Also, many private companies are too optimistic about their abilities to find the right intruder through hack backs and may think they have the right hacker through a hack back scheme, but don’t. Even with hack backs, it is very hard to attribute the correct intruder.

So, even if you can hack back your attacker, it may not be the wisest move.

Honeypots

Honeypots are an increasingly popular ACD method that are less aggressive than hack backs. Honeypots create decoys placed within one’s networks with fake information and simulated software that encourage hackers to infiltrate. Once a hacker enters a honeypot, they are used to gather information on the attacker.

They can be quite effective. However, they are also resource intensive and if employed on a WiFi network, can be difficult not to encourage others to fall for the decoy as well.

Beacons

While honeypots are good at identifying who is attacking a given system, it does not follow their behavior once they’ve left the honeypot. Here, beacons enter.

Deploying marketing techniques like cookies, a web beacon contains a web link that can be embedded in various real documents without probably being noticed. Once the intruder clicks on the web link, a company’s servers gather information about the hacker, including their IP address, operating system, and other important details.

Thankfully, beacons are also legal.

White worms

White worms bring the idea of beacons one level further: Malware (known as “white worms” for their beneficial purpose) is actually infected into an intruder’s systems. While a lot can be learned from deploying such malware, the consequences are significant, particularly if uninvolved individuals are affected. For this reason, white worms are not commonly implemented.

Address hopping

For private companies with a lot of cash at hand, address hopping is another effective and legal ACD strategy. As a security researcher at ETH Zurich details, a company’s IP address is changed on a regular and random basis while data is transmitted. This makes a hacker need to search for a company’s data packets constantly. It is a strategy adopted from military communications where radio frequencies were regularly changed to throw off enemy forces.

In short, beyond hack backs and white worms – which are largely illegal or problematic – private companies can deploy legal and effective ACD tactics such as honeypots, beacons, and address hopping. Even if the ACDCA passes, financial services companies may still prefer to use these strategies rather than hack back.

Featured

  • Security Industry Association Unveils First-Ever U.S. Economic Impact Study

    The Security Industry Association (SIA) has unveiled the first-ever national economic impact study on the security industry, highlighting the positive impact the security industry has on jobs, wages and federal and state revenue in the United States. The study, conducted by Florida-based John Dunham & Associates, uses the most current methodology and data available from 2024. Read Now

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3