As cyber crime continues to vex businesses of all sizes, there is a growing sentiment among some businesses to go on the offensive. Known as “hacking back,” the idea is to launch a counter-attack against digital criminals who break into your network.
Born out of frustration over incessant attacks and a sense that defensive measures are inadequate, hacking back supporters look to the tactic as one of the few they have that could actually deter future breaches.
But fighting fire with fire, in this case, isn’t that simple. The Computer Fraud and Abuse Act of 1986 prohibits intrusion into another person’s computer. So directly hacking a hacker could land you in jail, though according to the Wall Street Journal, one former Justice Department official was unaware of any company being prosecuted for hacking back.
Companies that might be engaged in hacking back want to avoid publicity, both for legal reasons and to keep cyber criminals in the dark. Thus, it is impossible to know to what extent hacking back actually occurs.
A report by the Commission on the Theft of American Intellectual Property recently recommended a softer approach, arguing that victims “ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.”
One way this can be done is by creating a program within your data that will send a trace signal back to you if it is stolen, so you can find the criminal’s server. This would potentially help law enforcement officials track down the perpetrator. But it’s unclear if this is legal.
Another idea that falls into the gray area of the law is to make the data self-destruct or otherwise become unusable if it leaves the safe confines of its home server. Think of this as a digital equivalent to the plastic clips attached to expensive articles of clothing, that only the cashier can remove.
Because hackers often use computers that belong to innocent victims to carry out their cyber assaults, there is also a real concern that companies that hack back could target computers of other victims, compounding the problem.
Furthermore, explains PCWorld, targeting a hacker could just result in him going after your company more aggressively than he would have otherwise. And, keep in mind that the people on the receiving end of a hack back attack are criminals who need to be dealt with by law enforcement.