Hacking back is a terrible idea, but companies are still keen to try it

Benjamin Howell, Getty Images
Tired of being attacked by cyber criminals, some organisations are keen to take the fight back to the hackers. But the risks of ‘hacking back’ are likely to be much greater than any potential gains.
Hacking back against an assailant — perhaps tracking down the systems they are using and either deleting the information they stole or disabling the computers — is currently illegal. But a new survey from Fidelis Cybersecurity has discovered that companies think they have the capability to respond more aggressively to hacking attacks, should they so wish.
Over half of respondents said that companies should be able to hack back, and that their organisation had the technical ability to identify an intruder, infiltrate their systems and destroy any data that had been stolen after a cyber attack.
And over half of executives said that, if it were legal, they would rather hack back to get the decryption keys after a ransomware attack than pay the criminals to regain access to their data.
Despite believing they could take the fight back to the hackers, in reality most businesses don’t have those skills, said Andrew Bushby, UK director at Fidelis Cybersecurity. Top concerns about such a strategy include issues around attribution — identifying the actual perpetrator — and the risk of collateral damage, according to the survey.The risks of hacking back
Image: Fidelis
Indeed, if companies were financially liable for any damage caused to innocent computers as part of hacking back, 63 percent of execs said their company would be less likely to attempt it, although a gung-ho 15 percent said they would still give it a go.
This is not an entirely academic discussion: in the US, the Active Cyber Defense Certainty Act — currently in draft — would make it legal for hacking victims to return cyber-fire.
The draft law argues that “as a result of the unique nature of cybercrime, it is very difficult for law enforcement to respond to and prosecute cybercrime in a timely manner, leading to the existing low level of deterrence and a rapidly growing threat.”
Under the proposed law, it would be legal for a defender — the victim of persistent unauthorized intrusions — to use “active cyber defense measures” to access the systems of the attacker to gather information for law enforcement, or to “disrupt continued unauthorized activity against the defender’s own network”.
But companies hacking back would not be allowed to “intentionally” destroy information that does not belong to them or “recklessly” cause physical injury or financial loss, or create a threat to the public health or safety. Companies hacking back could not go near government systems either, and would have to notify the FBI before they did anything.
The draft US law also notes that “computer defenders should also exercise extreme caution to avoid violating the law of any other nation where an attacker’s computer may reside.”Recipe for disasterIt’s frustrating that cyber criminals can operate with apparent impunity. But even with the caveats in the law it’s hard to see that allowing victims to try to hack back would be anything other than a disaster.
手机应用携带广告愈发威胁用户隐私,侵略性广告比恶意应用普遍得多,手机制造商、运营商、软件开发商、广告商和网站服务商都可能偷窃用户的隐私。

Hackers don’t launch attacks from their own systems; they find some unsecured servers and use them as a staging post. They might route their campaign through dozens of different systems across the world before finally arriving at the network they really want to attack.
Following hackers back through that labyrinth can take days or weeks, and often the trail goes cold. Hacking back could also ruin the digital forensics needed by law enforcement agencies to actually catch the criminals involved.
It’s easy to come up with scenarios where hacking back goes badly wrong. What if a company chasing hackers comes across the stolen secrets of one its main competitors, for example? What if hackers use the systems of a hospital (or a power station) as a staging post for their attacks, and pursuers accidentally damage or destroy medical records (or safety systems)? What if the hackers turn out to be backed by a nation-state: could hacking cause an international incident or instigate a cyberwar skirmish?
Improving IT security should be the priority: many cyber attacks only succeed because companies have failed to patch known vulnerabilities in their systems, or have failed to adopt basics like two-factor authentication. More money to investigate cyber crime would help too. But giving victims the ability to hack back is only likely to exacerbate the situation.
READ MORE ON CYBERSECURITYGovernments and nation states are now officially training for cyberwarfare: An inside lookThe new art of war: How trolls, hackers and spies are rewriting the rules of conflictInside the secret digital arms race: Facing the threat of a global cyberwarThe undercover war on your internet secrets: How online surveillance cracked our trust in the webThe impossible task of counting up the world’s cyber armies
Related Topics:
Security TV
Data Management
信息安全宣传动画不要随意将内网主机外
为了防止忘掉锁定电脑而带来的安全隐患,您需要设定屏幕保护的时间和启用屏幕保护密码。

猜您喜欢

借力“软件正版化”强化软件资产及信息安全管理工作
安全事故之后的安全流程评审
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
全民讨论押金挪用 专业人士指出摩拜与ofo两大疑点
MOI-GODA E-READING
安全口号标语的效力和宣教突破