Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 09, 2013

Hacking back: Digital revenge is sweet but risky

Whether criminals are hacking our passwords, or Anonymous is simply making a statement, the disruptions and data breaches exact a heavy toll in terms of time, money, and security.How that digital revenge is wreaked, and whether any of it is legal, are issues being actively debated right now—to the extent that anyone wants to talk about it, let alone admit to trying it.  Hacking back at a cyber-assailant is tempting, but it’s just as illegal as the original cyberattack.


This law has undergone numerous revisions since it was first enacted in 1986, but Title 18, Sec. 1030 is clear on the point that using a computer to intrude upon or steal something from another computer is illegal. “There is no law that actually allows you to engage in an attack,” says Ray Aghaian, a partner with McKenna Long & Aldridge, and a former attorney with the Department of Justice’s Cyber & Intellectual Property Crimes Section.“

According to Ahlm, the companies tracking the bad guys collect vast amounts of data on Internet activity and can hone in on specific “actors” who engage in criminal activity. “Without touching or hacking the individual, they can tell you how trustworthy they are, where they are, what kind of systems they use,” says Ahlm.

While private companies cannot take offensive action with any such intelligence, they can use it defensively to thwart suspicious actors if they’re found to be sniffing around company data. “Based off your intelligence of who’s touching you,” says Ahlm, “you can selectively disconnect them or greatly slow them down from network access.”

In the grand scheme of fight-back tricks, this is one that causes relatively little harm but does a lot of good,” says Matthew Prince, co-founder and CEO. This company drew raves—as well as criticism—for creating a way to spam back at spammers, clogging their systems and preventing them from sending out more spam.

Hacking back can also have unintended consequences, such as damaging hijacked computers belonging to otherwise innocent individuals, while real criminals remain hidden several layers back on the Internet.



Posted on 05/09