What do you think about this proposed legislation?
House Bill Would Allow Cyber Attacked Victims to Hack Back
“A bipartisan bill introduced in the House Friday would allow targets of computer hacks to "hack back" and destroy what information of theirs was stolen.
… [the bill] would decriminalize retaliatory hacking by allowing victims, individuals or large companies, to retaliate against their hackers -- and steal back or destroy the information that was taken…”
What do you think?
Is this something that should be legalized or encouraged?
What do you think are the ethical implications?
I like the idea but am sure that it will create a whole new set of issues and concerns legally. What type of position would you be put in if your company were to make a mistake and actually do harm to someone's system while attempting to perform said attack back? For example if someone were to make it appear that the attack against your network were coming from another source and you attack that source and cause damage legally you would be accountable for the damage.
This may be a perfect case of "the law of unintended consequences". I think there's too much that can go wrong here.
I sure hope this bill gets adequate hearings before any votes take place.
No it’s at best counterproductive and is likely to cause attackers to up the ante, as they see it as a direct challenge. Additionally what about those cases where the apparent source of the attack is not the real source, ie spoofed packets, compromised machine in someone’s network...
Very bad idea. Several other replies note several reasons including being unsure of who actually has your data, due to attacks being launched via 3rd parties. Based on was I've seen of the bill so far, it essentially allows a victim to hack back and destroy the data that was illegally taken from them. Even if we assume they find the right perpetrator, what happens if they damage more than their data? Are they now open to criminal prosecution?
That's just one reason this is bad...
The entire topic is a conduit that requires some careful consideration.
It should not be prohibited for an entity to protect themselves. Not all entities are mindful of the escalation they are opening up should they invoke the "hack back" option. Possible retribution by the attackers. The victim the hackers attacked initially could come out much worse for the wear if they are not fully prepared for and aware of the arena they are entering.
Technologically speaking, is the victim knowledgeable enough to leverage a focused counter-attack without generating collateral damage? Keep in mind that many attackers are not leveraging attacks from their own systems. They are using or flowing through compromised systems belonging to others. Now, in a counter attack, who are you really shutting down?
The "hack back" option certainly should not be applied by everyone. But, should it be prohibited for them to defend themselves, No.