Hacking back

Hacking back is a technique to counter cybercrime by hacking the computing devices of the attacker.

The effectiveness[1][2][3] and ethics of hacking back are disputed.[4]

It is also very disputed if it is legal or not, however both participating parties can still be prosecuted for their crimes.

There was a bill proposed in 2017[5] to make this possible, ended consideration in 2019[6]. In 2022 it reappeared.

Official Title as Introduced: Active Cyber Defense Certainty Act

To amend title 18, United States Code, to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes. Namely, Section 4: Exclusion from prosecution for certain computer crimes for those taking active cyber defense measures.

The term ‘active cyber defense measure’— means any measure— undertaken by, or at the direction of, a defender; and consisting of accessing without authorization the computer of the attacker to the defender’s own network to gather information in order to— establish attribution of criminal activity to share with law enforcement and other United States Government agencies responsible for cybersecurity; disrupt continued unauthorized activity against the defender’s own network; or monitor the behavior of an attacker to assist in developing future intrusion prevention or cyber defense techniques.

The term ‘defender’ means a person or an entity that is a victim of a persistent unauthorized intrusion of the individual entity’s computer.

GENERALLY.— A defender who uses an active cyber defense measure under the preceding section must notify the FBI National Cyber Investigative Joint Task Force and receive a response from the FBI acknowledging receipt of the notification prior to using the measure.

REQUIRED INFORMATION.— Notification must include the type of cyber breach that the person or entity was a victim of, the intended target of the active cyber defense measure, the steps the defender plans to take to preserve evidence of the attacker’s criminal cyber intrusion, as well as the steps they plan to prevent damage to intermediary computers not under the ownership of the attacker and other information requested by the FBI to assist with oversight.

Further reading

  • Lahmann, Henning (2020). "Hacking Back and International Law: An Irreconcilable Pair?". Verfassungsblog: On Matters Constitutional. doi:10.17176/20200716-235806-0. Retrieved 2022-09-25.

References

  1. ^ Kassner, Michael (2021-09-21). "Is hacking back effective, or does it just scratch an evolutionary itch?". TechRepublic. Archived from the original on 2022-11-23. Retrieved 2022-09-25.
  2. ^ Nachreiner, Corey (2022-01-28). "The pros and cons of the proposed hack back bill". SC Media. Archived from the original on 2022-09-25. Retrieved 2022-09-25.
  3. ^ Rundle, James (2021-10-18). "Cyber Private Eyes Go After Hackers, Without Counterattacking". Wall Street Journal. ISSN 0099-9660. Archived from the original on 2024-09-01. Retrieved 2022-09-25.
  4. ^ Holzer, Corey T.; Lerums, James E. (May 2016). "The ethics of hacking back". 2016 IEEE Symposium on Technologies for Homeland Security (HST). pp. 1–6. doi:10.1109/THS.2016.7568877. ISBN 978-1-5090-0770-7. S2CID 27913483.
  5. ^ Rep. Graves, Tom [R-GA-14 (2017-11-01). "Text - H.R.4036 - 115th Congress (2017-2018): Active Cyber Defense Certainty Act". www.congress.gov. Retrieved 2026-03-11.{{cite web}}: CS1 maint: numeric names: authors list (link)
  6. ^ Rep. Graves, Tom [R-GA-14 (2019-06-28). "Text - H.R.3270 - 116th Congress (2019-2020): Active Cyber Defense Certainty Act". www.congress.gov. Retrieved 2026-03-11.{{cite web}}: CS1 maint: numeric names: authors list (link)


This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.