Georgia Representative Tom Graves proposes that victims of cyber attacks should be allowed to “hack back” in defense.
Engadget reports that Tom Graves (R-GA) has suggested that individuals and companies that are victims of cybercrime should be allowed to “hack back” and “hunt for hackers outside of their own networks.” The congressman is working on proposing the Active Cyber Defense Certainty Act, which would make certain cybercrimes legal if done with the intention to secure cyber defenses.
The bill would allow victims that believe that they’re under attack to go on the offensive against suspected hackers, allowing them to attempt to infiltrate the perpetrator’s network. However, early reports state that the bill “includes caveats such as you cannot destroy data on another person’s computer, cause physical injury to someone or create a threat to public safety.”
A senior security researcher at Kaspersky Lab, Brian Bartholomew, told Engadget, “While the proposal’s intent is to make it more difficult for an attack to be successful, it also raises major concern within the community.” He claimed that “it’s impossible to contain what data the victim touches when they’re hacking back, destroying the bill’s rule that victims only mess with their own stolen property.”
Batholomew also said that chain-of-custody preservation is a huge concern even if cyber attack victims alert police of their plans to retaliate. “Providing a ‘plan of action’ is a far cry from possessing the proper training or legal expertise on how to preserve evidence that will be upheld in a court of law,” he stated. “It is only a matter of time until the first criminal is prosecuted and evidence [is] thrown out due to improper chain of custody or documentation.”
In September the Ethics + Emerging Sciences Group at Cal Poly published a report called “Ethics of Hacking Back.” The group’s director, Patrick Lin, Ph.D., questioned the effectiveness of hacking in retaliation. “Currently,” Lin said, “there is no self-reporting of hacking back because the practice is presumed to be ‘likely illegal,’ according to the U.S. Department of Justice.”