The 'Self-Defense' Bill: Cyberattack Victims Could Hack the Hacker

Here's something you don't see every day. A new bill introduced by Rep. Tom Graves, a Georgia Republican, gives permission to hacking victims to hack their aggressors; something we are calling 'back hacking'. Will this become the lex talionis of the digital age? Will cyber victims transform into digital vigilantes? Or will law of retaliation lead to more chaos online?

Below we look at the new proposal and the possible consequences we may see because of it. Want to raise your cybersecurity awareness? Check in with CyberPolicy every week to learn about the latest news!

An Eye for an Eye
In theory, the Active Cyber Defense Certainty Act empowers targeted users to use "limited defensive measures that exceed the boundaries of one's network" to identify or stop digital attackers.

According to Graves, "This bill is about empowering individuals to defend themselves online, just as they have the legal authority to do during a physical assault... Current law essentially leaves individuals and businesses defenseless if their anti-virus software fails. I want that to change."

But there are some major concerns about this idea:

  • What if innocent people are caught in the crossfire? Hackers often employ malware-infected computers or a botnet to levy their attacks. If a victim retaliates against the attacker, they may hit an innocent and unaware intermediary (another victim) rather than the malicious originator.
  • What if 'back hacking' is illegal outside of the U.S.? Not all cybercriminals live in the States. What happens if your strike your attacker and violate cyber law in a foreign country?
  • Who deems 'back hacking' as a legitimate use of force? This bill could protect hackers from prosecution since they could argue their attempts were meant to aid law enforcement rather than to enact harm.
  • What if the 'back hacker' uses unsavory tactics to avenge their network? While many hacker tools are legal and available, some take advantage of malware-infected computers, corrupted software or security gaps that could do more to spread viruses and malware than anything else.
  •  

This bill could also open victims to further harm. Cybercriminals, especially script kiddies, are known for being dedicated and vindictive. The spirit of this can be seen in the credo of hacktivist group Anonymous: "We do not forgive. We do not forget. Expect us."

In fact, Aaron Barr, the former CEO of security firm HBGary Federal, spent a month tracking down members of Anonymous in hope of exposing its leaders and internal structure. The project was hardly successful and resulted in a slew of attacks that cost HBGary millions of dollars and damaged pending acquisitions with potential buyers.

"The attackers are quintessentially Anonymous: young, technically sophisticated, brash, and crassly juvenile, all at the same time," writes Ars Technica reporter Nate Anderson.

Ask yourself, would you want this to happen to you or your company? It's very possible that the cybercriminals you target are more adept at launching attacks and causing chaos than you are.

Instead of inciting a flame war with hackers you don't know, take a moment to invest in a cybersecurity insurance from CyberPolicy. It's a far better way to defend your digital assets from data breach and cybercrime. What are you waiting for? Get your free quote now!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375