US 'hacking back' law could create a cyber wild west of vigilantism

Security experts give their views on the Active Cyber Defense Certainty Act.

In the ever-changing world of security, one thing never changes: the hackers attack, and businesses defend. Given the structure of legal systems around the world, this is how it’s been for decades. But one US Congressman is looking to change the rules to give businesses the option to strike back and hack the hackers.

 

ACDC – I’m hacking back

The Active Cyber Defense Certainty Act (ACDC) currently being proposed would enable individuals and companies to conduct retaliatory attacks to delete stolen information and gain intel on the perpetrators.

The bill, put forward by US congressman Tom Graves, would amend the Computer Fraud and Abuse Act (CFAA) of 1986, which currently prevents any sort of offensive measures being taken to stop or retaliate against hackers. The ACDC act, however, would give individuals and companies legal authority to ‘leave their network in order to establish attribution of an attack, disrupt cyberattacks (without damaging others’ computers), retrieve and destroy stolen files, monitor the behavior of an attacker and utilize beaconing technology which would return information around location of infiltrated devices.’

Our annual poll to find out what security professionals think the single biggest security threat of next year will be: What will be the single biggest security threat of 2018?

“The status quo is unacceptable right now. This is really about allowing individuals and companies the right to defend themselves in an active manner, but it’s very limited,” he told CNN Tech. “We already deal in the wild west, and there’s a lot of outlaws out there but we don’t have a Sheriff.”

To continue reading this article register now