It’s easy to understand why organizations and individuals would be compelled to strike back — or “hack back” — against cybercriminals who launched successful attacks on them. And in fact, pursuing such countermeasures is a very typical response.
The Harvard Business Review recounts a recent cybersecurity competition where students were given a number of options for responding to a fictional Chinese-led cyber attack. Most decided to pursue aggressive response tactics involving counterattacks.
In the model cyber conflict, student participants inadvertently started a war. And some experts worry that if organizations or government agencies pursue such tactics in the real world, they could find themselves escalating a conflict to a similar degree.
The potential for escalating international conflict has been one argument against a proposed bill that would make legal certain “hack back” methods that are currently in violation of the Computer Fraud and Abuse Act (CFAA). Industry veterans are highly concerned about a number of other potential consequences of the legislation, including …
– The bill could give rise to a form of cyber-vigilantism aimed at exacting revenge.
– It would cause damage to innocent third parties whose systems were used in cybercriminals attacks.
– It would fail to aid in efforts to recover from an attack, and take time away from more lucrative pursuits.
– It may lead to the incriminating of the wrong parties, due to the deceptive and rapidly evolving nature of hacking.
These are only a few of the potential flaws in a cybersecurity approach centered on organizations trying to bring cybercriminals to justice, under the protection of the law. Alternatives abound, and they provide much more viable options for those wishing to take action against cybercriminals.
For those looking to use hackers’ own tools against them, deception technologies such as honeypot servers provide a way for organizations to identify would-be attackers. Those who would like to deploy their hacking talents in the service of a company or agency can do so via penetration testing security systems and making them more difficult to breach. Reconnaissance tactics, like deep web surveillance, can uncover hacking plots before they are launched, allowing an organization to take proactive steps, rather than merely retaliating.
For more information on these tactics, and many other options that Lunarline offers to our clients, contact us online today.