Change the game: Hack the hackers

Revenge. It’s generally not a wise choice, but it does seem to be a natural, visceral response to being attacked. When it comes to malware and cyber attacks, there is a growing push to stop being passive victims, and return fire. There are some legal and ethical issues, though, when it comes to attacking another party–even if the motive seems justified.
I wrote a post about the ethical questions related to active countermeasures–hacking the hackers:
Businesses and individuals are getting fed up with always being one step behind cyber criminals and constantly playing defense. In an attempt to be more proactive and shift the dynamic, some security experts are now advocating active countermeasures—basically attacking the attackers. While getting revenge has a nice ring to it, becoming an attacker raises a number of ethical issues.

Bruce Heiman, a partner with K&L Gates LLP, presented a session at the 2014 RSA Security Conference titled “Cyber Vigilante or Self Defense?” Heiman discussed the challenges facing businesses and consumers and the moral and ethical dilemma of turning the tables on the attackers.

The session began by claiming there are only two kinds of companies—those that have been hacked, and those that have been hacked but don’t yet realize it. Heiman pointed out that the odds greatly favor the attacker because a target must defend against all possible exploits and attack vectors, whereas the attacker only has to find one weakness to compromise your system.

The traditional defenses involve prevention, mitigation, and collaboration. We use firewalls and antimalware software in an attempt to block threats, we respond to security incidents and attempt to minimize the damage and return to normal operations, and in some cases, we involve outside security vendors or law enforcement to help with a forensic investigation to determine how the attacker got in. [inlinetweet prefix=”” tweeter=”” suffix=””]The problem is that the entire model is reactive and always gives the attackers the first move[/inlinetweet].

You can read the article on the RSA blog: Getting Revenge: The Ethics of Active Countermeasures.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post