Should you ever “hack back”?
When hackers strike, it’s never pretty. Businesses are disrupted, customers lose faith, the brand suffers. And when it happens more than once, I.T. departments (and their superiors) start to ask more pointed questions. The issue shifts from “why did this happen?” to “what can we do to stop this?”
That’s when some people start to think outside the box. The hackers got us, so why not reach out and get them? Isn’t the best defense a good offense? In other words, why not take the initiative? Why not “hack back”?
It’s tempting. Nobody likes to feel impotent when the security of their business is at stake. Companies want to just do something – anything – to get a leg up on their cyber adversaries. Yet the overwhelming consensus among lawyers, cybersecurity experts, and law enforcement officials is that hacking back is a supremely bad idea.
Why shouldn’t we “hack back”? Here are a few reasons:
It probably isn’t legal
There are laws against hacking back – the main statute in the United States is the Computer Fraud and Abuse Act, which prohibits unauthorized intrusions into any system. Another pressing legal issue concerns the location of the hacker’s server. If it’s in another country, that adds a whole new layer of legal complication and uncertainty. With the complexity of today’s cloud systems, it may not be clear where hacks are really coming from.
We have people for that
You may not be able to hack back on your own, but the government has both the resources and the legal authorization to do so under certain circumstances. Working with law enforcement is the best way to reach out and touch the criminals who are breaching your systems. They know what they’re doing, and they have the law on their side. Let them do their jobs.
Collateral damage is an issue
Say you’ve identified the exact computer that is to blame for all your cyber troubles. The instinct is clear – this is it! Go get it! But how do you know that it’s really the computer of your specific hacker? The short answer is: you don’t. Hackers commandeer computers of ordinary citizens all the time. Destroying the data of someone’s computer who simply wasn’t involved won’t help anyone. A corollary: you never really know who you’re hacking back, so why assume?
If we shouldn’t hack back, then what should we do exactly? What’s the alternative? There’s really one main way to handle this.
Use that energy on a stronger defense
Hacking back uses up I.T. resources which would probably be better spent elsewhere. Given the spotty record of hacking back, in the end it makes a lot more sense to shore up your defense. The lesson of multiple hacking incidents should be even clearer – closing the loopholes in your systems will be far more effective in the long run than defeating the hackers who got you the last time.
Want to build a strong cyber defense? ECHO can help.