First let’s have an explanation about what “hack back” actually means. Hack back means to attack a computer that is attacking you. It seems to put power back into victims’ hands. As revenge is a common feeling inside us, hacking back would give us the same feeling of revenge and might make us calm. But is it a good idea to do this?
Victims would be legally allowed to access the system that has attacked them, after notifying authorities. They can take action and delete or recover the stolen information. Hacking back can have unintended consequences. No one can predict the effect of his/her actions on the system which seems at-fault. As an example, you don’t know what that at-fault system is. Is it a medical device? or a mission-critical to an organization? Mostly, these attacks are performed from malicious hackers that might use systems of unsuspecting consumers or organizations. So it doesn’t seem that much simple to hack back.
ACDC (Active Cyber Defense Certainty) would make it legal for you to access your data which has been stolen or bombard the server to stop its ongoing attack. There are some limitations on what can be considered an “active cyber defense measure.” To be active defense, the measure should help identifying the attack, stop an ongoing attack, or monitor the attacker’s behavior in order to develop better defensive methods. On the whole, hacking back won’t be efficient; let’s see why.
5 reasons not to “hack back”
Are hacking victims “hacking back”? As I mentioned above, doing this illegally without permission would have unintended consequences. If you still want to do this action please consider the 5 reasons below. Also keep in mind these 3 points here:
Do not hack back until:
- You’ve tried active deception.
- Making sure about your network defenses and their protection against counter-attack.
- You are legally permitted.
It is illegal to distribute codes designed to access a system that doesn’t belong to you. Those who have been victimized by malicious hackers are the most angry people that might be eager to hack back. But i respectfully suggest not to do this, because being convicted of a crime is much more annoying than being hacked. The legitimacy of striking back depends on many factors, any one of which might put you on the wrong side of the law.
It leads to a dark place
Criminal activity targets those least able to strike back. As an example imagine that a large bank that makes much in profits, decides to hack back at criminal hackers. In this case criminals try to attack smaller banks which can not afford counter strike tools.
Surely it is better to control your anger over being hacked and hope that a better and bigger law enforcement response to cyber crime.
You’re not tough enough
Ask yourself: Am i sure there are no other weaknesses like the one which led you to be hacked? Always keep these 2 points in your mind: First, defenders should get things completely right, but attackers trying to find out one hole to penetrate your system. Second, believe that attackers can marshal more resources than you.
It is a known problem, which means you may not get much sympathy if you hack back at the wrong person because you messed up the attribution. In other words, if you have enough evidence to prove who is attacking you, why not take legal action for law enforcement?
It doesn’t solve the problem
What would you gain if you hack back at a person who has hacked into your network? Are you sure that is the end of that threat? what should you do to stop other attacks from someone else?
More importantly, hacking back doesn’t bring us closer to the desired goal of a well-ordered Internet governed by rules of behavior that are enforced by appropriate authorities.
Leave a comment and let me know whether you agree or disagree with any of the points above.