Hacking Back
There’s a really interesting paper from George Washington University on hacking back: “Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats.”
I’ve never been a fan of hacking back. There’s a reason we no longer issue letters of marque or allow private entities to commit crimes, and hacking back is a form a vigilante justice. But the paper makes a lot of good points.
Michael P • February 13, 2017 7:07 AM
We no longer issue letters of marque because modern navies are effective enough to deal with the problem instead. We do have private military companies, though.
Depending on how you define “allow”, US governments have either never allowed private entities to commit crimes, or always have and still do.
In particular, we do allow private entities to defend people and/or property with actions that would be crimes in practically any other circumstances. Shop owners can detain suspected shoplifters, a “citizen’s arrest” is allowed in many other circumstances, and of course armed defense — even extending to the use of lethal force — is allowed in a variety of circumstances that vary by jurisdiction.
So it’s both overly broad and legally irrelevant to say that we don’t allow people to commit crimes. That factual error detracts from whatever distinction one is trying to make between offensive and defensive hacking. Why do we allow people to take proportionate defensive countermeasures in the physical realm, but object to countermeasures in the digital realm? If someone being DDoS’ed seizes control of the botnet to uninstall the bot software, is that morally wrong? What if they also patch the security problem(s) that the botnet exploited?