Joseph Menn wrote a very interesting article for Reuters on retaliation against hackers. Noting that US companies are "frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants," the article explained how companies are using hackback technology to level the playing field. As you can probably guess, hackback is when you hack the hacker. I love the idea of hackback because it's quick, effective, avoids lengthy prosecutions and evidentiary collection problems, and provides that satisfying warm glow of revenge. Unfortunately, hackback carries a host of problems: you have to be concerned about attribution and you have to question whether you want private companies destroying private computer systems. It also doesn't help that the process is probably illegal under the US anti-hacking statute.
All that aside, I still love the idea of hackback. The Reuters article mentioned a few interesting techniques, including wasting the hackers time by using bogus files and installing "beacons" in legitimate files that transmit from the hacker's computer.
Regardless of the practice's legality, it's definitely going on. Perhaps we should legalize it and closely regulate it?
Leave a Reply