To Hack Back Or Not To Hack Back?

dinscott writes "If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you. But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to 'hack back.'"

No

Bad idea.

Re:No

[jellomizer]

For the most part the people who are hacking into you isn't that personal, you are just an open system with the vulnerability. Hacking back will not do too much except for making it personal. If you want to solve the problem you will need to redo your security.

Besides most hackers will jump from system to system to make it hard to detect. I remember trying to trace a hacker back, I gave up after going into 3 or 4 systems across the globe. Realizing that I could part of the problem not the solution I gave up. And then went on improving security.

Re:No

[stewsters]

This. Working for your business is not worth getting thrown in jail for, and its open season on hackers.

Some ideas of what you can do:

• Cleanse anything that goes into a database. Get a model layer that does this for you.
• You probably don't use UNION or similar keywords but they are used by hackers extensively. We built our own code to search for these keywords and tarpit them.
• If they are all coming from some small IP block in China, block it. Minimal loss in business.
• If they are running automated vulnerability scanners, you could add pages to blacklist their hosts as soon as they try to hit default administration pages for wordpress on your site.
• If its just password guessers, block them. Use ssh keys.
• Nmap the hosts that are targeting you. Most likely they are someone's compromised windows xp machine.
• Report them to the FBI: http://itsecurity.vermont.gov/Report_Crime

If all else fails, go on 4chan and post "OMG i just made the most secure site evar! Address is ${offender's IP} I bet no one can hack my site and take my bitcoins. "

Good thing..

[thisisnotreal]

Things like this never escalate. I keep seeing and feeling in so many ways how delicate this all is...and we keep hammering on it. As. Hard. As. Possible.

Vigilantism is not a new concept

What you're advocating, quite plainly, is that if you break into my house and steal something, that I can then break into your house to take something from you. The law is quite clear on this. As long as hacking into and stealing resources is illegal, you doing the same is just as illegal. Get a Rottweiler and a home alarm and sign up for personalized security patrols. In essence that is what you can do with regards to your electronic resources.

Re:Vigilantism is not a new concept

[HockeyPuck]

If someone breaks into my house I can shoot them thanks to castle laws, there is no digital equivalent other than hacking them back.

You cannot get in your car, drive to their house and then shoot them, as you are nolonger being threatened by said intruder. Hacking back is exactly that. You've been attacked and then you retaliate after the fact.

Typical conditions that apply to some Castle Doctrine laws include (from wikipedia):

        - An intruder must be making (or have made) an attempt to unlawfully or forcibly enter an occupied residence, business, or vehicle.
        - The intruder must be acting unlawfully (the Castle Doctrine does not allow a right to use force against officers of the law, acting in the course of their legal duties).
        - The occupant(s) of the home must reasonably believe the intruder intends to inflict serious bodily harm or death upon an occupant of the home. Some states apply the Castle Doctrine if the occupant(s) of the home reasonably believe the intruder intends to commit a lesser felony such as arson or burglary.
        - The occupant(s) of the home must not have provoked or instigated an intrusion; or, provoked/instigated an intruder's threat or use of deadly force.

Re:Vigilantism is not a new concept

[Trepidity]

The justification for shooting an intruder in your house is self-defense, since you might reasonably fear for your life if someone's broken into your house (especially if they're armed). The purpose is not to authorize vigilante retaliation or punishment. Therefore, if the person isn't in your house anymore, there is no longer a justification for shooting them.

Actually, even if your house you shouldn't shoot them unless you actually do fear for your life and it's truly self-defense. Not all states require you to prove that (partly due to worries over whether it's possible to prove), but you are not supposed to shoot someone just because you can get away with it.

the question was posed wrong

[ganjadude]

The real question is what to do when our own government is the one "hacking" our pages

Re:Well, sure

[DougOtto]

No, but three lefts do.

Bad Idea.

[wjcofkc]

What if the hacker is already attacking from a computer that is not theirs. Firing back would make you no better than them.

Cowboy analogy

[Hentes]

After the flawed warfare analogy of the military, we now have a flawed cowboy analogy. How can these people be that shortsighted, everyone knows that the internet is like cars.

Are you SURE it was that party?

[mlts]

With the fact that compromised hosts are the first thing an intruder has between them and their target, how can one be sure that the host attacking them is malicious, or just a compromised box being used as a proxy or launching point for attacks?

If it was a compromised box, and it gets retaliated against, there might be a chance that the IDS/IPS system on the compromised network will log the back-strike, which can easily mean civil/criminal charges.

My take: Block them at the router for a couple days and go on. Trying to "counter-hack" can get one in a world of hurt.

Put it in real life terms

[MozeeToby]

Someone breaks into your place of business, what are your rights? You can bar the door, obviously. You physically intimidate them into leaving sure. You can shoot them... well... if you're in danger and can't get away (or even if you can in some places)... and you have the right to own the gun you're shooting... and well, you better be able to explain yourself.

What you can't do is follow them home and smash their stuff. And you really, really can't start an international incident, that kind of thing is looked down upon.

Re:Well, sure

[Mattcelt]

And two Wrights make an airplane.

Just don't do it.

[Minwee]

Why? Not because of any failed cowboy analogy, or belief in how the wonderful rule of law will solve all of our problems for us, but for this one simple reason:

I don't trust you, or anybody, to be able to identify who is attacking you, or even to correctly determine if you are even being attacked at all. Do you need a car analogy? Giving people blanket authorization to strike back at their virtual attackers is like handing Dilbert's boss a rocket launcher and asking him to do something about the lack of available spaces in the office parking lot. If you believe that your network is being attacked and feel the need to strike back at the perpetrators, then please:

• 1) Keep it in your pants. Nobody is really impressed by that, and
• 2) Collect evidence, read your logs, make an actual effort to figure out what is going on, and then forward that information to the appropriate responsible parties, and finally,
• 3) Let them investigate and deal with it.

I can't promise you that this will _solve_ your problem, but it will give you some time to cool down, realize that your original reaction was based on faulty and incomplete evidence, and keep you busy for a few hours doing something useful instead of being part of the problem.