Slashdot Mirror
Congressman Proposes Organizations Should Be Allowed To 'Hack Back' (engadget.com)
Engadget reports:
Representative Tom Graves, R-Ga., thinks that when anyone gets hacked -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking back" easy-breezy-legal believes it would've stopped the WannaCry ransomware. Despite its endlessly lulzy acronym, Graves says he "looks forward to formally introducing ACDC" to the House of Representatives in the next few weeks... The bipartisan ACDC bill would let companies who believe they are under ongoing attack break into the computer of whoever they think is attacking them, for the purposes of stopping the attack or gathering info for law enforcement.
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. "To start with, when shooting back, there's the fundamental question of who to shoot... We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress." And if new retaliatory tools are developed, "How can we be sure that these new weapons won't be stolen and misused? Who can guarantee that they won't be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?"
Slashdot reader hattable writes, "I would think a proposal like this would land dead in the water, but given some recent, and 'interesting' decisions coming from Congress and White House officials, I am not sure many can predict the momentum."
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. "To start with, when shooting back, there's the fundamental question of who to shoot... We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress." And if new retaliatory tools are developed, "How can we be sure that these new weapons won't be stolen and misused? Who can guarantee that they won't be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?"
Slashdot reader hattable writes, "I would think a proposal like this would land dead in the water, but given some recent, and 'interesting' decisions coming from Congress and White House officials, I am not sure many can predict the momentum."
So if Mallory hacks bob, who turns around and mistakenly hacks Alice, who then fights back until Bob and Carol are destroyed. Whom does Carol Sue ?
Nullius in verba
Wasn't there something like this that was actually passed into law? Or at least there was something like this that was proposed and got support last season
let's extend the law so that if someone is breaking into their house, we can break into theirs! gather our own evidence! EYE FOR AN EYE!
... to launch another Iraq War on fake accusation. Look, IP address is such an indisputable evidence!
The monumental amount of stupi-....one of the first things a 'hacker' does when launching an attack is obscure their origins. They use someone else's machine, like a University's, or a Hospital's, or even one owned by the Department of Defense. And you want to hand people a license to f*ck up what they 'think' (and I use that word broadly here) might be attacking them? How is the DoD going to react to Pfizer launching an all out assault on them because they 'think' an attack is coming from some DoD machines?
It takes weeks, months, possibly more to track down the owners of Botnets, from which Distributed Denial of Service attacks may be launched from zombified machines. That requires investigation, international at times.
And we don't need any laws for what is already an illegal practice.
If someone thinks they can set up a c2 channel to something I care about, only that's a trick and I can learn their auth and control codes, why shouldn't I reciprocate?
But is it really going to be any good without Brian Johnson? Can Angus Young fill his shoes?
If not, does that mean when being hacked/spied/wiretapped by a government agency, we can fight back?
When the RNC spams, links to some partisan fake news, and their linked page hosts a malicious ad or simply bad code that resource hogs, we can DoS their ass, since that would impede spread of said malicious code?
Can we go after robocallers too, since they largely use IP networks anyways? Is the FCC fair game if they allow no ring voicemail spamming?
And instead of blocking and rate limiting DoS attacks from bot networks, we can flood everyone's freaking lines in response. And then those networks in turn can respond back. The cascade, the snowball effect would result in one hell of an avalanche.
This is freaking brilliant, and by that, an utterly brain-dead stupid idea.
No one. She's not an organization, she's a peasant.
Viacom could hack you under these rules for "believing in good faith" that you may be suspected of possibly being related to an attack on them, and do whatever they want.
You want to defend yourself from this sudden intrusion and figure out who that was, maybe drag them to court over this illegal hacking?
Yeah no. You're a criminal under the CFAA now.
Active Cyber Defense Certainty Act
There is no certainty in "cyber" defense.
We are on the highway to hell sue them all!
Invitation to be a hacker with no possible penalties? You men the US will stand up and protect uyou if that system you hack back is the Chinese government? Or what if it's AWS? Hack away! Launch a DDOS! Ooooo what's this one? Global Thermonuclear War!
A STRANGE GAME
THE ONLY WINNING MOVE IS NOT TO PLAY.
The big issue isn't the question of who to shoot (what's it matter if you take a while to get them, so long as you get the right people?). It's also not "How can we stop the tools being misused", because the simple truth is that we can't, and that they'll get their hands on tools like this even if we don't pass this moronically-named act.
The real concern is that we're trusting big business to use this appropriately. I can guarantee that it won't. The RIAA and MPAA are probably wetting their pants in anticipation of this so they can start hacking internet users to get their identity and extort money out of them, for example. I'm sure they can manufacture some evidence that they were "hacked first". Companies will also be using it against each other. (Microsoft: "No, honest guv. We saw a hacking attempt from both Google and Amazon simultaneously, with an assist from Apple too. We totally had to hack them back. It's just a coincidence that our subsequent product launches seemed almost to have anticipated our competitors' products." Etc., etc.
Big business can't even be trusted with the tools it already has. It sure as hell doesn't need this one too!
I could laugh at the people of Georgia for voting for Tom Graves DERRR DURRPP I AM FROM GEORGIA I AM FUCKING IDIOT DURRRRRP but truth is every state in the union votes for morons like him. In democracy you get what you vote for.
China laughs and laughs and laughs.
The monumental amount of stupi-..
Yes, it's true. That's why I come nearly every day to correct people as monumentally stupid as yourself. Such epic levels of disastrously misguided thought cannot be allowed to stand without challenge from someone with common sense and logic.
one of the first things a 'hacker' does when launching an attack is obscure their origins. They use someone else's machine, like a University's, or a Hospital's, or even one owned by the Department of Defense. And you want to hand people a license to f*ck up what they 'think' (and I use that word broadly here) might be attacking them?
Here's where you went full idiot. Never go full idiot.
The attacking system is ALREADY COMPROMISED.
Are you really so stupid you think the proposal is about attacking the actual attackers system? Apparently so.
But no, that's not what the proposal is about. It's about being able to hack the ALREADY HACKED SYSTEM to stop it from attacking you. Yes it might be a hospital, bank, government, whatever - it's already screwed, bringing down that system does vast amounts of public good:
1) No more attacks on you - AND on other systems it may have been attacking.
2) Reducing danger to the org with the infected box because now it's not a portal to attack other internal systems (which sadly are already compromised, but it might be a proxy for the control mechanism so still good).
3) Protects the users of those system from possible further spread of viruses or malware.
4) There is a more massive indirect benefit that if systems start going down because of hacking, more companies will take IT seriously, thus over time fewer systems would be compromised to begin with. Currently it does not SEEM like there is much of a problem, because an intruder wants the system to stay online and appear to be working - even as the intruder harms others and gains deeper access.
Any IT department SHOULD *cough*BA*cough* be able to bring up a backup system if the compromised one is taken offline. So while there may be some small outage as a result the overall good to be done is WAY more than the harm you are causing by taking a compromised system offline. You can of course tell a company you are about to take a system offline and let them do something about it if you are kind, but then again they really were not letting themselves get compromised and not detecting it so...
How is the DoD going to react to Pfizer launching an all out assault on them
With gratitude when they find out why. Even if begrudging.
Also of course, while such a law would just allow you to attack compromised system every company would look at where the attack was from and decide if trying to take down the system was a good idea from a legal standpoint - you can be pretty sure a lot of people would be running CYA messages up the flagpole about taking down a system in the military or a hospital. Did you even consider that just because people CAN do something, does not mean they WILL?
That's what I do not get about you state control fanbois, you think because you have no self control it applies to everyone else - including large companies which are the very definition of cautious with any risk.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Wouldn't this give us the authority to hack all those government agencies that have been hacking us for decades now?
I'll create a GUI interface using Visual Basic to see if I can track an IP address.
MY OTHER COMMENTS
Since we know, thanks to various whistle-blowers, that the NSA and other US government organizations have hacked most is not all US citizens, this bill would now give any citizen a reasonable belief they were hacked, therefore a legal right to hack back. Where do I sign?
Socially acceptable and legal are two different things. A couple vigilantes forcing IoT devices to patch or go offline is much different than an IT department having permission to "hack" you. Who knows what they will do.
A better bill would be one that forces the NSA and CIA to attack the malware artists instead of creating the attack code they use.
You know the idea is 2nd amendment level of shitty when you have someone bringing that NRA cow-boy rethorics to the party
>No doubt you'll mod my post down to -1
As it should be, because you are utterly retarded.
More than one person visits Slashdot. It is possible for different people to have different opinions.
Detonate an EMP on their servers. A nuclear EMP. MWAHAHAHAHAHA!!!
Let's see Skynet resist THAT "hack back".
Might as well. I mean lately we are collectively pulling the tiger by the tail with our societal decisions lately.
To quote the late a great Bon Scott we are on the highway to hell... if they pass this law
Most interesting people would just hop to a nice fast, open staging server.
From that they would use the network speed to move a lot of plain text unencrypted US data.
Clean up the logs, drop some really fake code litter, move the data around a few more servers and finally move the data to a safe location.
What is the USA going to see? The ip range of that first staging server...
A totally unrelated set of networks and computers will feel the full force of US cyber "fight back"?
That nation will tell the tech media of the deep penetration efforts by the USA on some vital/special/ISP/commercial server and network.
Most governments also use their other nations domestic ISP networks ip ranges to look around the "internet" and do spy things.
Could be a home user on a modem downloading plain text data from a wide open US server again, or it could be the last hop by some other very distant gov/group.
Does the US want to "fight back" on some ISP in an unrelated nation? To find the next hop to another ISP and nation?
Keep on hacking back and hope the next hack is the real person trying to get the data in front of their own home computer?
The "fight back" won't find the destination, it will just damage some ISP/network/university/brand used in some random nation. Or some easy network in some nation that got hacked for its speed and unexpected ip ranges.
Its not the 1980's with one user, a dial up modem and their home computer entering advanced US networks directly. Even in the 1980's most smart people used a few different educational and private sector networks around the world before their final US network of interest.
A lot of work for brands, companies, educational, medical networks and ISP will have to clean up after the USA attempts another "fight back" as they saw the ip, the network connection and attempted to "stop the attack" with some clicking around on some contractor's GUI.
Domestic spying is now "Benign Information Gathering"
They do not seem to understand technology... or real life, is obvious that this will backfire to anyone, it's like playing russian roulette.... wait, now i think i do understand the joke.
The problem with allowing corps to hack back is that you've only got their word that someone hacked them first. What constitutes a hack attempt and what constitutes an appropriate response comes entirely down to individual interpretation.
I can imagine many if not most companies would use that ruling tactically rather than honestly.
Predictability was thrown out the window. Everything is up for grabs now. What the hell, run with it!
“He’s not deformed, he’s just drunk!”
WE SALUTE YOU!
FIRE!
Does the NSA slurping up all our data count as "hacking"? They're not breaking in through exploits, but if we were doing it they'd still accuse of us being hackers so....
Windows is spyware. Which is a form of malware...
Really this seems like an excuse to throw anarchy in every direction. Which we should be doing anyway, frankly.
This comes from the old mindset that a good defence is a good offence. That may be true in traditional warfare, but not in "the cyber" [ironic quotes].
A good defence is a good defence. That's the end of it. But these out of date fossils don't or won't learn that.
The real "Libtards" are the Libertarians!
Calling someone out when they are being stupid is helpful to them.
People call me out all the time
I tell them to fuck off
Next you know, I'm President of the United States
I mean. how cool is that?
“He’s not deformed, he’s just drunk!”
And really, did we have these kinds of typos before there was an internet?
“He’s not deformed, he’s just drunk!”
It's an IP address.
It's not necessarily the compromised system anymore, or maybe never was because the IP address in nearly every case is a gateway and not the actual compromised system.
You've build a vast pile of irrelevant words on your faulty premise.
I don't know about THIS. Hacking is a negative sum game and this will LEAD to more hacking. Actually I manage 80,000 workstations and I developed a PYTHON program to scrape my Slashdot history. The POLICE broadcast SOUNDS.
If, tomorrow, I tell the press that, like, a dating website will get hacked, or a chain of stores will be hacked, nobody panics, because it’s all ‘part of the plan’. But when I say that one little old DNC will be hacked, well then everyone loses their minds!
In real life, hacking back does work in minutes or hours, but if it works at all days, weeks, months or years. And that assumes that it works at all, that you hit the right system and that the system is in possession of the institution you actually want to hit (and not just a hacked system).
I prefer AC/DShe. http://www.acdshe.com/
and the USA will drop the ridiculous claim it's an act of war,right?
I feel like what they're getting at is some version of the Letter of Marque, which in old sailing days allowed a privateer vessel to go around attacking enemy ships with the blessing of the government. With some modern version, the government could authorize certain security firms to go after hackers, and businesses could contract with these firms to protect them from attack and/or retaliate against attackers. I can't see most businesses, even large corporations, setting up their own retaliation corps--the expertise is rare, expensive, and would probably go mostly unused.
I'm not saying that's a good idea, but it's certainly far more realistic than giving, say, Colgate-Palmolive carte blanche to hack anyone who they thought hacked them first. That just seems like it would lead to chaos. At least with Letters of Marque, the chaos would be contained to some smaller group of security-related companies that maybe would have to go through some certification to get that status. That way leads to digital Blackwater, though, and is that really that much better?
You are aware that '-1 I disagree' is not a moderation option?
If an organisation is going to want to 'Hack Back' at somewhere that (they believe) has attacked them then they are going to need tools to do so. The result will be an arms race of 'Hacking' tools as companies rush to fill a gap in the market - good news for the likes of Symantec I suppose, a new profit centre. So: will these tools only ever be used 'legitimately' ?
How is this different from having more guns on the street, the result of which is that more people get killed ? (Sorry NRA supporters, but there is a reason that the USA is near the top of the List of countries by firearm-related deaths)
Would Microsoft release a new suite 'Microsoft Hack', what operating system(s) would it seek to subvert ?
So will unfettered use of nmap now be unarguably legal ?
Numbah wun, its FRIKKIN WHOM YA PHILISTINE!
Numbah too, Black ICE is sooooo comin! Can't wait to see Facebook brick half their users computers due to a config error and go down in the unholy flames of litigation!
I don't think the congressman understands the gravity of the situation and he should know better I think.
If a warring faction like USA with someone like CIA/NSA/alphabet-soup-agency targets me, they will be deemed a treat equal to that of an enemy combatant. I don't think this US congressman really want to entertain the kind of antagonism inherent in all of this.
So.. I am thinking that the congressman is maybe up to something.
Hackers generally attack through innocent 3rd parties, either compromised machines, bots or whatever. So what exactly do you hack back against? And what if there is collateral damage?
1.Hack your target covertly.
2. Use your target to send a very non-covert attack against any major organisation with a reputation for active defense
3. Sit back and watch the retaliation.
It is illegal for me to pretend I am a lawyer and act as if I knew something about legal processes. For some odd reason it's still legal for you to pretend to know something about computers or that newfangled thing called "the internets" or something like this, despite your absolute blatant display of total ignorance.
On behalf of the people who know a thing or two about it: Please, do the world, and your reputation, a favor and shut the fuck up. Please don't talk about things you have about as much knowledge of as the average other pig has about nuclear physics.
And, even more important, don't make laws about things without knowing jack shit about them. You have the option to have advisers. Get one that has a clue.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
if they are good red white and blue merkin coprs and the nsa won't do it for them . Not at all if they aint murican.
So, given a few articles ago, I wonder if Putin could claim ACDC legitimized retaliation against the CIA.
So, I get it you're for legalizing the actions of those that hacked the IoT devices to brick them? Or what is your point? Because that's essentially what this proposal from this Congressman means. Anyone who feels "hacked" (whatever that may mean, anyway) gets the license to kill whatever he deems "hacked" him.
I always wanted to have the right to kick off the internet who bothers me. Go ahead. Make my day.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This bill would give rise to ACDaaS, ("Active Cyber Defense as a Service"), AKA private enterprise providing legalized hacking services to hack back on your behalf.
And if your business doesn't have the skills needed to identify the attacker, the ACDaaS contractor could identify the attacker for you as well, saving you from having to worry about such details.
Thus, the same company could hack a potential customer, contract with them to identify and stop the hacker, report having wiped the customer's data from the "attackers" machines, and collect their payment. Nothing fixed, no lessons learned, money well earned.
Hell, if the bill passes, this is the exact kind of business I'll start, if only out of spite for the companies that would consider hacking back an appropriate response to a breach.
why things in the Middle East are so fucked up. American leaders' current obsession with instantaneous retribution at almost any cost, is an object lesson in how that kind of insanity comes into being.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
There's some cases when you could invoke something like BrickerBot against a DDoS attack coming from a bunch of webcams and other unsecured devices. Would I be allowed to attack back against these devices and brick some random guy's webcam or router simple because it's unsecured and being used in the attack?
I mean that's the right target right? I should be allowed to use the same exploit used to compromise that system in mass and destroy vast number of webcams or routers or whatever devices are attacking me right?
It is no longer uncommon to be uncommon.
This is the digital equivalent of the "stand your ground" laws that let gun-happy rednecks mow down innocent black people and get away with it.
What if my attacker is Russia? Can I hack Russia back and with what kind of force? Can I break their government systems, destroy their computer, launch a stuxnet like virus upon them and destroy the computer systems of the Kremlin? Or would such things maybe be acts of war and a bit beyond the pale?
It is no longer uncommon to be uncommon.
Oh look this person sent a packet to CIA.GOV its a hack (forget it was just a normal browser request) We can now legally without warrant attack everything on this computer, and lets get the rest of his subnet just to be safe as well.
Hey super-idiot: you started the fucking name-calling and illogical extrapolations. Your post is stupid and by extension you are stupid, your reasoning is of the quality of a snail and your father smelt of elderberries.
(Intentionally childish post so that you may understand)
Sadly there's no "-1 poster is a complete idiot" either. However I reason that a complete idiot shouldn't be able to post at all and so the idiotic post is a trolling attempt.
I'd like to see a "-1/2 badly supported argument" option too, could perhaps encourage people to actually put some effort into their posts.
Oh well I get to that when I create my own website with blackjack and hookers...
...can stop a bad guy with a gun, so that must also be true on the internet. After all, it's just a series of trucks in tubes, and we need guns to stop the truck bombs and go after the tube pirates in their caves in Russia. Or something like that.
Is it just my observation, or are there way too many stupid people in the world?
why this is easy..Carol Sue fucks billy bob, BOB's 1st cousin whom is Alice's husband
Congress loves to pass laws regarding "cyber security" without understanding a thing about it. Forget that most attacks are through compromised devices anymore, or via cloud hosts. Most companies that get "hacked" are that way due to poor security in the first place. To think they would be smart enough or robust enough to turn around and hack the people who hacked them, is pure stupidity. Recall that FISMA was suppose to stop the government PC's and networks from being hacked, but it did not, nor did it stop stolen devices from being compromised. SIPR and NIPR were suppose to be separate, but in many cases they run on the same network gear. Congress should get a real CISO in there, to help teach them what security is, before they try anymore laws regarding it.
Do you hack the party responsible for using the malware, or the one responsible creating it if that is known to you? In the case of "WannaCry", well you see where I am going with this...
You can't defend something you don't own. There was a time in which the Internet was treated much like a highway driven by cars leased from our ISP's and the desktop like our homes, but Google changed that, Micro$oft is making it worse, and the FCC is bringing their own tyranny into the mix. No one in the U.S. has to hack you or even get a warrant, they can just legally purchase your browsing information. There are too many laws and ways of thinking that would have to be changed as a result of this for those in power that need them for their Muslim witch hunt excuse for the digital fingerprinting of everyone or companies that need the capitalistic advantage for this to happen. I honestly can't remember the last time a bill that made sense was passed that had no twisted ulterior motive in the end. Would we have an "NRA" for computer self defense? This would never happen in the "UKGB."
What could possibly go wrong..?
This is what is going on:
1. Trick stupid population that the Russians and Chinese are attacking
2. Let every citizen, business, and corporation, legally attack Russian and Chinese Internet targets
3. Effectively turn every dumb citizen into a U.S. cyber-warrior and let them fight as they wish, no rules, no laws, no repercussions.
What a shit country you are turning into.
How could this ever go wrong? There are too many organizations that lack anyone who could for certain say who was attacking them. Spoofed IPs, infested boxes, etc. all open the door for the WRONG person/people to be attacked back.
Keep your software/systems/firewalls secure and keep your trigger happy monkeys on your own LAN thanks.
Well, according to the Democrats and the mainsteam media John Podesta sending his password to the first person who asked in a phishing email equals "Russia hacked the election." Most organizations would consider someone slurping unencrypted traffic off their local network as "hacking." So I guess it follows that the NSA is hacking the world.
Someone needs to ask Kevin Mitnick to whistle tones into a phone handset and launch a nuclear attack on Fort Meade.
Aside from all the other issues people have already mentioned with this bill, this seems like a great way for the government to do an end-run around those pesky warrant requirements. It's such a chore for law enforcement to go to a judge and have to offer a valid reason for breaking into somebody's property to collect evidence. With this bill, you simply let the victims gather the evidence, completely unbound by law, and have them turn over any findings - whether related to the hacking or not.
I'm sure this loophole wouldn't be used unscrupulously by any three-letter agencies, no sir.
It's called a honeypot. Put a server on your system with valuable-looking but fake data. If a hacker goes for it, you are (1) wasting his time, (2) corrupting the trustworthiness of all the data he's collected, and (3) helping expose him via monitoring tools you've placed on the honeypot.
In 4 words: More Money For Lawyers!!!
Okay. You are stupid. That was helpful, right? Probably not. Because now you are too stupid to realize how stupid you are. Next time, just state your case without calling others stupid, dumbass.
Like escalation always works right? I can just see the mini-wars getting started the cyber "gods" need to contain the skermishes. One thing about war that is universally true: it's the bystanders who are the first and generally biggest casualties.
"Imagination is more important than knowledge" - Einstein
...the bill at least seems to be scoped to only hacks for the purpose of identifying the source of a hack or gathering information on the attacker. You're not allowed to go beyond the scope of your investigate, to destroy files, cause physical or financial harm, impair the functioning of the attacker's computer, or create a backdoor. And you have to notify the FBI before doing so, so if you do accidental (or "accidental") damage to someone else's computer in the process, it won't take a cyber-genius to figure out who's responsible.
IMO, this bill is more on the "useless" than the "dangerous" side. If you do everything right, maybe you help track down a hacker, but it still won't repair the damage they did. If you do anything wrong, you face fines and jail time, and perhaps screw up a real investigation by mucking up the chain of custody. I don't think any company would take that risk.
Ever sat at any console at any NOC were so fucking doomed.
Hay Tom Graves, R-Ga., what if my business thinks you're an enemy of the state? How about we consider the ramifications of ignoring the DOJ? Better yet, how's your Russian? Sounds like you're a politician in the wrong country?
This is vigilantism, which outside of 90s arcade beat'em ups is not a good thing. The rule of law says force should only be used by the government and then is very, very, very tightly controlled and regulated. Notice I said 'force' not violence. There's a difference. The government only uses violence as an act of war. A cop uses just enough force to subdue; more is excessive and gets the cop fired and possibly prosecuted (yeah, I know the practical reality isn't always the same but we're talking principles and ideas here).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Laying waste to rival corps' data, exposing their internal emails and phone conferences.
Wasn't there an RPG like this?
Microsoft's been hacking me for years. Now I can finally hack them back without any legal ramifications.
If anyone for a single moment thinks this wouldn't be abused to the extreme and leveraged for corporate espionage and corporate cyberwarfare, then you're extremely naive. Companies would be hacking their competitors 24/7, claiming they're 'counter-attacking because they detected being hacked', and totally fabricate the evidence of said hacking. It would turn the Internet into something out of a cyberpunk novel, but in the worst sort of way. You think the Internet is dangerous NOW? Just wait until the MPAA and RIAA have the legal right to literally attack the IP address of anyone, anywhere, with basically no accountability and no consequences. On that note you'd probably have them hacking random people's computers, planting copyrighted material (movies, etc) then having the FBI kick their door in and confiscate their computing equipment, arrest them, jail them, and then they'd also get sued for everything they're worth; what a great money-making scheme that would be, right? /s
Screw that. Another technologically fucktarded politician with another horribly bad idea. Not enough 'nope!' in the entire Universe for that.
First, it assumes that most companies have *real* hackers on staff, or on call, and not script kiddies and other wannabees, who, say, don't know what a munged address is.
Second, yeah, about that, so if Russia's intel agencies decide to hack you, or Saudi Arabia's, or, for that matter, the NSA does it, you're really going to hack back? I can hear the real agencies saying, "gee, this kiddie wants to play out of their league...."
Guy's A. Idiot.
There is, it's called Overrated.
Back in analog times, the equivalent of modern robocallers was call centers (typically staffed by young women) who would call you to pitch something.
There was a game that people who had some spare time would play to abuse them in the hope of getting on "do not call" lists that got documented on USENET. Wasting their time cost the company who paid them money so the basic scoring was based on how long you could keep them on the phone, or even better their supervisors who were paid more.
Cruel misogynistic players sought to get emotional reactions from the girls who called, with tears as their objective. Horney players attempted to get dates, or if their tastes ran that way, to date the supervisor. Several people posted suggested rules for competitive comparison, and stories of their successes on telecom news groups.
It might be a good idea to create a Reddit group since it isn't obvious how to get a reaction from the machines. Perhaps there is an equivalent to the 2600hz Captain Crunch whistle.
So hacking the NSA will be fair game !
And use your teams systems to attack my teams systems, and my team turns around and owns your whole team, I win. Or maybe it's your team and their team? I guess everyone else wins.
I better hurry up and finish my distopia future novel while I can still publish under fiction.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
I think that the bank is hacking me.
And the RIAA, and MPAA.
And pretty sure that Sony is in on it too.
And soon Sony will be able to pull another Root-kit scandal, but this time it will be considered as legitimate defense against the evil pirates trying to hack them (and their DRM).
Too bad if a few (= tons of) users got their machines nuked by the rootkit too, even if they never attempted to circumvent DRM.
It's still allowed "hack-back"!
Nuke all the machines.
Kill them all and let God sort them out.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
...otherwise we'll finally get "The Year Of Linux (and BSD) On The Desktop"... because that'll be all that's left.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
With all of these DDoS attacks being considered "hacking", how many innocent zombies would be considered valid targets?
If someone innocent is wrongfully counter-hacked, should they be allowed to fuck up the system of the self-proclaimed sheriff by invoking the same statute of "self-defense".
What if my ISP is keeping track of data I don't want them to?
Am I allowed to hack their system and wipe it?
I can't have my business secrets, or hints thereof, being stored on their servers (they don't have proper vetting).
This could give the FBI etc the right to hack anyone in the us.
We can call these Hack-Back Utilities "Intrusion Countermeasure Electronics" or "ICE" for short.
Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
"For those about to hack, we salute you."
Intelligence agencies now have the right to hack you if you use Tor, a VPN, or have been infected with malware. Would any of us then be justified to hack the FBI?