Slashdot Mirror


Congressman Proposes Organizations Should Be Allowed To 'Hack Back' (engadget.com)

Engadget reports: Representative Tom Graves, R-Ga., thinks that when anyone gets hacked -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking back" easy-breezy-legal believes it would've stopped the WannaCry ransomware. Despite its endlessly lulzy acronym, Graves says he "looks forward to formally introducing ACDC" to the House of Representatives in the next few weeks... The bipartisan ACDC bill would let companies who believe they are under ongoing attack break into the computer of whoever they think is attacking them, for the purposes of stopping the attack or gathering info for law enforcement.
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. "To start with, when shooting back, there's the fundamental question of who to shoot... We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress." And if new retaliatory tools are developed, "How can we be sure that these new weapons won't be stolen and misused? Who can guarantee that they won't be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?"

Slashdot reader hattable writes, "I would think a proposal like this would land dead in the water, but given some recent, and 'interesting' decisions coming from Congress and White House officials, I am not sure many can predict the momentum."

1 of 189 comments (clear)

  1. Re:Alice Bob etc. by Anonymous Coward · · Score: 5, Interesting

    Or Mallory gets Bob to hack him in a false flag attack so he can hack Alice.... If you're legalizing US companies to attack 'foreign' companies, you're also protecting foreign companies that hack US ones in retaliation.

    IMHO, Google's self driving car tech is underpinning Uber's Yandex's self driving car tech and Baidu's self driving car tech. Courtesy of General Alexander leaving US corporations open to known backdoors.

    How would Google 'hacking back' actually stop that damage?

    And then there's the orange elephant in the room, what if the damage is so egrarious that attacking enemies become best buddies and close allies become targets of attack?

    I'm waiting for Trump's report saying the election was attacked by France, and Russian detection was only inadvertent attempts to secure our networks remotely.