“In the real world, it would be like turning a foreign intelligence agent and getting them to work for us. Something like this should be possible in the cyber world too,” Hans-Georg Maassen, head of the BfV domestic intelligence agency, told the parliamentary oversight committee earlier this month.
Hacking back wins the “prize for the worst cybersecurity policy idea that just won’t die,” Josephine Wolff, an assistant professor of public policy and computing security at Rochester Institute of Technology and a faculty associate at the Harvard Berkman Center for Internet and Society, recently wrote in Slate. Even though everyone condemns the practice, the idea persists, because it is extremely attractive from the victim organization’s perspective to try to delete the stolen data before it can be used by the attackers. Hacking back may help investigators with attribution, to find the identities of the attackers, or at least where they are operating.
It’s unlikely that the government would ever legalize hack back, especially when law enforcement agencies agree that the potential of misfired attacks by self-appointed vigilantes outweigh the supposed benefits. However, for organizations interested in beefing up their incident response activities to be more proactive, exploring Cymmetria’s framework is a good step to understanding how to engage attackers without crossing into retaliation or retribution.
Sign up for CIO Asia eNewsletters.