Striking Back in Cyberspace: Vigilantism or Sanctioned?

Vigilante in the episode “Patriot Act” in Justice League Unlimited. (Photo credit: Wikipedia)

Your corporation has just been probed, broken into, and highly sensitive proprietary intellectual property (IP) has been copied and/or destroyed.  Whoever took the IP now has the information for pennies on the dollar, they did not have to invest perhaps millions of dollars and years of research and development, conducting experiments or finding just the right combination of materials or techniques.  They now have a finished product.  If you were about to go into production your competitor might beat you and put out a product before you can.  They also have a much lower overhead and can sell a similar product far cheaper than you.

What do you do?

You can report the incident to the police, who will probably take your hard drives to obtain forensic evidence.   If they are really good they’ll keep you informed at each step during their investigation.  Probably, however, they will keep you in the dark, citing not disclosing information during an active investigation.  It may or may not be their number one priority.  After a while, ranging from weeks to months, they will return your hard drives and you can now resume progress.  Sure, you’ve lost weeks or months and your partners might have lost patience and your customers might not trust your security, but business must go on.

OR

You can strike back. Hiring your own security team you can discover, to your level of satisfaction, who broke into your system.   This is easily accomplished by establishing a honeypot, replicating your system and putting in ghost files.  Not only will this tie up your infiltrators and significantly wastes their time, but you can also find out more about their techniques and track where they are.

OR

Knowing you are about to be hacked (again), you can plant false information on your system.  Negotiating Strategy.doc would be a great way for you to make your opponent believe they knew your negotiating strategy for a certain contract.  This gives you the upper hand…

According to a recent Reuters report, here, these are only a few of the ways a corporation can “fight back”.

So what?

Everything I have outlined here is perfectly legal and won’t get you in hot water.  If you were to attach malware to a file you knew was going to be taken, this begins to take on the appearance of vigilantism.  If you were to hire a team of hackers, break into your competitors’ system and destroy everything, you’ve now broken the law.

While taking the offense and destroying a competitor’s system is always tempting, this is tantamount to warlike actions in cyberspace, you’ll probably be caught and you’ll probably suffer.   I’ve heard rumors, for decades now, of vigilantism in cyberspace.  Are they true?  ‘not saying…

Related articles

• US companies take vigilante view on hackers (news.techeye.net)
• Is it ever OK to go vigilante? (thepunch.com.au)
• Let It Rip: Is it Time for Vigilantism? (myfoxdetroit.com)
• Man arrested in connection to RAAD vigilante attacks (seachranaidhe1.wordpress.com)
• What is Villains and Vigilantes? (theheroalliance.com)
• Social Media’s Court Of Public Opinion: Zimmerman vs Martin Blurs Vigilantism & Censorship (inventorspot.com)
• Is network offense the best network defense? (volokh.com)
• Italy, Poland: Vigilantes Express Displeasure with Automated Enforcement (thenewspaper.com)
• TOM KEENE: Keep An Eye On The Twitter Vigilantes (businessinsider.com)
• Another vigilante assault case (blogs.kansascity.com)
• what are bond vigilantes? …are they making a comeback? (rhodesholdings.wordpress.com)
• Black Government Vigilantes (eradica.wordpress.com)