Can you say ‘collateral damage’?
By Iain Thomson in San Francisco 13 Oct 2017 at 22:36
Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them.
The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America for the first time. The bill would allow hacked organizations to venture outside their networks to identify an intruder and infiltrate their systems, destroy any data that had been stolen, and deploy “beaconing technology” to trace the physical location of the attacker.
“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” said co-sponsor Representative Tom Graves (R-GA).
“The certainty the bill provides will empower individuals and companies use new defenses against cybercriminals. I also hope it spurs a new generation of tools and methods to level the lopsided cyber battlefield, if not give an edge to cyber defenders. We must continue working toward the day when it’s the norm – not the exception – for criminal hackers to be identified and prosecuted.”
I never thought of it this way. It’s basically the cyber version of being allowed to murder someone for entering your property. https://t.co/vu1TxqQIMK
— MalwareTech (@MalwareTechBlog) October 13, 2017
Congress has been mulling such laws for a while but many security professionals are worried that such legislation will lead to IT departments and individuals going into full vigilante mode, and causing massive collateral damage. But the bill’s sponsors say that safeguards have been built in.