Should hacking back be legalized?

Companies of all sizes are losing millions of dollars each year to cyber criminals, according to a study by Ponemon Institute (http://www.informationweek.com/security/management/cybercrime-costs-skyrocket/240162379) which found that the average cost of cybercrime is $11.6M/year, up $2.6M from 2012. Unless something is done to deter criminals, this trend will continue to rise.

There has been talk of allowing companies to take matters into their own hands and hack back against perpetrators to regain what was stolen from them. Police aren’t equipped to deal with the sheer amount of cybercrime, so should companies be allowed to take matters into their own hands? We’ve seen a few high profile arrests, but these only reflect a small dent towards solving the problem. On the other hand, we don’t condone vigilantes breaking into houses to regain stolen goods, and hacking back is essentially the same thing. If law enforcement began allowing organizations to “hack back,” an argument could be made that breaking into a physical structure to take back stolen goods should be legal as well. Retaliatory crimes are a slippery slope.

The question is not only should it be legal, but is it even worthwhile for an organization to try it? 

Here are a few pros and cons:

Pros

1. Gives organizations the ability to potentially stop cyber-attacks as they happen, whereas waiting for a response from police would most likely be too late and result in data being successfully stolen.

2. Shows attackers that we aren’t sitting ducks, possibly deterring further crime.

Cons

1. Could become a game to attackers, resulting in further and more destructive attempts.

2. Would take time and effort, and there’s no guarantee of a successful mission. 

What are your thoughts?

Advertisements

Guccifer Strikes Again! Just having fun for now, but what if that changes?

Guccifer, a hacker known for targeting high profile political figures and celebrities is at it again, and this time his victim is Candace Bushnell, author of “Sex and the City.” Guccifer gained access to Bushnell’s email account and took screenshots of her latest unfinished novel; then he proceeded to hack her twitter account and posted those screenshots.

Past attacks from Guccifer, like this one, have not been for personal gain. It’s hard to imagine financially benefiting from leaking a “sneak peak” at a novel. . . unless, of course, someone paid them to carry out such an attack. The motivation behind these attacks is probably just plain mischief. Remember the old “script kiddies” of the past? Same deal.

However, should the attacker’s motives change, he or she can probably do a lot of damage. As we saw in the Syrian Electronic Army attacks, hacking a high profile and trusted Twitter account affected the stock market, which shows just how much damage one can do.

Even though you may not be the direct target of an attack, you might still be affected by it. A stock you own may drop if that company’s twitter account falsely declares bankruptcy for the company. Even worse, details of national security could be leaked from the Attorney General’s email account and we could find ourselves vulnerable to attack. It’s hard to prevent the second scenario from taking its toll, but the first one is certainly avoidable.

Moral of the story: Don’t believe everything you read online! Checking it against multiple trusted or valid news sources. A hacker’s word is only as good as those who believe it, so don’t be too trusting or naïve. Stay in observation mode and continue to gather information.