Bill Would Legalize Active Defense Against Hacks (onthewire.io) 19
Trailrunner7 quotes a report from On the Wire: A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty Act, the legislation seeks to amend the CFAA, the much-maligned 1986 law that is used in most computer crime prosecutions. The proposed legislation includes the caveat that victims can't take any actions that destroy data on another person's computer, causes physical injury to someone, or creates a threat to public safety. The concept of active defense has been a controversial one in the security community for several years, with many experts saying the potential downside outweighs any upside. Not to mention that it's generally illegal.
Re: (Score:1)
Hillary come quick you got to see this.
A giant step ... sideways (Score:2)
victims can’t take any actions that destroy data on another person’s computer, causes physical injury to someone, or creates a threat to public safety
The hackers are quaking in their valenkis.
Re: (Score:2)
Nuclear holocaust, on the Internet (Score:2)
26 to disrupt continued unauthorized activity against the victim’s own network
Way too vague, neither "disrupt" or "continued unauthorized activity" not defined; this'd very quickly result in these so-called victims in just using DDoS against anyone who they disagree with, with the claim that they're "hacking, " and then everyone loses when everything gets slowed down to a crawl. Great. Oh, as these things tend to go, the law would only be applied to large corporations or rich people -- if an individual, not-very-rich person or a small company tried to do any sort of "active defense"
eHolocaust (Score:2)
Way too vague, neither "disrupt" or "continued unauthorized activity" not defined; this'd very quickly result in these so-called victims in just using DDoS against anyone who they disagree with
Even a strict interpretation will lead to an eHolocaust. Attacker hijacks a machine in company A and uses it to attack company B. Company B retaliates against the machine in company A. Company A detects attack from company B and returns the favour. Multiply that by all the machines in a botnet and you can kiss goodbye to the internet.
Illegal?? HaHaHa (Score:2)
I didn't get that memo. He who doesn't hack back deserves a lot of flack.
What about government hacking? (Score:2)
Do people get the right to disrupt police/FBI hacking of their devices as well? That's probably the only hackers that would actually be disrupted by this new law, since criminal hackers use someone else's computer to hack you -- if you hack back, you're only hurting some innocent third party that had *his* computer hacked.
NRA (Score:2)
Danger Will Robinson! (Score:1)
What constitutes an attacker [house.gov]? Warning: PDF
(C) the term ‘attacker’ means a person or an entity that is the source of the persistent unauthorized intrusion into the victim’s computer.
If you want to be able to legally counter-hack a large group of people all you need to do is spread a virus that will first infiltrate a lot of machines, then use those machines to start attacking your machine's IP. This allows you take countermeasures, easily accomplished via a vulnerability that the existing virus leaves open. So let's take a look at some scenarios and the implications.
I can imagine the RIAA and MPAA and their goons drooling over this capabilit
ACDCA? - It should be CUT-THROAT (Score:2)
I mean, sure, it's a palindrome, but real, working Americans can't even spell palindrome, much less know what one is. In fact, palindrome is the kind of work you only hear from those faggy intellectuals.
They need a better acronym, like Cyber Undermining Threat-Tactics for Heaping Righteous Offensive Action on Terrorists. Now That's a bill with balls. Big. Fat. Hairy. Balls. That you can shove down the throat of those bastard attackers of your computer systems.
Better define "Attack" (Score:2)