Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io)
Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
Sure...no pandora's box here.... (Score:3)
I'm guessing that large businesses could get in on this too? If not now, just wait....
And, we've seen how well just take down notices work....often not even justified, but still...the party acted upon is now guilty till proven innocent.
What constitutes a valid victimization? Telling someone you don't like them? They small bad? That allows them to infiltrate your computer, destroy information...etc?
This sounds like a real pandora's box being opened here.
Re: (Score:1)
"What constitutes a valid victimization?" ICMP the wrong port and they can say you're trying to penetrate their services? Mmmm, Beacon.
Black ICE (Score:2)
Mr. FBI Agent sir, (Score:3)
I was just "destroying my hacked data"
Facebook had hacked my browsing data...
The FCC was hosting my stolen data...
The "agencies" had hacked my communication devices....
Linkedin...
Tumbler...
Myspace...
IRS...
Attack Google and Microsoft? (Score:1)
So this bill empowers me to attack Microsofts and Googles servers to destroy my data that they have taken?
Hmmmm (Score:2)
So I have to tell the FBI that I'm going to hack the NSA to destroy my data?
Re: (Score:2)
i am sure if you don't the NSA will anyway, so in this particular instance it would be necessary.
AC/DC Act (Score:3)
Republicans have seen too many Hollywood hacker movies. They want people to believe that after someone steals their personal information, they'll be able to click a big red EXECUTE button on the screen and it will launch a counterattack and steal back their data.
In reality, the people who are victims of this type of data theft aren't going to have access to these "Beacon" tools. But copyright trolls and malware thugs almost certainly will. In the end, this will be just another corporate giveaway.
The cyber is hard.
Foolishness. (Score:3)
What this is going to enable people to do is destroy zombie computers and devices under the guise of retribution. While this may seem good at first, it's just going to be the moms and pops of the world losing all their data because they got infected with a virus and somebody unleashed hell on their machine. It seems like it would be far more helpful to require ISPs to detect a DoS in progress and cut off the infected customer. A scorched Earth campaign will do little to change the world.