Congressman Proposes Organizations Should Be Allowed To 'Hack Back' (engadget.com) 30
Engadget reports: Representative Tom Graves, R-Ga., thinks that when anyone gets hacked -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking back" easy-breezy-legal believes it would've stopped the WannaCry ransomware. Despite its endlessly lulzy acronym, Graves says he "looks forward to formally introducing ACDC" to the House of Representatives in the next few weeks... The bipartisan ACDC bill would let companies who believe they are under ongoing attack break into the computer of whoever they think is attacking them, for the purposes of stopping the attack or gathering info for law enforcement.
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. "To start with, when shooting back, there's the fundamental question of who to shoot... We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress." And if new retaliatory tools are developed, "How can we be sure that these new weapons won't be stolen and misused? Who can guarantee that they won't be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?"
Slashdot reader hattable writes, "I would think a proposal like this would land dead in the water, but given some recent, and 'interesting' decisions coming from Congress and White House officials, I am not sure many can predict the momentum."
I imagine that depends on the details of how the law is written. Unless it specifies otherwise, I would assume that if they hit the wrong target, then they'd be civilly liable under regular tort laws.
Though IMO this could be viable if it was restricted to surveillance, and only against foreign targets that don't have any kind of extradition treaty with the US.
No one. She's not an organization, she's a peasant.
Viacom could hack you under these rules for "believing in good faith" that you may be suspected of possibly being related to an attack on them, and do whatever they want.
You want to defend yourself from this sudden intrusion and figure out who that was, maybe drag them to court over this illegal hacking?
Yeah no. You're a criminal under the CFAA now.
We are on the highway to hell sue them all! (Score:3)
We are on the highway to hell sue them all!
Or Mallory gets Bob to hack him in a false flag attack so he can hack Alice.... If you're legalizing US companies to attack 'foreign' companies, you're also protecting foreign companies that hack US ones in retaliation.
IMHO, Google's self driving car tech is underpinning Uber's Yandex's self driving car tech and Baidu's self driving car tech. Courtesy of General Alexander leaving US corporations open to known backdoors.
How would Google 'hacking back' actually stop that damage?
I'll create a GUI interface using Visual Basic to see if I can track an IP address.
Just send your resume to my homepage. You ain't so far from the truth after all.
Wasn't there something like this that was actually passed into law? Or at least there was something like this that was proposed and got support last season
https://yro.slashdot.org/story... [slashdot.org]
... to launch another Iraq War on fake accusation. Look, IP address is such an indisputable evidence!
The monumental amount of stupi-....one of the first things a 'hacker' does when launching an attack is obscure their origins. They use someone else's machine, like a University's, or a Hospital's, or even one owned by the Department of Defense. And you want to hand people a license to f*ck up what they 'think' (and I use that word broadly here) might be attacking them? How is the DoD going to react to Pfizer launching an all out assault on them because they 'think' an attack is coming from some DoD machines?
It takes weeks, months, possibly more to track down the owners of Botnets, from which Distributed Denial of Service attacks may be launched from zombified machines. That requires investigation, international at times.
And we don't need any laws for what is already an illegal practice.
The monumental amount of stupi-..
Yes, it's true. That's why I come nearly every day to correct people as monumentally stupid as yourself. Such epic levels of disastrously misguided thought cannot be allowed to stand without challenge from someone with common sense and logic.
But is it really going to be any good without Brian Johnson? Can Angus Young fill his shoes?
The real concern is that we're trusting big business to use this appropriately. I can guarantee that it won't. The RIAA and MPAA are probably wetting their pants in antic
Wouldn't this give us the authority to hack all those government agencies that have been hacking us for decades now?
Since we know, thanks to various whistle-blowers, that the NSA and other US government organizations have hacked most is not all US citizens, this bill would now give any citizen a reasonable belief they were hacked, therefore a legal right to hack back. Where do I sign?