Hacking the hackers
With hackers becoming more brazen, some in the security community are advocating that businesses go on the offensive, breaking into their attackers’ systems to steal back or delete stolen data or even damage their computers. Earlier this year, Rep. Tom Graves (R-Ga.) proposed a bill, known as the Active Cyber Defense Certainty Act, that would exempt companies victimized by cyberattacks from laws that prohibit them from accessing others’ systems without permission. The strategy is controversial. Many hackers commandeer other people’s computers and servers to launch attacks, making it likely that counterattacks could hit innocent systems, creating more chaos in an already chaotic cybersecurity landscape. But hacking back is already being practiced quietly by many businesses, said Davi Ottenheimer, president of security consultancy FlyingPenguin. “Almost every large organization I consult with has some form of hack-back going on,” he said.