Hack Back: Ethical Countermeasures for Cybersecurity

As you look at your screen, your heart beats fast with frustration and determination. Cyber-attacks have left your team struggling to keep up. It’s time to fight back, not just defend. Welcome to “hacking back,” where cybersecurity rules are changing¹.

With cyber threats getting smarter, the IT security world is embracing “active defense.” This means fighting back before an attack happens. It’s a response to attackers who always seem to be one step ahead¹.

CrowdStrike leads in this new cybersecurity approach. They’ve taken down parts of the Kelihos botnet and launched the Falcon platform for fighting back¹.

Now, the idea of hacking back is sparking talks among law enforcement, agencies, firms, and security companies. They’re looking into this method to fight off attacks¹.

Key Takeaways

• The cybersecurity industry is exploring “active defense” strategies to proactively counter cyber threats.
• Companies like CrowdStrike are taking offensive measures, including disrupting botnets and launching active defense platforms.
• Hacking back is a controversial but growing concept, with ongoing debates about its legal and ethical implications.
• Governments and security organizations are actively discussing the potential adoption of hacking back as a cybersecurity countermeasure.
• Navigating the legal and ethical concerns surrounding hacking back will be crucial as this approach gains traction.

The Rise of Active Cyber Defense

Cybersecurity breaches are happening fast, making it crucial for organizations to protect their data². The old way of defending against cyber threats isn’t working well anymore.

Ransomware attacks have jumped by 300% from 2015 to 2016, with thousands happening every day since then². In 2019, over 70 state and local governments in the U.S. faced ransomware attacks².

The Frustration with Traditional Defensive Approaches

Experts are now looking at proactive ways to fight cyber threats. Hacking into systems that control our critical infrastructure is a big worry². The ACDC Act was proposed in 2017 to allow for more defense actions against hackers².

It was brought back in 2019 with support from both sides of the aisle, aiming to change laws to fight back against hackers².

CrowdStrike’s Offensive Strategy and Falcon Platform

Cybersecurity companies like CrowdStrike are fighting back. CrowdStrike, a top threat intelligence firm, took down thousands of a botnet and launched the Falcon platform². This platform uses Big Data for “active defense” operations². The goal is to let organizations fight back against cyber threats with the same methods hackers use³.

The idea of “hacking back” is still debated, but the COVID-19 pandemic has shown we need to act fast against cyber threats³. The future of active cyber defense will be key in shaping how we protect ourselves online.

What Does “Offensive Approach” Mean for Cybersecurity?

Experts are now looking into using an “offensive approach” to fight cyber threats⁴. This change comes as cyber-attacks on companies and governments increase, causing big damage⁴. The unpredictable nature of cyber threats shows that just defending isn’t enough, sparking talks on offensive cybersecurity⁴.

The Limitations of Defensive Measures

Firewalls and antivirus software aren’t stopping cyber-attacks like they used to⁴. Cyber threats are getting smarter, making security experts look for new ways to fight back⁴. An “offensive approach” means using malware or tools to stop or disrupt attackers, turning the tables⁴.

Components of an Offensive Approach

Offensive cybersecurity has two main parts: figuring out who attacked and hitting back⁴. First, find out where the attack came from through attribution⁴.

Then, take action, or retribution, to make hackers think twice⁴. This could mean taking down their systems or hitting them back⁴.

But, not everyone supports this approach⁵. Some worry about causing more harm or starting a bigger cyberwar with AI⁵. Laws like the Computer Fraud and Abuse Act also limit how far companies can go⁵.

The debate on offensive cybersecurity is ongoing, showing big changes in the field⁴⁵.

Hack Back: The UK’s Active Cyber Defense Strategy

The British government is leading the way with “hack back” in its UK active cyber defense strategy. Chancellor Philip Hammond announced a £1.9bn package to improve cyber defenses.

This is part of a five-year UK cybersecurity strategy⁶. The plan includes fighting back against state-sponsored cyber attacks, showing the UK’s readiness to challenge cyber threats⁶.

The UK is using new software to fight cyber-attacks and creating special cyber units⁶. The government is focusing on protecting critical infrastructure and businesses from hackers. Chancellor Hammond mentioned an app that caught 50,000 fake emails⁶.

Even though the UK doesn’t “hack back” itself, its strategy is a big change in how it deals with cyber threats⁷. The UK is taking steps to protect its digital world and interests online⁷.

The Impacts of Active Cyber Defense

The UK’s strategy has made a big difference in its cybersecurity. For example, TalkTalk was fined £400,000 after a data breach exposed 156,959 customers’ details⁶. This shows why protecting against cyber threats is so important.

While the UK focuses on defending itself, “hacking back” is a complex topic⁸. As cyber threats grow, policymakers and experts must think carefully about how to defend against them⁸.

Metric	Value
Businesses affected by cyber breaches/attacks (2017-18)	4 in 10
Charities affected by cyber breaches/attacks (2017-18)	1 in 5
Estimated amount stolen from UK internet users (2017)	£4.6 billion
UK residents targeted by cybercriminals vs. global average	More than twice as likely
Average UK cybercrime value vs. global average	More than twice as lucrative

The UK’s Active Cyber Defence program targets cybercriminals affecting individuals and organizations⁷. The National Cyber Security Centre (NCSC) has cut cybercrime threats to government agencies and users. They want to expand these efforts to improve UK cybersecurity and protect UK interests online⁷.

“The UK’s approach to Active Cyber Defence focuses on defensive measures and does not involve offensive actions like ‘hacking back.'”

The UK’s active cyber defense strategy is a proactive way to protect the nation’s digital world⁷. The debate on “hack back” is ongoing, but the UK’s focus on defense and teamwork is a step forward for better UK cybersecurity.

The UK’s Proportional Cyber Counterattack Model

The UK government has taken a bold step by launching an active defense model. This includes hacking back against threats to national security⁹. Chancellor Philip Hammond sees this “hack back” strategy as a smart way to avoid direct conflict. It’s a balanced response to cyber-attacks from foreign hackers⁹.

The UK doesn’t just want to defend itself online. It also plans to strike back when attacked. The goal is to stop hackers from stealing from the UK or causing harm⁹.

This new approach marks a big change from old ways of fighting cyber threats⁹. By 2011, 75% of UK homes had fast internet, more than the EU average⁹. With data growing fast, from 1.2 zetabytes in 2010 to 1.8 by 2011, the UK sees the need for a stronger defense⁹.

The UK’s cyber counterattack plan follows international law¹⁰. Laws like the Wiretap Act and the Cybersecurity Information Sharing Act let companies fight back against cyber threats¹⁰. The Tallinn Manual 2.0 and the International Court of Justice also guide how to legally respond to cyberattacks¹⁰.

By taking this proactive stance, the UK hopes to outsmart its enemies and safeguard its digital interests. This UK cyber counterattack strategy is a daring and new way to meet the cyber challenges of today.

China’s Cyber Security Law and Foreign Hacker Countermeasures

The Chinese government is fighting back against foreign hackers who threaten its national infrastructure. The second draft of China’s Cyber Security Law is up for its third reading. It plans to freeze assets and take action against foreign hackers¹¹. This sends a strong message to foreign governments that might try to attack China online.

Reports say state-backed Chinese hackers are targeting U.S. critical infrastructure¹¹¹². China wants to protect its digital world. The Cyber Security Law aims to boost China’s cyber defense and protect its national security and citizens’ rights online.

China’s cyber actions are a big worry for the U.S. government, businesses, and critical networks¹². China is a top player in finding and using weaknesses in systems¹².

The Strategic Support Force (SSF) leads China’s cyber warfare efforts¹². The Ministry of State Security (MSS) does most of China’s global cyber spying¹². They target political, economic, and personal info to meet their goals.

With the Cyber Security Law, China is making it clear it won’t let foreign hackers mess with its important systems. The law’s rules to freeze assets and act against foreign hackers show China’s strong stance to protect its digital world.

Key Cybersecurity Threats to China	Countermeasures in China’s Cyber Security Law
State-backed foreign hacker groups targeting critical infrastructure Vulnerability exploitation and third-party compromise Cyberespionage activities aimed at political, economic, and personal data	Freezing of assets belonging to foreign hackers Imposition of other legal actions against foreign perpetrators Strengthening of China’s cyber defense capabilities Enhanced protection of national security, public interest, and citizens’ rights in cyberspace

China’s Cyber Security Law and its actions against foreign hackers show its commitment to protect its digital world. As cyber threats keep changing, these steps will impact global cybersecurity a lot.

The US Approach: Rule 41 and Worldwide Hacking Authority

The US government has taken steps to increase its hacking power. In 2016, the Supreme Court approved changes to Rule 41 of the Federal Rules of Criminal Procedure.

This rule now lets US judges issue search warrants for hacking into computers outside their area¹³. This change gives the FBI more power to fight cyber threats and investigate threats to national security¹³.

The FBI has used this new power to stop big cybercrime and hacking groups. In 2021, they took down a Russian hacking group’s botnet and stopped a Chinese group from spying¹⁴.

This was thanks to the 2016 Rule 41 changes, which let judges issue warrants for devices across the country. This allowed the government to copy, seize, and delete data as needed¹⁴.

The US has put a lot of money into fighting cybercrime, with nearly $20 billion in 2016¹³. But cybercrime keeps getting worse, with the FBI saying cybercrime caused a record loss of $12.5 billion in 2023¹⁵.

Fighting cybercrime is getting better, with Western law enforcement taking down hackers, but we need more research and teamwork to keep improving¹⁵.

Key Cybersecurity Statistics	Value
Ransomware revenue in 2023	Over $1 billion
FBI reported cybercrime losses in 2023	$12.5 billion
Obama administration’s cybersecurity budget in 2016	Nearly $20 billion

The US is still fighting cyber threats with its expanded hacking power under Rule 41. But they need to balance this with ethics and work with others to keep the internet safe¹⁵.

Hack Back

Google’s Counterattack Against Chinese Hackers

Google fought back against Chinese hackers with success. It tracked cyber-espionage to a server in Taiwan and shut it down¹⁶.

The Legal Risks of Hacking Back

Hacking back comes with big legal risks. The Computer Fraud and Abuse Act of 1986¹⁶ makes it illegal to access computers without permission. People whose devices were hacked can also sue for money damages¹⁶.

There’s a lot of debate about hack-back actions. Some say it helps to get back data and understand threats. But, it’s illegal in many countries and faces challenges in the U.S¹⁷.

There are risks like causing more harm and not knowing who did it¹⁷. Admiral Michael Rogers warns it’s like adding more guns in the Wild West¹⁶. Lawyers also worry about hurting innocent people in the process¹⁶.

Even with some success stories, hack-back is a tricky topic. The legal issues and risks make it a complex debate in cybersecurity¹⁷.

Ethical Considerations of Hacking Back

The practice of “hacking back” is becoming more common due to the increase in cybercrime¹⁸. But, the ethical and legal sides of this topic are complex and widely discussed¹⁸.

The Argument from the Rule of Law

Hacking back might be illegal, as it could break laws like the Computer Fraud and Abuse Act¹⁹. Companies that hack back could face criminal charges and civil lawsuits. There’s no law that says it’s okay to do this¹⁹. It might also break industry rules, leading to legal trouble and damage to reputation¹⁹.

The Argument from Self-Defense

Some argue that hacking back is okay as a way to defend against an attack, like physical self-defense²⁰. This idea comes from the belief that law enforcement can’t always stop big cyberattacks²⁰.

But, hacking back is a tricky topic. It raises questions about vigilantism, starting a cycle of revenge, and hurting the wrong people¹⁸. Cybercrime is global, making it hard to know who to target and how to stop them¹⁸.

Figuring out who did a cyberattack is hard, which can lead to mistakes in who gets hit back¹⁸. Laws on hacking back are unclear, with different rules in each place, making it tough for companies¹⁸.

The debate on hacking back has both sides sharing their views, shaping the cybersecurity conversation¹⁸. While it might seem like a good idea, we need to think carefully about the ethics and laws to make sure it’s done right¹⁹.

Attribution and Escalation Concerns

Two big problems with “hacking back” are figuring out who did it and the risk of things getting worse. It’s hard to know who is behind a cyber-attack, which might lead to fighting back at the wrong person²¹. Also, hacking back could start a cycle of more attacks and counterattacks, possibly leading to a big cyberwar²¹.

The Argument from Attribution

Finding out who started a cyberattack is tricky²¹. Sometimes, research projects might get mistaken for hacking, or hackers might try to make it look like someone else did it²¹. Laws around the world also make things complicated, and hack back actions could break laws in some places²¹.

The Argument from Escalation

Hacking back could cause harm, like shooting without aiming in the digital world²¹. If companies are allowed to hack back, it might make things worse between countries, seen as an attack²¹²². There’s also no clear way to check if companies are doing it right, which could make things worse²¹.

Instead of hacking back, we should focus on making things safer, working together with others, and acting before problems start²¹. If we do hack back, we could face legal trouble, damage to our reputation, and losing trust from others²¹.

We need to think hard about the problems and risks of attribution and escalation before deciding if hacking back is a good idea for cybersecurity²¹²².

Public Health and Practical Effects

The debate on hacking back brings up two big ethical worries. One is the impact on public health and the other is how effective these actions are.

Some say hacking back could harm critical services we all use²³. For example, a cyberattack on a big healthcare provider could leave millions without vital medical care²³.

Another concern is that hacking back might not work well in the long run. It might make us feel like we’re fighting back, but it could also lead to more problems.

As one expert notes, “Hacking back is like fighting fire with fire – it may momentarily quell the flames, but it also risks spreading the blaze in unpredictable ways.”²⁴

These worries about public health and effectiveness are key in the debate on hacking back. Those making policies and cybersecurity experts need to think hard about the risks and benefits before deciding on such actions²⁴.

Conclusion

The debate on hacking back shows how complex cybersecurity is. With more people online, the need for new ways to protect us is clear²⁵. But, we must think hard about the ethical and legal sides of these new methods²⁶.

There’s no clear law on this, and fighting back might not work against all threats. This makes us question if it’s a good idea²⁶.

As technology changes, so does the way we fight cyber threats²⁵. Cloud computing and critical services are now more at risk²⁵. Experts like Stewart Baker, Orin Kerr, and Eugene Volokh suggest we need a smart plan for dealing with these issues²⁷.

Choosing to hack back or not depends on many factors²⁵. We must think about the risks, ethical questions, and the resources we have²⁶. The goal should be strong defenses and working together globally to fight cyber threats wisely.

FAQ

What is the concept of “active cyber defense” in cybersecurity?

Active cyber defense means acting ahead of time to stop a cyber-attack. It comes from frustration with constant attacks. It involves taking steps to stop or fight back against attackers.

What is CrowdStrike’s approach to active cyber defense?

CrowdStrike uses an offensive way to fight cyber threats. They have taken down parts of the Kelihos botnet and launched the Falcon platform for active defense. They use Big Data for “active defense” against cyber threats.

What does an “offensive approach” to cybersecurity entail?

An offensive cybersecurity approach means fighting back with the same tools attackers use. This can include using malware to stop or counter DDoS attacks. It also involves tracing and responding to attackers.

How has the UK government adopted an active cyber defense strategy?

The UK government has said it will “hack back” as part of its defense strategy. They’ve set aside £1.9bn for cybersecurity, including new software to fight cyber-attacks. They’re also creating cyber units to attack back at attackers.

What is the Chinese government’s approach to countering foreign hackers?

China’s Cyber Security Law allows them to freeze assets and act against foreign hackers. This sends a message to foreign governments that attack China’s systems.

How has the US expanded its hacking authority?

The US Supreme Court changed Rule 41 in April. Now, US judges can issue search warrants to hack into computers outside their area. This gives the FBI more power to fight cyber threats worldwide.

What are some of the success stories and legal risks associated with hacking back?

Some successes include when Google tracked down cyber-espionage activities linked to China and shut down the server. But, hacking back is risky legally, as it’s illegal to access computers without permission.

What are the ethical arguments for and against hacking back?

Some say hacking back is illegal and unethical because it breaks laws against unauthorized computer access. Others argue it’s justified as a defense against an attack. These ethical views need careful thought.

What are the concerns about attribution and escalation when it comes to hacking back?

Identifying who started a cyber-attack can be hard, risking wrong targets. Hacking back could start a cycle of more attacks, leading to a big cyberwar.

What are the concerns about public health and practical effects when it comes to hacking back?

Hacking back could harm public health by disrupting important services. It might not stop future attacks or could lead to bad outcomes.