The Active Cyber Defense Certainty Act – What COULD Go Wrong
Most of the time we feel pretty helpless when it comes to going after hackers. There is a good reason for that – for the most part, we are helpless. The hackers operate under their own rules and law enforcement really isn’t equipped to deal with them. It is hard enough for the cops to catch burglars and murderers (how many of those cases go unsolved every year), but when it comes to cyber crimes, I would hazard a guess that 999 out of every 1,000 go unsolved.
Enter ACDC, the Active Cyber Defense Certainty Act. This bill would allow businesses, within certain parameters to hack back at the hackers to destroy stolen information and try to unmask the hackers as long as they don’t do damage.
There was a recent case where this was tried with no success and I think this is going to be the normal situation – no success.
London Bridge Plastic Surgery is a high end plastic surgery practice in England – they do plastic surgery on the rich and the famous, including the Royals. They were hacked and the hackers shared graphic photos of their patients with the media. So far, I don’t think they have published those photos.
Apparently, the chief surgeon fancies himself a bit of an amateur hacker and sent the hackers a word document with a link to a file on their server with the hopes of getting the hacker’s IP address from this.
Not surprisingly, the hackers detected this attempt and publicly scolded the doctor who said that he didn’t do it. The hackers now say that they are going to punish the doctor for attempting to uncover them, although they have not said what that might be.
In the end, you run the risk of upsetting folks who may have backdoors into your system and, in this case, claim to have terabytes of your sensitive data, which they could easily dump on the web.
So if ACDC passes and you choose to hack the hackers, understand that the hackers might be smarter than you and there could be serious consequences for you, your company, your data and your clients.
On the other hand, if you think you are smarter than the hackers then why were they able to hack you?
Information for this post came from The Daily Beast.
If the victim uses the breach event to first upgrade their own security…BEFORE they retaliate…then they will be in a better position to deal with any blow-back consequences from the hacker. And doing SOMETHING rather than nothing against the hacker world has its merits.