what do you guys think of the legalization of hackback?
Here is an article I just read about the concept of a company or individual being licensed to hack back. The idea is that a company or person may need to be able to hackback in order to defend itself. The argument against it is that the hacker is better at hacking than the IT pros are, since they are the hacker. The other argument against this is that's an NSA, FBI, CIA type job, not an individual IT pro or company's job.

So, what do you think? And why?

I personally don't know. I don't know enough about the subject.

I think its like trying to outsmart someone who's smarter than you.
I'm against legalising hacking back. For a number of reasons.

(04-05-2019, 05:48 PM)QMark Wrote: The argument against it is that the hacker is better at hacking than the IT pros are, since they are the hacker.

I've never heard this argument, but its kind of stupid. Aside from your average rebel teenager, the best hackers ive ever met are all employed somewhere. Often IT companies. Many even run their own IT companies. Hackers aren't smarter just because they've broken into a network or system. Those networks and systems need to be usable, which often sacrifices some level of security. and regular people are often the weakest link. Sally in Accounting might be why a hacker got into a network, because she plugged her mp3 player with 0day malware/worm on it into her computer. Maybe there's a policy of no outside USB devices... but that doesn't mean everyone listens. Maybe a dumbass developer uploaded credentials to github . A hacker isn't necessarily smarter. they just have a wider target scope.

Now as to why hackback shouldn't be legal, and shouldn't be done.

1. It really accomplishes nothing in most cases?

2. It's risky. It's a liability. Lets say the hacker hacks into say, an Airport network. They then use that network to attack your network. You hack into the Airport. Ooops you just caused the network to crash in your attack on the network/routers/switches and the control tower loses power, connectivity, whatever and they can no longer contact aircraft and/or lose the ability to track planes. 2 Boeing 747's crash into each other killing 800-1200+ people depending on capacity. Who's liable for this? Now this is an extreme example, and I don't really know how that kind of network works or redundancies it has... but at the same time we have networks that are responsible for peoples lives all over the place. Hospitals? Train Systems? Traffic Controls? Power Grids? Emergency Services providers(Ambulance, Fire, Police), and who knows what else. Your company hacking into these and other systems creates nothing but liability. Often times the "person" hacking you is simply a staging area that doesn't actually belong to the hacker.

3. You risk compromising evidence and actual law enforcement activities. You might stop an attack by hacking back, but you've essentially let them off the hook for both evidence and liability if it can't be determined who did what while on the network. Maybe you do hack into the actual hackers computer or network. If he's then arrested he could easily say that the evidence was planted by someone else.

I think the only compromise might legalising it, for when there is no legal treaty in place for law enforcement, or places where the activity might not even be considered illegal, or where it is even government sanctioned. ie North Korean/Russian/Chinese hackers are attacking your network, there's probably no use going through your state department and it's unlikely anyone would be arrested for it.

Possibly Related Threads…
Thread Author Replies Views Last Post
  How did you find GreySec? Insider 10 1,385 07-14-2020, 08:37 PM
Last Post: Insider
  What are you currently listening to? Vi-Sion 21 9,281 06-25-2020, 11:32 PM
Last Post: Insider
  Do you have a Gucci coat? LOSTINSAUCE 16 9,530 05-25-2020, 06:19 PM
Last Post: WendyMorris
  is there anything wrong with the terms "white hat," "black hat," or "grey hat" to you QMark 2 876 04-14-2020, 03:16 AM
Last Post: QMark