December 26, 2018
When you see an attacker on your network, it's understandable to want to give them a taste of their own medicine. But how can you effectively anger intruders when "hacking back" is illegal?
In fact, the biggest legal risks are violations of the Computer Fraud and Abuse Act (CFAA), says Jason Straight, senior vice president and chief privacy officer at UnitedLex. And while businesses are dabbling in illegal activity, he advises against it.
"Make no mistake: It is happening. Companies are hacking back," he explains, and much of their activity is arguably in violation of the CFAA. That said, he isn't aware of any prosecutions under CFAA against organizations engaged in what is often called "active defense activities."
Legal trouble aside, getting into a back-and-forth with attackers is dangerous, Straight cautions. "Even if you're really, really good and know what you're doing, the best in the business … will tell you it's very hard to avoid causing collateral damage," he explains. Chances are good your adversaries will see your "hack back" and launch a more dangerous attack in response.
The worst thing you can do is go after the wrong party, the wrong network, or the wrong machines, he continues. Most hackers aren't using their own equipment when they attack.
"There are times when I have really wanted to strike back, but you can't and you don't," says Gene Fredriksen, chief information security strategy for PCSU. You can shut them off, blacklist their IP addresses, and do things to slow them down if your team uses a SIEM system. There are several steps you can take to anger attackers without actively targeting them in response.
The idea is to get the bad guy to think twice, he explains, and let them know you're serious.
Here, security experts cite the most effective ways they've found to frustrate, deceive, and annoy attackers without risking legal consequences. If you have a tactic they didn't list, please share it in the comments.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
2021 Gartner Market Guide for Managed Detection and Response Report
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper