When you see an attacker on your network, it's understandable to want to give them a taste of their own medicine. But how can you effectively anger intruders when "hacking back" is illegal?
In fact, the biggest legal risks are violations of the Computer Fraud and Abuse Act (CFAA), says Jason Straight, senior vice president and chief privacy officer at UnitedLex. And while businesses are dabbling in illegal activity, he advises against it.
"Make no mistake: It is happening. Companies are hacking back," he explains, and much of their activity is arguably in violation of the CFAA. That said, he isn't aware of any prosecutions under CFAA against organizations engaged in what is often called "active defense activities."
Legal trouble aside, getting into a back-and-forth with attackers is dangerous, Straight cautions. "Even if you're really, really good and know what you're doing, the best in the business … will tell you it's very hard to avoid causing collateral damage," he explains. Chances are good your adversaries will see your "hack back" and launch a more dangerous attack in response.
The worst thing you can do is go after the wrong party, the wrong network, or the wrong machines, he continues. Most hackers aren't using their own equipment when they attack.
"There are times when I have really wanted to strike back, but you can't and you don't," says Gene Fredriksen, chief information security strategy for PCSU. You can shut them off, blacklist their IP addresses, and do things to slow them down if your team uses a SIEM system. There are several steps you can take to anger attackers without actively targeting them in response.
The idea is to get the bad guy to think twice, he explains, and let them know you're serious.
Here, security experts cite the most effective ways they've found to frustrate, deceive, and annoy attackers without risking legal consequences. If you have a tactic they didn't list, please share it in the comments.