Sponsored By

6 Ways to Anger Attackers on Your Network6 Ways to Anger Attackers on Your Network

Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.

Kelly Sheridan

December 26, 2018

7 Slides

When you see an attacker on your network, it's understandable to want to give them a taste of their own medicine. But how can you effectively anger intruders when "hacking back" is illegal?

In fact, the biggest legal risks are violations of the Computer Fraud and Abuse Act (CFAA), says Jason Straight, senior vice president and chief privacy officer at UnitedLex. And while businesses are dabbling in illegal activity, he advises against it.

"Make no mistake: It is happening. Companies are hacking back," he explains, and much of their activity is arguably in violation of the CFAA. That said, he isn't aware of any prosecutions under CFAA against organizations engaged in what is often called "active defense activities."

Legal trouble aside, getting into a back-and-forth with attackers is dangerous, Straight cautions. "Even if you're really, really good and know what you're doing, the best in the business … will tell you it's very hard to avoid causing collateral damage," he explains. Chances are good your adversaries will see your "hack back" and launch a more dangerous attack in response.

The worst thing you can do is go after the wrong party, the wrong network, or the wrong machines, he continues. Most hackers aren't using their own equipment when they attack.

"There are times when I have really wanted to strike back, but you can't and you don't," says Gene Fredriksen, chief information security strategy for PCSU. You can shut them off, blacklist their IP addresses, and do things to slow them down if your team uses a SIEM system. There are several steps you can take to anger attackers without actively targeting them in response.

The idea is to get the bad guy to think twice, he explains, and let them know you're serious.

Here, security experts cite the most effective ways they've found to frustrate, deceive, and annoy attackers without risking legal consequences. If you have a tactic they didn't list, please share it in the comments.

About the Author(s)

Kelly Sheridan

Kelly Sheridan

Senior Editor

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

See more from Kelly Sheridan
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Silhouette of boats and people swimming at sunset, Phillipines
Cyberattacks & Data Breaches
Amid Military Buildup, China Deploys Mustang Panda in the PhilippinesAmid Military Buildup, China Deploys Mustang Panda in the Philippines
byNate Nelson, Contributing Writer
Nov 20, 2023
3 Min Read
Spiders
Threat Intelligence
Scattered Spider Casino Hackers Evade Arrest in Plain SightScattered Spider Casino Hackers Evade Arrest in Plain Sight
byBecky Bracken, Editor, Dark Reading
Nov 17, 2023
4 Min Read
Security and Exchange Commission website
Cyber Risk
Hackers Weaponize SEC Disclosure Rules Against Corporate TargetsHackers Weaponize SEC Disclosure Rules Against Corporate Targets
byNate Nelson, Contributing Writer
Nov 17, 2023
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events