According to a CNN tech report, there is a bill that could allow companies to who are victims of a computer hack retaliate the favour to their hackers. This bill, called the “Active Cyber Defense Certainty (ADCD) Act, according to the report, amend the current anti-hacking law called Computer Fraud and Abuse Act, so that a victim company could in response to a hack, take defensive measures to access their attacker’s computer or network to identify the hacker and/or destroy stolen information. This bill is no joke. It is been sponsored by two US Representatives, Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.
As expected, there’s been a lot of commentaries on this, but Tom Graves has come out in defense saying “I’ve heard folks say this is like the Wild West what we might be proposing, but in fact it’s not,”. He further said that “We are already dealing with the Wild West and there’s a lot of outlaws out there but we don’t have a sheriff, we don’t have a deputy and all we were asking for is a neighborhood watch.” Watch full interview here.
Security experts are swift to give their opinion on this “hack bill”. Lesley Carhart, digital forensics expert, said that the fundamental problem with the idea is that a majority of organizations who would want to hack back aren’t qualified to do so responsibly. It often takes a long time to correctly identify who was responsible for a hack, Also, that “A savvy bad guy could fairly easily emulate an innocent third party, and draw down the wrath of unskilled analysts on them.”
Carhart also said that poking around in a hacker’s network could impede law enforcement investigations and court proceedings by potentially contaminating evidence.
Bassel Ojjeh, cofounder and CEO of security firm LigaData said he was afraid the bill “will take us back to ancient Babylon and Hammurabi code which called for an eye for an eye and a tooth for a tooth,”. “And everyone at this rate will go blind.”
The report noted that the FBI and other law enforcement agencies are already involved in investigating and prosecuting cybercrime. They work closely with major security firms and companies impacted by breaches. So is this bill relevant? What is your opinion on this? Drop your comments.
Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker.
Security hackers are people involved with circumvention of computer security. Security hackers are several types, including:
White hats are security hackers who work to keep data safe from other hackers by finding system vulnerabilities that can be mitigated. They are usually employed by the target system’s owner, and are typically paid for their work. Their work is not illegal, because it is done with the system owner’s consent.
Black hats or crackers are hackers with malicious intentions. They often steal, exploit, and sell data, and are usually motivated by personal gain. Their work is usually illegal.
Grey hats are security hackers those who hack just for fun. They may both fix and exploit vulnerabilities, but usually not for financial gain.
Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. For ethical hacking to be legal, it must abide by some rules which includes:
- Getting written permission from the owner of the computer system and/or computer network before hacking
- Protect the privacy of the organization been hacked.
- Transparently report all the identified weaknesses in the computer system to the organization.
- Inform hardware and software vendors of the identified weaknesses.