Social Question

robmandu's avatar

Should you be able to hack back at the hacker?

Asked by robmandu (21285points) June 18th, 2012

Interesting article in Reuters, Hacked companies fight back with controversial steps:

Known in the cyber security industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant’s own systems.

It’s illegal (in the U.S.) to hack another person/entity’s computer… even if they’re illegally hacking your system first. But shouldn’t this scenario be treated more like self-defense? As in, it’s illegal to murder someone… unless they’ve invaded your home and threaten your family first.

Why not allow self-defense hacking?

Observing members: 0 Composing members: 0

14 Answers

ragingloli's avatar

“self defence” usually only works if you can show that all other options, like retreat, have already been exhausted. which in this case is having an impenetrable defence.
And besides, I do not think self defence should be applied to the protection of mere property anyway.
(Did you know that under German traffic rules, you are required to run over small animals if they are on the road? They are not an important reason enough to endanger traffic by braking or swiveling.)

marinelife's avatar

I definitely think that this should be legal.

hug_of_war's avatar

Two wrongs don’t make a right. And it isn’t self-defense when no one’s life is in danger.

Jaxk's avatar

Frankly I wouldn’t have a problem with this. There are comparable situations however that have been deemed illegal. For instance rigging a shot gun to your door to blow away anyone entering illegally. That is not self defense nor legal. A program that might infect the hacker is along similar lines. Risky business. Sounds like something the government could do but the rest of us would be imprisoned.

robmandu's avatar

A punch in the face isn’t life threatening. Punching back at the guy is indeed self-defense even though no one’s life is actually endangered.

Forget the semantics and vocabulary. Focus on the point of the question.

And if you insist on keeping to the “life in danger” scenario, then consider that hacking air traffic control, hospital computers, or the power grid are all arguably life threatening.

jerv's avatar

Please note that the laws of meatspace do not apply in the digital realm. For those that insist that cyberspace follows the same geographical paradigm as “The Big Room”, please drop some LSD so that you can break out of that sort of thinking. You are in a different world; you might want to learn some of the rule changes before you enter.

Now, it depends on what sort of counter-hacking is done, but if the hacker is even marginally competent at spoofing IPs and/or MACs, then the odds are that active retributive strikes will hit someone else. In meatspace terms, a burglar breaking into your house is no excuse to an innocent person three states away. A more passive measure like a honeypot (the digital version of a landmine) is a different matter as that would only affect those who are definitely where they should not be.

Also, if you consider premeditated counterattacks after the fact to be “self defense”, then you are saying that I have the right to go back to my old hometown and punch the bullies who used to beat me up 25–30 years ago.

So, in summary, not just no, but /double facepalm and a headshake

LuckyGuy's avatar

I consider the actions like “Stand your ground”. Years ago I added LaBrea Tarpit as part of my security system. It allows your PC to respond to port scanning requests but does it very slowly. This greatly increases the time required for a scanning attempt, and sometimes traps the perpetrator. in the tar.
I do the same thing with telephone Robo-calls. I do not hang up immediately. I put my phone near the radio and just leave it off the hook fora while.
My being proactive might have slowed the bad guys just enough so they were not able to bother you.
You’re welcome.

dabbler's avatar

My sense is there is ambiguity on a few fronts when comparing a hacker attack to a meat space self-defense situation.
– The concept of retreat on the internet means suicide for someone doing business. In meat space you would not be expected to avoid attack that way.
– in meat space you have some reasonable expectation that if you retreat and notify authorities then something can and will be done to prevent further attacks. In cyber-space it is not a reasonable assumption that any authorities can or will come to your aid.
– If you’ve suffered an attack it might not be over and could resume at any time. If you suffer repeated attacks in cyber-space going after the perpetrator(s) could be the only survival method available.

I’m not advocating attacks, I think @LuckyGuy‘s strategy is useful – be defensive, but I think you may not have the same clear opportunities to stay out of trouble in cyber-space.

Paradox25's avatar

Yes we should, afterall we’re only standing our ground against hack attacks. Only hackers who hack first get burned here, so if you’re not hacking into someone’s system than there is nothing to fear. What’s the problem?

jerv's avatar

@Paradox25 “Standing your ground” does not mean “track him down long after the attack and hope that you got the right house when you beat whoever answers the door at the address you have that may or may not be spoofed”.

You are thinking in meatspace terms. That is the problem.

Now, doing stuff like @LuckyGuy does is acceptable in my mind as it truly is a passive approach that only harms the guilty. But if you are into witch hunts, random retribution, and misdirected anger, then do it your way. And hope you never wind up starting a pissing contest with Anonymous ;)

Response moderated (Spam)
Response moderated (Spam)
LuckyGuy's avatar

I am using a similar tactic on phone spammers. I answer immediately and put the phone near a radio playing a talk show like NPR. I figure it ties up their lines.

Response moderated (Spam)

This discussion has been archived.

Have a question? Ask Fluther!

What do you know more about?
Knowledge Networking @ Fluther