Should you be able to hack back at the hacker?

“self defence” usually only works if you can show that all other options, like retreat, have already been exhausted. which in this case is having an impenetrable defence.
And besides, I do not think self defence should be applied to the protection of mere property anyway.
(Did you know that under German traffic rules, you are required to run over small animals if they are on the road? They are not an important reason enough to endanger traffic by braking or swiveling.)

I definitely think that this should be legal.

Two wrongs don’t make a right. And it isn’t self-defense when no one’s life is in danger.

Frankly I wouldn’t have a problem with this. There are comparable situations however that have been deemed illegal. For instance rigging a shot gun to your door to blow away anyone entering illegally. That is not self defense nor legal. A program that might infect the hacker is along similar lines. Risky business. Sounds like something the government could do but the rest of us would be imprisoned.

A punch in the face isn’t life threatening. Punching back at the guy is indeed self-defense even though no one’s life is actually endangered.

Forget the semantics and vocabulary. Focus on the point of the question.

And if you insist on keeping to the “life in danger” scenario, then consider that hacking air traffic control, hospital computers, or the power grid are all arguably life threatening.

Please note that the laws of meatspace do not apply in the digital realm. For those that insist that cyberspace follows the same geographical paradigm as “The Big Room”, please drop some LSD so that you can break out of that sort of thinking. You are in a different world; you might want to learn some of the rule changes before you enter.

Now, it depends on what sort of counter-hacking is done, but if the hacker is even marginally competent at spoofing IPs and/or MACs, then the odds are that active retributive strikes will hit someone else. In meatspace terms, a burglar breaking into your house is no excuse to an innocent person three states away. A more passive measure like a honeypot (the digital version of a landmine) is a different matter as that would only affect those who are definitely where they should not be.

Also, if you consider premeditated counterattacks after the fact to be “self defense”, then you are saying that I have the right to go back to my old hometown and punch the bullies who used to beat me up 25–30 years ago.

So, in summary, not just no, but /double facepalm and a headshake

I consider the actions like “Stand your ground”. Years ago I added LaBrea Tarpit as part of my security system. It allows your PC to respond to port scanning requests but does it very slowly. This greatly increases the time required for a scanning attempt, and sometimes traps the perpetrator. in the tar.
I do the same thing with telephone Robo-calls. I do not hang up immediately. I put my phone near the radio and just leave it off the hook fora while.
My being proactive might have slowed the bad guys just enough so they were not able to bother you.
You’re welcome.

My sense is there is ambiguity on a few fronts when comparing a hacker attack to a meat space self-defense situation.
– The concept of retreat on the internet means suicide for someone doing business. In meat space you would not be expected to avoid attack that way.
– in meat space you have some reasonable expectation that if you retreat and notify authorities then something can and will be done to prevent further attacks. In cyber-space it is not a reasonable assumption that any authorities can or will come to your aid.
– If you’ve suffered an attack it might not be over and could resume at any time. If you suffer repeated attacks in cyber-space going after the perpetrator(s) could be the only survival method available.

I’m not advocating attacks, I think @LuckyGuy‘s strategy is useful – be defensive, but I think you may not have the same clear opportunities to stay out of trouble in cyber-space.

Yes we should, afterall we’re only standing our ground against hack attacks. Only hackers who hack first get burned here, so if you’re not hacking into someone’s system than there is nothing to fear. What’s the problem?

@Paradox25 “Standing your ground” does not mean “track him down long after the attack and hope that you got the right house when you beat whoever answers the door at the address you have that may or may not be spoofed”.

You are thinking in meatspace terms. That is the problem.

Now, doing stuff like @LuckyGuy does is acceptable in my mind as it truly is a passive approach that only harms the guilty. But if you are into witch hunts, random retribution, and misdirected anger, then do it your way. And hope you never wind up starting a pissing contest with Anonymous ;)

I am using a similar tactic on phone spammers. I answer immediately and put the phone near a radio playing a talk show like NPR. I figure it ties up their lines.