Tag Archives: self-defense

Congress: Cyber Security & the Private Sector. FBI Hacked

This week the House Energy & Commerce Subcommittee on Communications & Technology held hearings on how to address the cyber security threat and better implement private/public cooperation to mitigate the threat.  A question was raised about current laws and whether they hamper the private sectors’ ability to defend itself.  The Committee recognized the White House commission report on cyber security and its discussion on current law gaps (White House Cyber Security Policy Review).  At least in my opinion, the laws clearly hamper the private sectors’ ability to defend themselves.

Every time I lecture on my article, “Hacking Back In Self-Defense: . . .,” there is at least one or two people in the audience who argue that my theory is illegal. Is hacking back illegal? Yes, in some respects, and no in others.  It all depends.  I also receive pushback when I claim self-defense does exist in cyberspace. Regardless of where you stand on these issues, the discussion needs to be had and pushed down the road quickly. The naysayers do not provide solutions but only roadblocks. Attacks move at the speed of light and can severely damage and destroy companies. We need answers and solutions sooner rather than later.

Case in point, the FBI as they spoke to Scotland Yard about how to take down the Anonymous hacker group was hacked. Their 15 minute conversation was recorded by Anonymous and put out on the Internet. 

We are being challenged in cyberspace and must act now.  If you are interested in further discussion on tools and techniques for the private sector, attend a webinar on 16 Feb. titled, “Mitigative Counterstrike.”

Hacking Back Part II

In my last blog on “Hacking Back” I asked is it legal, ethical, and do I have a right to defend my network against yours? Well, I believe it is legal and ethical, and absolutely, I have the right under “self-defense” to defend my network from being attacked by yours, even if you do not know that your network is attaching mine!

Obviously if I know who you are and can contact you I would be obligated to do so. This scenario assumes I have no idea where the attack is coming from.

When considering hacking, hack back, self-defense in cyber space, etc., you must consider the fact that everything happens literally at the speed of light. So, saying I must contact law enforcement, collect evidence, and go to court is the same as saying “just accept it, and hope to recover all of your losses from a court, even if your company has since been put out of business.”

Here is my next question for comments:

Does anyone wish to argue that if their network has been compromised by hackers and is attacking others without their knowledge, the party or parties they are attacking have NO right to take action to stop those attacks?

My hacking back article can be found on Titan Info Security Group under white papers.