Over the last year I have been writing and speaking on hacking back
in self-defense, and every time I poll an audience as to whether hacking
back is legal I get a resounding NO!
Then I walk the group through a theory of self-defense in cyberspace
and re-ask the question with a slightly different spin. At that moment
most agree that based on the manner in which the scenario and theory
were presented it does not sound illegal; a ray of hope suddenly appears
in their eyes.
Is this a play on words? Am I mincing words and definitions with
questions like “what is the definition of is?” No, it is a real and
workable theory; a new way of looking at the problem.
Let’s face it, if the government was going to and could help you they
would. But like most companies they too are overwhelmed defending
against a daily barrage of cyber-attacks. So, what‘s the
answer? Continue to absorb escalating costs of operation caused by
unrelenting hackers? Accept the loss of proprietary data, intellectual
property or trade secrets and consequently millions of dollars and
reputation? At what point should the good guys declare enough is
We are currently in a “cyber-cold war” and the targets are anyone
online with something to steal or disrupt. Three options exist:
At RSA Europe in London Davi Ottenheimer of Flying Penguin and I will present a legal and workable framework for commercial companies to practice active defense. I will then present this again at ISSA International and Hacker Halted.