Hack Back...Legally

      David Willson, an attorney from Titan Info Security Group understands the frustration of spending $50,000 to $100,000 per week to battle a persistent threat.  Nothing works, law enforcement is overwhelmed with too many cases and traditional approaches are failing.  He believes the answer could be to hack back.  But he cautions, this should never be the first line defense.  In the case of a persistent attack, it may be the only option.  He says the key is to stay within criminal law while you take your chances with civil law.  

      Security is poor on the corporate side, but it is also poor on the hacker side.  An organization could place code on a bot that has infected their system.  This code could eventually get back to the attacker's command-and-control server to block their communications route.  This code could be viewed by courts as similar to cookies or adware and these are not illegal.   

     Honeypots are also an option.  They are a legal way to collect information on their attackers and their trail.

     US companies are governed by the federal Computer Fraud and Abuse Act.  This states that any unauthorized access of another companies computers can be considered a crime.  Many states have computer trespass laws and other countries have laws that can cause serious legal trouble, also.

     My thoughts on this are frustration.  I liken this to the homeowners dilemma in protecting their property.  If someone comes to my house, jimmies the lock, comes in with a weapon, and I shoot them, I have to defend myself.  In my humble opinion, the minute someone comes into my house unexpected and uninvited, especially armed, they deserve whatever I can dish out.  They have NO business being here.  I feel the same about my computer.  I feel if hackers are getting into your system, you have documented it, and you have tried regular methods to eradicated their presence that have failed, then I think you should be able to "have at them."  If they are in your business without cause and making problems, I believe if you can get back to them and mess up their systems, you should be able to do it.  They invited the trouble.  If they were not there, they would not bring trouble on themselves.

     I understand there is are fine lines and they are there for reasons. but I get so frustrated when they seem to protect the bad guys more than the good guys.

http://www.darkreading.com/risk-management/167901115/security/security-management/240012675/companies-should-think-about-hacking-back-legally-attorney-says.html?cid=nl_DR_weekly_2012-11-01_html&elq=1a2a5e29b1f64afbb23aed6fd2323f2f