Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Proposed ‘Hack Back’ Bill Still in the Works, but Remains Contentious

    By
    ROBERT LEMOS
    -
    May 31, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Hack Back Bill

      A Georgia congressman has made a second attempt to craft legislation that carves out legal exemptions for companies that ‘hack back’ at attackers, posting a revised draft on May 25 that allows for beaconing technology, creates a mandatory reporting requirement and additional attempts to limit collateral damage.

      The draft of the legislation, known as the Active Cyber Defense Certainty (ACDC) Act, aims to allow companies to identify and take steps against online attackers. A variety of online actors—from cyber-criminals to nation-state agents—usually launch attacks through compromised private servers to shield their identity and activity, preventing prosecutors from pursuing charges and companies from filing lawsuits.

      The legislation, which has not yet been formally introduced in the U.S. House of Representatives, would allow organizations to create software that would ‘beacon out’ and identify the IP address of the potential location of the attacker and would allow the destruction of stolen data on a compromised system not actually owned by its operator.

      The draft legislation “allow(s) the use of limited defensive measures that exceed the boundaries of one’s network in an attempt to identify and stop attackers,” according to a statement released by the office of Rep. Tom Graves, R-GA, who is working on the bill.

      “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Rep. Tom Graves, (R-GA), said in a statement referring to version 2 of the legislative draft. “I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.”

      Hacking back, however, has always sounded a note of caution for security professionals, who worry that companies will not be able to limit the impact of software running on a server that has been compromised by cyber-attackers.

      “How do you realistically apply oversight to whether a company is sophisticated enough to take action on another’s system,” said Jen Ellis, vice president of community and public affairs for Rapid7. “None of these questions have been answered in any meaningful or realistic way.”

      In addition, only certain companies—those with a high degree of technical knowledge—will be able to take advantage of more active defenses. Some may be able to hire a private firm to pursue attackers on their behalf, but the creation of technical haves and have-nots will likely mean that attackers will focus more efforts on the less tech-savvy companies, she said.

      “Over time, the profit model will evolve, and the attackers will go for the targets with less defenses, so you are increasing the vulnerability of the most vulnerable organizations and you are widening the security-poverty gap,” Ellis said.

      Yet, the legislation taps into the frustration felt by many in business, that attackers are getting away with disrupting systems and causing damage without fear of punishment.

      “I think the general goal is very worthy,” Robert Chesney, professor of law and associate dean for academic affairs at the University of Texas School of Law, wrote of the original March draft of the legislation. “Yet the draft illustrates that it is really hard to frame the precise language needed to obtain greater legal space for active defense while still preserving reasonable — and reasonably clear — boundaries.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×