Hackback (retaliating in kind against online attackers) might be a little too aggressive When a denial-of-service (DOS) attack was launched against the World Trade Organization website during the WTO summit meeting in Seattle nearly four years ago, Conxion (the WTO’s hosting service) retaliated. Conxion determined that the attack, consisting of a flood of page download requests, was coming from a single IP address belonging to a server run by a United Kingdom-based group called the E-Hippies Coalition. Conxion repelled the DOS attack by telling its filtering software to redirect network traffic coming from E-Hippies’ server back to the offending machine. E-Hippies never publicly acknowledged the attack, but noted on its site that users were having a hard time getting through. It’s called hackback, and it’s a still more extreme version of aggressive defense. Probably too extreme, in fact. Digex CSO Pamela Fusco, who generally advocates an aggressive defense strategy, says her company won’t go as far as hackback because of the legal risks. Jennifer Granick, executive director for the Stanford Law School Center for Internet and Society, runs through a litany of those risks: Placing unauthorized code on a person’s machine without his consentespecially if the code maintains communications with a third partycould violate the provisions of 18 USC 1030, the general statute forbidding unauthorized access to computer systems. The statute is an outgrowth of the Computer Fraud and Abuse Act as modified by the Patriot Act and other actions. These actions can be prosecuted under the Computer Fraud and Abuse Act, the Unlawful Access to Stored Communications Act and the Electronic Communications Privacy Act. And even if a company’s honeypot sends out honey tokens, which determine what kind of activities the alleged attacker is participating in on his own machines, Granick says it could be violating a host of privacy protections intended to prevent illegal wiretapping. Granick further points out a simple logistical risk posed by hackback: Since hackers frequently disguise their attacks as coming from someone else, the counterstrike may wind up hitting an innocent party. In the WTO case, in press reports at the time, Conxion said it believed it had a clear trail back to the offending IP address at the E-Hippies server allowing it to reject the packets and return them to the sender. (NaviSite, the company which later acquired Conxion, did not return calls seeking comment for this story.) Related content opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO CSO and CISO CSO and CISO feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Cryptocurrency Cryptocurrency news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe