{"id":15102,"date":"2015-09-23T08:00:12","date_gmt":"2015-09-23T08:00:12","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4556"},"modified":"2020-02-26T11:03:07","modified_gmt":"2020-02-26T16:03:07","slug":"hacking-back-ii","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/hacking-back-ii\/15102\/","title":{"rendered":"Hacking-Back: Six Justifications for Doing It and What&#8217;s Wrong With Each One"},"content":{"rendered":"<p>If the idea of \u201chacking-back\u201d against cybercriminals who have harmed you or your company has seized you, your executive team, or your spouse as a reasonable thing to do, read on.\u00a0 It\u2019s an incredibly <a href=\"https:\/\/business.kaspersky.com\/hacking-back\" target=\"_blank\" rel=\"noopener nofollow\">risky strategy<\/a>.<\/p>\n<p>First let\u2019s look at why we\u2019d ever dream of doing it in the first place: there are six likely motives or apparent \u201cincentives\u201d to hack back.\u00a0 They are:<\/p>\n<ul>\n<li><strong>To stop the hacker.<\/strong> This is only possible in one of two ways:<\/li>\n<li>Through the destruction of their capabilities<strong>.<\/strong> This is highly unlikely, as cybercriminals are smart enough to have redundant systems.\u00a0 It also doesn\u2019t take much for them to get going again: one PC plus some malware-as-a-service.<\/li>\n<li>Through intimidation. Also highly unlikely \u2013 criminals have so much of an advantage that they don\u2019t intimidate easily.<\/li>\n<li><strong>To deter other hackers.<\/strong> This would require that other hackers learn about the counter attack, but this creates another problem: any company who declares they are aggressively pursuing cybercriminals makes themselves a target (if not a trophy).\u00a0 Hell hath no fury like a hacker scorned or taunted.<\/li>\n<li><strong>To obtain proof of the theft.<\/strong> This could only occur if the hack-back team succeeded in finding unencrypted stolen information on the hackers\u2019 computers.\u00a0 Even then, \u201cproof\u201d would have to exist in a form which law enforcement could be convinced had not been manufactured or manipulated.<\/li>\n<li><strong>To retrieve stolen information.<\/strong> This is the most laughable of them all, and yet it is the reason most often mentioned by legal bloggers, legislators and <a href=\"http:\/\/www.ipcommission.org\/\" target=\"_blank\" rel=\"noopener nofollow\">commissions<\/a> as being a good reason to hack back.\u00a0 It\u2019s hard to believe that anyone with a smattering of knowledge about how computers work would think a hacker would steal something of value and not copy and encrypt it, as they have been doing for years.\u00a0 Even garden-variety blackmailers like scum-of-the-earth <a href=\"https:\/\/www.fbi.gov\/news\/pressrel\/press-releases\/fbi-seeking-information-to-identify-victims-in-international-sextortion-case\" target=\"_blank\" rel=\"noopener nofollow\">sextortionists<\/a> know to make copies.<\/li>\n<li><strong>Restitution \u2013 this is the first one which <em>might<\/em> make sense if you have a huge amount of resources to throw at the problem.<\/strong> Start by stealing something of equal value from hackers and then: \u00a0<strong>\u00a0<\/strong><\/li>\n<li>Trade it for money or assets to offset the theft of your information;<\/li>\n<li>Use it to bargain with; get attackers to undo effects of the attack (return stolen property, destroy copies, provide compensation to rectify mitigation costs).<\/li>\n<li><strong>Revenge <\/strong>\u2013 hurt them back like they hurt you. This might sound satisfying, but it might also spark a full-on battle which could become incredibly expensive as hackers destroy everything they can.\u00a0 It\u2019s also illegal. Even if a certain law enforcement agency encourages you, they are likely to scatter if the matter goes public.<\/li>\n<\/ul>\n<p>Also, since innocent third parties \u2013 whose systems were infected \u2013 may be hurt by a hack-back, we must be certain we know who is ultimately responsible.\u00a0 This is complicated by the fact that cybercriminals know the tools anti-cybercriminal organizations use to establish attribution.\u00a0 This means they can use them to hide who they are.\u00a0 For example, they will add language of another nationality to the code, launch attacks from ISPs in other countries, and even outsource their attacks to other hackers.\u00a0 Because of this, absolute attribution is considered virtually impossible these days unless there is a signed confession.<\/p>\n<p>\u00a0<\/p>\n<p>Our position on hacking back is simple: it never makes sense. First, it\u2019s illegal. Second, decisions to do this are almost always emotionally based, and the costs may skyrocket disastrously. Third, the companies who\u00a0venture into hacking-back\u00a0take extra risks for themselves \u2013 with potentially dire repercussions \u2013 and the innocent third parties. These companies have much more to lose in an all-out hacking war than the attackers in almost every conceivable case.<\/p>\n<p>There are a few techniques of<strong> active defense <\/strong>which<strong>\u00a0<\/strong>could foil future attacks, making counterstrikes unnecessary.<\/p>\n<p>These should include:<\/p>\n<ol>\n<li>Internal network protections<\/li>\n<li>Deception\/diversionary tactics like honeypots<\/li>\n<li>Robust auditing, tracking, and data encryption internally<\/li>\n<li>Continual review of new products and new techniques in this area<\/li>\n<\/ol>\n<p>And of course a mature security solution capable of blocking hacking attacks should be in place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If the idea of \u201chacking-back\u201d against cybercriminals who have harmed you or your company has seized you, your executive team, or your spouse as a reasonable thing to do, read<\/p>\n","protected":false},"author":392,"featured_media":15563,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[282,82,422],"class_list":{"0":"post-15102","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cybersecurity","10":"tag-hacking","11":"tag-threats"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hacking-back-ii\/15102\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hacking-back-ii\/15005\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hacking-back-ii\/9092\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hacking-back-ii\/15102\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hacking-back-ii\/15102\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/cybersecurity\/","name":"Cybersecurity"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/392"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15102"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15102\/revisions"}],"predecessor-version":[{"id":33567,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15102\/revisions\/33567"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15563"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}