Some companies are considering adopting the standards of the Wild West to fight back against online bandits.
With news of cyber attack or a data breach in the news nearly every day, a number of companies are searching for a way to stop the barrage. Recently there's been more discussion about the merits of hacking back.
In taking an eye-for-an-eye approach, some of the companies that have been attacked are looking at retaliating against the attackers, covertly shutting down computers behind the cyber assaults or even spreading a new virus to stymie the hackers. Such retaliation is illegal in the United States.
Companies view counterattacking as a way to bypass U.S. authorities, avoiding publicly admitting that they’ve been attacked and exposing themselves to lawsuits from loss of confidential data or service disruptions.
Gavin Reid, a security researcher for Cisco Systems, said the company doesn't retaliate because it follows the adage that two wrongs don’t make a right.
"In adopting the hacker’s techniques, we would be further propagating the problem," he said.
But he acknowledged that other victimized organizations have considered retaliation because they are frustrated by the lack of prosecution of hackers and their inability to quell the incessant attacks.
"Until there’s a penalty for hacking, countries and organizations will use it as an interesting and easy way to make money," Reid said. "Right now it’s easy to do and there’s no penalty for doing it, so it’s a bit of Wild West."
In a recent report about combating intellectual property theft, a private commission led by former U.S. Ambassador to China Jon Huntsman Jr. and former Director of National Intelligence Dennis Blair called for “informed deliberations” about whether corporations and individuals should have more flexibility to defend themselves from cyber intrusions.
Copyright © 2015, The Baltimore Sun