Surely all breached organizations consider hacking back as some means of response to being attacked and losing intellectual property. Thankfully there was a room full of lawyers at RSA Conference on Wednesday to remind IT pros of what a colossally bad idea that is.
Putting aside the illegality of hacking back for a second, there are many tentacles to such an action that not only put a company’s legal position and reputation at risk, but also threatens innocent third parties caught in the crossfire.
“The fallacy is that hacking back is going to solve your problems,” said Christopher Painter, State Department coordinator for cybersecurity issues. “Hacking back is not going to keep [attackers] from still having your IP. If smart attackers are behind your intrusion, they’re going to use proxies and other things to get at you. Hacking back means you’ll likely hit an innocent third party. You don’t get the benefit and you could cause legal and international harm in terms of the way you are perceived.”
