Category Archives: Pro-Active Defense

Cyber Vigilantism and Pro-Active Defense

Cyber Vigilantism and Pro-Active Defense

Cyber Vigilantism is a term used as an attack back against cyber-attack on a company.  Allowing a company that has been attacked to counter back or “Hack Back” a potential hacker or hacker group.  The act of hacking back is highly illegal due to the Computer Fraud and Abuse Act.  (Riofrio, 2013) states, “This law has undergone numerous revisions since it was first enacted in 1986, but Title 18, Sec. 1030 is clear on the point that using a computer to intrude upon or steal something from another computer is illegal.”   This is obviously immoral.  (Riofrio, 2013) continues by saying, “What’s clearly illegal are offensive hacks, where you leave your territory and actively pursue an assailant online.”

If a company decides to partake in Cyber Vigilantism no matter how satisfying this maybe they are opening entirely to many doors.  What happens when a company doesn’t have the means to attack back or to go bigger than an attacker?  Will companies need to try and hold their own with cyber militaries or terrorist groups?  It’s a bad decision all around to open up the playing field blurring the lines of hacking for good and hacking for personal gain. (Fisher, 2013) says that “Foreign Policy’s John Reed points out that hackers often deploy their attacks from “hijacked computers belonging to innocent bystanders,” meaning that a corporate retaliation might end up targeting people who’ve done nothing wrong.”

Proactive Defense to me means many things.  Instead of focusing on offense many companies need to focus on defense.    The defense in depth approach is increasingly promising.  Also the ability to understand what your most sensitive data is and be able to protect that with harder security then other areas of your business.  I also like what CloudFlare has done to slow down known criminals.  CloudFlare believes in slowing down a criminal’s resources by monitoring patterns and immediately restricting resources.  I believe this is largely effective.  Coupled with good internal defense in depth practices makes for a strong security posture for any company.

 

References

Fisher, M. (2013, May 23). Should the U.S. Allow Companies to ‘Hack Back’ against Foreign Cyber Spies? The Washington Post. Retrieved 2016, from http://www.highbeam.com/doc/1P2-34692413.html?refid=easy_hf

Riofrio, M. (n.d.). Hacking back: Digital revenge is sweet but risky. PCWorld.

Duhigg, C. (2012). How Companies Learn Your Secrets. Retrieved February 17, 2016, from http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=0