Pages

Sunday, January 28, 2018

Active Cyber Defense Certainty Act: Should we 'hack back'?

Recently, a bill was proposed by Georgia Congressman Tom Graves named the Active Cyber Defense Certainty Act, which has now gone on to be called the hack back bill by individuals in the cyber community. This bill is being touted as a cyberdefense act that will enable those who have been hacked to defend themselves in an offensive manner. It's essentially attempting to try and fill the holes the antiquated Computer Fraud and Abuse Act has left wide open.

I'm a big fan of evolving our laws to bring them into a modern state when it comes to cybersecurity, but I feel this law will cause more harm than good. Allowing others to hack back without the proper oversight -- which I feel is extremely lacking in the proposed bill -- will create cyber vigilantes more than anything else. I also feel that this law can be abused by criminals, and it doesn't leave us in any better state than we're in now.

First, the jurisdiction of the Active Cyber Defense Certainty Act only applies to the U.S. If someone notices an attack coming from a country outside the U.S., or if stolen data is being stored outside the boundaries of our borders, then they won't be able to hack back.

This already severely limits the effectiveness of this bill, as it can easily be bypassed by attackers who can avoid consequences by launching an attack with a foreign IP. It can also enable pranksters or attackers to start problems for Americans by purposefully launching attacks from within compromised systems in the U.S. to other IPs inside the country. This would give the victims the legal right to hack back against the mischievous IPs, while the spoofed organizations remained unaware of what happened, and started the process of attacking them back.

In theory, this would create a hacking loop within the U.S. and would end up causing disarray, giving an advantage to the hackers. Not only can systems be hacked by a malicious entity, but they can be legally hacked by Americans following the initial attack; hackers would essentially be starting a dispute between two innocent organizations.

On that note, if attackers launch attacks from the U.S. against other systems within the U.S., it's possible for them to attack the systems that regulate our safety. And what if they attack the systems of our healthcare providers, critical infrastructure or economy? Do we really want someone who might not be trained well enough to defend against attacks poking at these systems? This isn't safe, and it borders on being negligent on the part of those who were compromised.

The mention of 'qualified defenders with a high degree of confidence of attribution,' really leaves the door open to what someone can do within the Active Cyber Defense Certainty Act.
The mention of "qualified defenders with a high degree of confidence of attribution," really leaves the door open to what someone can do within the Active Cyber Defense Certainty Act. First, what makes someone a "qualified defender," and how are they determining a "high confidence of attribution"? Is there a license or certification that someone must have in order to request the ability to hack back? Even if they did receive something similar, they still won't know the architecture or systems they're looking to compromise in order to defend themselves. What tools are they able to use and what level of diligence must be shown for attribution? This is a recipe for disaster, and it's also very possible that emotions could get in the way when determining what to delete or how far to go.

The Active Cyber Defense Certainty Act also mentions contacting the FBI in order to review the requests coming into the system before companies are given the right to hack back. This could lead to an overwhelming number of requests for an already stretched cyber department within the FBI.

If anything, I feel that the bill should leave these requests to the Department of Homeland Security instead of the FBI, as an entirely new team would need to be created just to handle these requests. This team should be the one acting as the liaison to the victim organizations.

For example, if we knew someone stole a physical piece of property, and we knew where they were storing it, we'd most likely call the local authorities and let them know what occurred. In the case of cybercrime, they're giving us the ability to alert the authorities, and then go after our stolen goods ourselves. This is a mistake that could lead to disaster.

Lastly, there are technical issues that might make this a lot more difficult than people think. What if a system is being attacked by the public Port Address Translation/Network Address Translation address of an organization? Are they going to start looking for ways into that network even though they can't access anything public-facing?

Also, what will happen if cloud systems are being used as the source of an attack? How do you track systems that might be moving or destroyed before someone notices? In that case, you could end up attacking the wrong organization. I personally don't trust someone attacking back and making changes to a system that they don't manage, since it leaves the door open for errors and issues later on that we're not even considering now.

Data theft today is a massive concern, but the privacy implications and overzealous vigilantism of this bill could make a bad situation much worse. The Active Cyber Defense Certainty Act should be removed from consideration, and the focus should be put on how Americans can work toward creating a better threat intelligence and cybersecurity organization that can act as a governing body when attacks like these occur. Leaving such matters in the hands of those affected will never produce positive results.

55 comments:

  1. Also, whenever you enter a private office, the office has nearly unlimited authority specialist to look out for everything you might do. data privacy

    ReplyDelete

  2. we are Providing Pure Leather Jackets at very Affordable Price..
    Thanks alot!!!

    ReplyDelete
  3. very nice and Quality of the Leather Jackets are Avalible at very Affordable rates with
    Nice and Comfortable touch and Quality..

    Thanks Alot.

    ReplyDelete
  4. cybersecure
    Cybersecurity, computer security or IT security, whichever is suitable for you, protected my computer system and reduced the risk for hardware, software or electronic data to get breached. So, thumbs up for the excellent

    ReplyDelete
  5. Attend The Data Science Training in Bangalore From ExcelR. Practical Data Science Training in Bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Science Courses in Bangalore.
    ExcelR business analytics course

    ReplyDelete
  6. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. should i buy facebook reviews

    ReplyDelete
  7. When your website or blog goes live for the first time, it is exciting. That is until you realize no one but you and your. how to hack imessage account

    ReplyDelete
  8. nice blog.
    AWS training in hyderabad
    https://360digitmg.com/amazon-web-services-aws-training-in-hyderabad
    AWS training will give the students obtain expertise in the theories of AMI Creation, EBS Persistent Storage, Amazon Storage Services S3, Route 53, AWS EC2 and AWS S3 Instances & further high-level concepts.

    ReplyDelete
  9. Really awesome blog!!! I finally found a great post here.I really enjoyed reading this article. Nice article on data science . Thanks for sharing your innovative ideas to our vision. Your writing style is simply awesome with useful information. Very informative, Excellent work! I will get back here.
    Data Science Course
    Data Science Course in Marathahalli

    ReplyDelete
  10. In the World of Digital Technology, Android Game is one of the Best OS in Mobiles World. Subway Surfers MOD APK is now the best game. About 95% of the World use Smart Phones. They try their best that they solved all their problems on Smart Phones. So, the developers introduced the APK File. Thousands of Games and Apps are being added and launched for android every day, considering the number of users to solve their problems or to give them happiness and joy.Subway SurfersMODApks

    ReplyDelete
  11. Thank you for sharing for such informative blog post. I really appreciate your efforts and dedication. Get more info about professional hackers for hire

    ReplyDelete
  12. Thank you for taking the time to publish this information very useful! buy 500 instagram likes uk

    ReplyDelete
  13. In the event that I needed to give an extraordinary case of top quality substance, this article would be it. It's an elegantly composed critique that holds your advantage.


    SEO services in kolkata
    Best SEO services in kolkata
    SEO company in kolkata
    Best SEO company in kolkata
    Top SEO company in kolkata
    Top SEO services in kolkata
    SEO services in India
    SEO copmany in India

    ReplyDelete
  14. Great survey, I'm sure you're getting a great response. buy 1000 instagram likes uk

    ReplyDelete
  15. You have put some high quality and valuable information here that any reader would love to read.
    SAP training in Kolkata
    SAP course in kolkata
    SAP training institute in Kolkata

    ReplyDelete
  16. Nevertheless, with the increase in the development of online technology the ratio of scams and cyber security has also increased radically. cyber security course in hyderabad

    ReplyDelete
  17. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article. poker indonesia

    ReplyDelete
  18. On the off chance that we need to comprehend the worries, first we should get intelligence and afterward foresee where we are simultaneously. cyber security in hyderabad

    ReplyDelete
  19. Homework Writing Help Services the effectiveness of this bill, as it can easily be bypassed by attackers who can avoid consequences by launching an attack with a foreign IP. It can also enable pranksters or attackers to start problems for Americans by purposefully launching attacks from within compromised systems in the U.S. to other IPs inside the country.

    ReplyDelete
  20. I found so many interesting stuff in your blog. we provide mobile locksmith san antonio at affordable prices. for more info visit our website.

    ReplyDelete
  21. The government is most concerned about defending against attacks threatening us, our national security and our infrastructure. How to hire a cybersecurity expert

    ReplyDelete
  22. I wanted to leave a little comment to support you and wish you a good continuation. Wishing you the best of luck for all your blogging efforts.
    a href="https://www.excelr.com/data-analytics-certification-training-course-in-pune/"> Data Analytics Course in Pune/">You re in point of fact a just right webmaster. The website loading speed is amazing. It kind of feels that you're doing any distinctive trick. Moreover, The contents are masterpiece. you have done a fantastic activity on this subject!
    I have express a few of the articles on your website now, and I really like your style of blogging. I added it to my favorite’s blog site list and will be checking back soon…

    ReplyDelete
  23. This means that the contact and company details, alongside your event booking and attendance records would be shared between the two systems. Robotics Process Automation tech events

    ReplyDelete
  24. It is a good site post without fail. Not too many people would actually, the way you just did. I am impressed that there is so much information about this subject that has been uncovered and you’ve defeated yourself this time, with so much quality. Good Works! expert secrets Russell Brunson

    ReplyDelete
  25. Remarkable article, it is particularly useful! I quietly began in this, and I'm becoming more acquainted with it better! Delights, keep doing more and extra impressive! creare sito web

    ReplyDelete
  26. It is still a good idea to be conscious of the uptimes posted by the company. If it is not at least 99.5%, it is probably not worth hosting with that company. ssd vps hosting

    ReplyDelete
  27. Archie 420 Dispensary is a trusted Cannabis dispensary base in Los Angeles California USA. It is one of the top dispensary in this part of the country. They do deliver Marijuana in the USA and to over 25 countries in the world. Buy Sherbet weed strain online in USA You can always visit their dispensary in Los Angeles using the address on their website. Place your order and get served by the best dispensary in the planet. Have fun.

    ReplyDelete
  28. Crystal online pharmacy is a trusted online drug store with a wide range of products to suit the needs of our clients. Buy Antioxidants online Crystal Pharmacy do strive to offer the best service and ship products world wide. All the products listed on our website are Ava in stock. Expect your order to be processed Immediately when you send us your request. We deal with varieties of drugs for our customers satisfaction. We cross barriers with our products and struggle hard to meet human satisfaction. When shopping with us, Be safe and secured and you will realize how swift we are with our services.

    ReplyDelete
  29. Universal Gun sales is a trusted Firearm company base in Los Angeles California USA. It is one of the top Firearms Company in this part of the country. Buy Berreta 92x full size online They do offer the best firearms deal in the USA and to over 25 countries in the world. You can always visit their shop in Los Angeles using the address on their website. Place your order and get served by the best Firearm Company in the planet. Have fun.

    ReplyDelete
  30. Gorilla Glue #4 is making a name for itself as one of the most potent strains in the world Buy Gorilla Glue Weed Strain and Buy Gorilla Glue Weed Online with bitcoin. Gorilla Glue #4 Buy Cannabis Online. It’s not uncommon for this strain to produce THC levels above 28% in optimal growing conditions. Great for those with severe pain conditions or folks looking to relax after a terrible workday, this isn’t a strain you’ll want to pass up. It may go by the name GG4 after a lawsuit from the makers of the actual glue, The Gorilla Glue Co - Gorilla Glue Weed For Sale.

    The Medical and Recreational Marijuana industry in Canada and the United States is growing at a rapid pace. Cannabis Health Home strives to be apart of this community that is growing to help people medicate naturally by supplying strains of the highest quality at the best current market prices. We take pride in our supply chain and take pride in serving complete discretion and satisfaction to our clients. Buy Gorilla Glue Online

    The Online Store of Cannabis Health Home procures the Best Quality Gorilla Glue Weed For Sale from reliable sources so that customers can easily buy them any time they need. All the products that are offered at Cannabis Health Home are of the highest quality. This can definitely provide people with the peace of mind that they can always have access to the freshest strains of cannabis every time they shop from Cannabis Health Home. The store also lets people Buy Cannabis Online With Bitcoin which makes it easier to make payments easily.

    Buy Gorilla Glue Weed Online or feel free to chat with our friendly budtenders who would be glad to assist you with any questions on our strains or products.

    ReplyDelete
  31. I am very thankful to you that you have shared this info with us. Here I find some special kind of info, and it is really helpful for everyone. Thanks for sharing it once again. 24 hr locksmith near me

    ReplyDelete
  32. Your web site really feels a great deal of specialist touch. I'm still an amateur, so I intend to talk with a professional. My writing is still unsatisfactory, yet I desire you to evaluate me by my writing. Please do that for us. 바카라사이트

    ReplyDelete
  33. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. business analytics course in mysore

    ReplyDelete
  34. Diseñamos la página web para que tu empresa tenga una imagen digital profesional 24/7 y sea más fácil que te ubiquen online, puedan conocer tu oferta de productos, servicios, que logren contactarte de una forma más rápida y fácil.
    Nuestras páginas web son visualmente atractivas, tienen un diseño web responsive para ser visualizadas en un dispositivo móvil, lo que permite una experiencia de usuario agradable, intuitiva, simple, rápida y con usabilidad. Están optimizadas al SEO para ser leídas con facilidad por los motores de búsqueda como Google y ayudar al posicionamiento de tu contenido con las palabras clave con las que deseas darte a conocer.
    Al tener una página web de calidad te diferenciarás de la competencia al posicionarte en comparación con los que no tienen presencia digital, además de que atraer mayor tráfico a tu sitio web y permitirte mayor exposición que puede verse traducida en convertir a los visitantes en clientes e incrementar tus ventas. posicionamiento web barcelona

    ReplyDelete
  35. GTA Online ALL 토토검증업체 HEIST SCOUTING CLUES - 6 Access Point Locations & 10 Points of Interest

    ReplyDelete
  36. I found Hubwit as a transparent s ite, a social hub which is a conglomerate of Buyers and Sellers who are ready to offer online digital consultancy at decent cost. data analytics course in mysore

    ReplyDelete
  37. Thanks so much for sharing this article with us! I found it very informative, and I'm sure others will too. Thank you for taking the time to contribute your thoughts and experiences on this topic.
    Investment Banking Course in India

    ReplyDelete
  38. Thanks so much for sharing this article with us! I found it very informative, and I'm sure others will too. Thank you for taking the time to contribute your thoughts and experiences on this topic.
    Investment Banking Course in delhi

    ReplyDelete
  39. The Active Cyber Defense Certainty Act, which is under consideration. Cybersecurity and hacking back are major problems. However, allowing uncontrolled hacking back could encourage misuse and cybercrime.
    IIM Skills is the best institute to make your career successful with Data Analytics Courses in India. With Excel, Access, and Oracle databases, you can stay up-to-date on current trends and develop innovative solutions.

    ReplyDelete
  40. The proposed Active Cyber Defense Certainty Act highlights concerns about possible cyber criminal activity and legal restrictions. Knowledge and control are essential. A planned cybersecurity strategy must be implemented for better results.
    Data Analytics Courses in Mumbai

    ReplyDelete
  41. This article provides a critical examination of the Active Cyber Defense Certainty Act, highlighting its potential pitfalls and dangers. It raises crucial questions about oversight, jurisdiction, and technical challenges. A thoughtful perspective on cybersecurity legislation.
    Data Analytics Courses in Nashik

    ReplyDelete
  42. The Active Cyber Defense Certainty Act is critically examined in this essay, with an emphasis on the risks and drawbacks it may present. It brings up important issues with oversight, legal authority, and technical difficulties. A considered viewpoint on cybersecurity laws.
    Data Analytics Courses in Agra


    ReplyDelete
  43. good blog
    Data Analytics Courses In Vadodara

    ReplyDelete
  44. Thank you so much for sharing information about this act. It was very informational.
    Visit - Data Analytics Courses in Delhi

    ReplyDelete
  45. This blog post provides a comprehensive analysis of the Active Cyber Defense Certainty Act and the ethical dilemmas associated with the idea of 'hacking back.'
    Data analytics courses in new Jersey

    ReplyDelete
  46. The Active Cyber Defense Certainty Act is a legislative proposal aimed at allowing limited, retaliatory measures in response to cyberattacks, stirring discussions about the ethics and effectiveness of such actions.
    For those interested in the field of data analytics, Glasgow offers a range of Data Analytics courses to build expertise in extracting insights from data. Please also read Data Analytics courses in Glasgow for more information.

    ReplyDelete
  47. Thank you for sharing in depth knowledge and excellent information on Active Cyber Defense Certainty Act.
    Digital Marketing Courses In Bhutan

    ReplyDelete
  48. This article provides a thorough analysis of the potential risks and downsides of the Active Cyber Defense Certainty Act. Insightful read

    Digital marketing tips for small businesses

    ReplyDelete
  49. Thank you for sharing fantastic information on Active Cyber Defense Certainty Act.
    Adwords marketing

    ReplyDelete
  50. Interesting post. Right to self defense with amendments shall be incorporated into the proposed bill.
    Investment banking courses after 12th

    ReplyDelete
  51. It's crucial to remember that there are supporters and opponents of the ACDC Act. Opponents contend that it could have unforeseen repercussions, including a possible uptick in cyberwarfare and a higher chance of collateral damage. Thanks for giving clear idea.
    Investment banking courses in the world

    ReplyDelete