‘Revenge is a dish best served cold,’ it’s been said. Another version is ‘payback is sweet.’ Or yet another is ‘don’t get mad, get even.’ Well, take heart hacking victims, a new bill sponsored by Rep. Tom Graves (R-GA) that clears a path for you give your hackers a little ‘hack payback’ is gaining steam in Congress.
The Active Cyber Defense Certainty Act, which amends the Computer Fraud and Abuse Act, makes retaliation against cyber hackers legal. Admittedly, it’s a bit of vigilante justice. Still, the purpose of the revenge would be to identify the hacker, infiltrate their network, reclaim stolen data, and uncover their location. Of course, the point is to prevent stolen documents from landing on the Dark Web or elsewhere to compromise the victim. The bill isn’t promoting lawlessness, it must be said. Those taking hack back into their own hands must first fess up to the FBI, the report said.
Enticing as it may seem, the legislation has built-in drawbacks not the least of which is the potential for collateral damage to those whose systems may have also been hacked on the way to the retaliator’s computer. And let us not forget the vigilante angle.
The original bill was released in mid-October and co-sponsored by Rep. Kyrsten Sinema (D-AZ). New bipartisan sponsors include Reps. Buddy Carter (R-GA), Henry Cuellar (D-TX), Trey Gowdy (R-SC), Walter Jones (R-NC), Barry Loudermilk (R-GA), Stephanie Murphy (D-Fl) and Austin Scott (R-GA).
The bill is based on the concept of ‘Active defense,’ which refers to actions to slow down hackers, not necessarily to give them what for’’ (via The Hill). Options include moving files during an attack to avoid the intruder or setting up fake documents to slow the progress to the actual files. There are more limitations: The legislation is confined to hacking of computers in America, so if your system is cracked into by someone in a foreign country the law that would result from the bill is useless if you’re considering revenge.
Meanwhile, The Department of Homeland Security (DHS) is gearing up cybersecurity coverage on the eve of Tuesday's gubernatorial elections in New Jersey and Virginia.
“We’ve helped them get prepared," Bob Kolasky, the acting deputy undersecretary at the department’s cyber wing, the National Protection and Programs Directorate, told The Hill. "We will be in contact with them on Election Day and we will be ready to do anything to help.”
With the 2018 mid-term elections fast approaching, concerns over more Russian interference are already starting to mount. "We believe the intent and capability is still out there," Kolasky reportedly said.