Hacking Back, in essence, refers to the offensive actions taken by an organization that is under a cyber attack. This can include blocking and stopping the attack, deterring the attacker, retrieving or deleting data acquired or encrypted by hackers, collecting intelligence about the attackers, and in some cases, neutralizing or even damaging the hacker’s system.
Technologies that facilitate such actions include Trackback technologies, Aggressive Monitoring, and White Hat Malware. Numerous cybersecurity companies also offer anti-hack products for this purpose. Under certain assumptions, hacking back could serve as an Active Cybersecurity measure. These assumptions encompass accurate hacker identification, the organization's skill and experience in executing a hack back, controlled escalation, and the assumption that the hacker will not retaliate.
Supporters of hacking back argue that it can protect systems and networks by disrupting attacks, deterring hackers, and aiding victim organizations in recovering lost data. They also argue that it can deliver justice and serve as a safer alternative to more drastic measures. Critics, however, argue that hacking back rarely yields tangible results, can slip into vigilantism, risk causing collateral damage, and potentially provoke more severe attacks that are beyond an organization's control.
Current Legal Status:
Hacking back is currently illegal in most jurisdictions. Laws like Australia's Cybercrime Act and the U.S's Computer Fraud and Abuse Act prohibit unauthorized access or modification of data on a computer. In the U.S, proposals such as the Active Cyber Defense Certainty Act and the Study on Cyber-Attack Response Options Act have been brought forward to permit certain hack-back activities, emphasizing the idea of 'self-defense' against cyber attacks.