Archive for August, 2017

Hack-back in the Real World

ProtonMail just recently (yet briefly) bragged about shutting down a phishing campaign that it was the target of by hacking back the phishing server… Earlier this year, a member of the US Congress (Rep. Tom Graves) proposed the “Active Cyber Defense Certainty Act (ACDC)” to amend US law to allow private entities, with mandatory reporting requirements to law enforcement, to conduct certain forms of hack-back… Following this proposal, discussion online exploded… My timeline was filled with “If people tried hack-back, this would happen!” but you don’t have to hypothesize. You can see what did happen in the myriad examples of hack-back in the real world. So below I assembled a list of publicly recorded hack-backs, with the results of each and reference to original sources.

No Comments