Hacking Back at Hackers? Think Twice

Posted by on Aug 23, 2013

After years of hackers, leaks, and data mining, businesses have had enough. But instead of seeking out strong defensive measures to prevent attacks, some aggressive businesses are hacking back. The rise of hacking back is leading to ramped-up hacking around the world as hackers and businesses wage an all out cyber war over data security. While hacking back might sound like a good way to punish cyber criminals, many security experts caution against the practice, warning that it causes more harm than good. As it stands, most laws don’t offer protections for businesses that hack back, and organizations that employ the practice can even suffer criminal prosecution. Instead of hacking back, businesses and enterprises can protect themselves with secure cloud storage that offers data privacy and user anonymity.

The Rise of Hacking Back

Image courtesy of pcworld.com

Hacking is so prevalent that most businesses have suffered at least some sort of security breach. According to a recent study of American firms, respondents suffered over 100 successful instances of hacking and cyber attacks every week through 2012. This rampant hacking shows a stark 42% rise from 2011 and has prompted some aggressive tactics. Hacking back essentially means using hacking techniques to recover stolen data while exacting some sort of digital revenge on the suspected source of hacking. But such tactics are often costly and complicated, when simple defensive measures would have prevented hacking in the first place. A Verizon report from early this year showed that more than 75% of network breaches and intrusion were the fault of bad passwords or user names. Rather than swinging back wildly at hackers, taking simple precautionary measures against hacking and cracking will take care of most potential security breaches.

Instances of Cyber Attacks


As it stands, hacking back will get your organization in deep legal trouble. The position of the Justice Department is to consider any instance of accessing another party’s network without their explicit permission a violation of the law. According to cyber-security expert Greg Hoglund, “This literally is a wild west out there. When I think of hack back, I think of more of a counterstrike, or a mitigative action to stop an imminent or ongoing attack. You’re not going out and trying to find trouble, you’re in trouble and trying to stop the pain right then.” In this case, hacking back would mean shutting down an attack in progress or reaching into suspected networks to try to retrieve, alter, or delete potentially stolen data. But Joel Reidenberg, a law professor at Fordham University, warns, “Reverse hacking is a felony in the United States, just as the initial hacking was. It’s sort of like, if someone steals your phone, it doesn’t mean you’re allowed to break into their house and take it back.”

Safer Passwords

Image courtesy of graphs.net

This hasn’t deterred businesses and enterprises from such defensive attacks on cyber criminals as law enforcement isn’t likely to prosecute instances of hacking back. As Reidenberg says, “If the only organization that gets harmed is a number of criminals’ computers, I don’t think it would be of great interest to law enforcement.” But this shouldn’t give companies encouragement to engage in illegal activity. According to James Andrew Lewis from the Center for Strategic and International Studies, hacking back is “a remarkably bad idea that would harm the national interest.” Furthermore, Lewis asserts that trying to out-hack international hacking rings “is not a contest American companies can win.” And companies can’t even guarantee the sources of hacking as many savvy attackers mask their IPs. This could lead to an instance of “hacking back” on a completely innocent user, which would result in severe brand damage as well as potential litigation.

A Proactive Defense Against Hacking With SpiderOak

Instead of hacking back, protect your company data proactively through secure cloud services. For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Leave a Reply