{"id":13114,"date":"2022-12-29T09:10:17","slug":"hack-back-controversy-to-fight-hacking","title":{"rendered":"Hack back controversy to fight hacking"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-7233 alignleft\" src=\"https:\/\/integrity-asia.com\/wp-content\/uploads\/excited-hacker-after-breaking-government-server-using-supercomputer.jpg\" alt=\"hack back\" width=\"517\" height=\"291\" \/>After claiming to have obtained and released personal information on the President of the Republic of Indonesia, Joko Widodo and his cabinet members, <a href=\"https:\/\/www.thejakartapost.com\/indonesia\/2022\/11\/22\/care-and-protect-apparent-govt-health-app-breach-raises-deeper-data-concerns.html\">Bjorka<\/a> made another splash by offering $100,000 in bitcoin for 3.2 billion data entries reportedly belonging to <a href=\"https:\/\/www.indonesia.travel\/id\/en\/trip-ideas\/a-brief-guide-on-using-peduli-lindungi-mobile-app\">PeduliLindungi<\/a> app users on the hacking site, Breach Forums. User contact information, ID card information, travel history, vaccination status, and COVID-19 test results are among the data leaked.<\/p>\n<p>The latest event increased t<a href=\"https:\/\/cybersecurityventures.com\/hackerpocalypse-cybercrime-report-2016\/\">he global cost of cybercrime<\/a>, which surpassed $6 trillion last year and is expected to climb at a 15% yearly rate over the following five years, reaching $10.5 trillion USD annually by 2025.<\/p>\n<p>With such staggering costs, it&#8217;s no surprise that some companies consider retaliating against hackers. It is often referred to as &#8220;hack back.&#8221; Is it, however, legal to hack back?<\/p>\n<h3><strong>A conflict between law and ethics<\/strong><\/h3>\n<p>\u201cNo\u201d is the most probable response. Just in the United States, the FBI &#8220;warns&#8221; victims against hacking back. The Department of Justice calls it potentially unlawful.<\/p>\n<p>However, nobody has formally ruled it unlawful. We don&#8217;t yet have a test case in court, and neither has the legislation, whether it be in the US or another country.<\/p>\n<p>But does it still make sense to defer to the authorities when cyber attackers continue to avoid identification \u2014 let alone capture and prosecution?<\/p>\n<p>As of now, we can look toward ethics for guidance, which surprisingly might permit hacking back.<\/p>\n<p>Just like \u201cconventional crime\u201d, even when assistance is on the way, you still have a fundamental right to self-defense, since a lot can happen in the few minutes between the home invasion and the arrival of the police. It would be reasonable to protect your family during a home invasion, for instance \u2014 in this case, the same principle should apply to cybercrimes.<\/p>\n<p><a href=\"https:\/\/www.researchgate.net\/publication\/320445115_On_the_offensive_is_'hacking_back'_ethical\">A study<\/a> claims that it is ethical in the government context to hack back because they use it to defend their people, but it may not be ethically justifiable for civilians to use the approach.<\/p>\n<p>Apart from law and ethics, for civilians, hacking back is practically a bad idea because doing so only causes bigger risks than merits.<\/p>\n<h3><strong>Evil begets evil<\/strong><\/h3>\n<p>Cyber crimes can take multiple forms just like conventional crime, the biggest issue is finding the right perpetrator. But what if you can\u2019t identify your attacker? What happens if you attack an innocent person?<\/p>\n<p>A clear example of this can be described with a DDoS attack.<\/p>\n<p>DDoS, or \u201cdistributed denial of service\u201d attack, is when a hacker attempts to flood a victim\u2019s IT network with a high amount of requests from a large number of computers. This leads to a shutdown of the victim&#8217;s network. In the process of a DDoS, many machines are needed for the attack, but these machines can also be other victims with hacked computers unaware of what is happening, since some hackers harvest the computer powers of other innocent people to perform such attacks.<\/p>\n<p>That being said, if a victim of a cybercrime such as a DDoS decides to hit back, that person would also take offense at other innocent people.<\/p>\n<p>Hacking back also raises the possibility of a larger cyberwar, which could result in retaliation, further chaos, collateral damage, or worse: geopolitical implications. A lot can go wrong.<\/p>\n<p>Meanwhile, at the end of the day, this hack back won\u2019t deter all the hackers and the chance to steal the data back is slim, so there is little to be gained.<\/p>\n<p>This looks to be victim-blaming, much like blaming a mugging or rape victim for extra wounds received as a result of retaliation. Should the victims remain silent while being attacked?<\/p>\n<h3><strong>Doubled-down self-defense<\/strong><\/h3>\n<p>Considering the risks, it is not feasible for companies to go on the offensive. The self-defense should be grounded around both preventive and corrective measures, doubling down on their cyber defense.<\/p>\n<p>Preventive measures include measures to reduce risks. Companies can actively look for and fix any vulnerabilities regularly. It is important to remember that what safeguarded your companies a year ago may no longer be effective now.<\/p>\n<p>Corrective measures handle the aftermath of an attack with tools such as incident response, <a href=\"https:\/\/integrity-asia.com\/fraud\/\">forensic analysis<\/a>, and data restoration from backups. With appropriate corrective measures, in the future, companies can further improve their cyber defense.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.freepik.com\/free-photo\/excited-hacker-after-breaking-government-server-using-supercomputer_19348325.htm#page=3&amp;query=hack&amp;position=33&amp;from_view=search&amp;track=sph\">Image by DCStudio<\/a> on Freepik<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After claiming to have obtained and released personal information on the President of the Republic of Indonesia, Joko Widodo and his cabinet members, Bjorka made another splash by offering $100,000 in bitcoin for 3.2 billion data entries reportedly belonging to PeduliLindungi app users on the hacking site, Breach Forums. User contact information, ID card information, [&hellip;]<\/p>\n","protected":false},"acf":[],"featured_image_url":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-content\/uploads\/sites\/3\/2023\/02\/excited-hacker-after-breaking-government-server-using-supercomputer.jpg","_links":{"self":[{"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/posts\/13114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/comments?post=13114"}],"version-history":[{"count":0,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/posts\/13114\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/media\/13116"}],"wp:attachment":[{"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/media?parent=13114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/categories?post=13114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-corporate.integrity-asia.com\/id\/wp-json\/wp\/v2\/tags?post=13114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}