Several weeks ago, a document from the Pentagon affirmed that cyberattacks against US' companies and institutions “appear to be attributable” to the Chinese government. Now, a report released by the Commission on the Theft of American Intellectual Property says that the best method against these threats is to “hack back.”
The group, which includes personalities like the former US Ambassador to China Jon Huntsman and former Director of National Intelligence Dennis Blair, says that "without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information."
The report says that Congress should consider the addition or modification of laws which will allow US companies to "counterattack" against hackers. Meanwhile, the group says cyber security information-sharing between companies and the government has to increase, by passing the controversial Cyber Information and Sharing Protection Act (CISPA).
The defence proposed by the commission includes surveillance activities, activation of malware in hacker's network and destruction of hacker's computers and networks.
“Both technology and law must be developed to implement a range of more aggressive measures that identify and penalize illegal intruders into proprietary networks, but do not cause damage to third parties,” says the report.
In essence, the document suggests that companies which have been hacked must have the right, at least, of do the same with hackers and get stolen files back.
However, the Computer Fraud and Abuse Act considers these proposals illegal and, according to the Justice Department's cybercrime manual states that a hacked company "should not take any offensive measures on its own”, even if they are defined as “defence.”
Besides, such activities could damage computers from innocent citizens, because hackers use to launch their attacks from third parties. In addition, it's not clear yet which is the source or sources of the cyberattacks. Despite the government affirms that China is behind, the Asian country maintains that such actions weren't launched by them.
According to experts, “hacking back” is not the solution. Allowing companies to react against hackers will violate international laws and cybersecurity measures.
The question now is whether companies will take action, despite the illegality of the proposal.