“Hacking back” legislation is back in Congress

A bill legalizing companies’ ability to “hack back” after they’ve been attacked is back on track after months of feedback. Let’s unpack. Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., introduced a modified Active Cyber Defence Certainty (ACDC) Act on Friday allowing companies to “hack back” against hackers in an effort to identify and stop cyberattacks. The ACDC amends the Computer Fraud and Abuse Act (CFAA), which makes it illegal to access computers without authorization. Companies and individuals would be granted the right to “active defense” using various ways to identify, disrupt and possibly even destroy data in the name of “hacking back.” “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Graves said in a statement. “I thank everyone who helped sharpen this idea and improve the legislation. I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.” […]

The post “Hacking back” legislation is back in Congress appeared first on Cyberscoop.

Continue reading “Hacking back” legislation is back in Congress

Hutchins arrest stokes fears among those sharing sensitive threat intel

The arrest of security researcher Marcus Hutchins is troubling members of multiple threat information sharing groups who once counted Hutchins as an ally, but now worry that he could have recorded and shared their sensitive work. CyberScoop viewed several conversations among threat intel groups, which played out in closed chatrooms and email threads. The concern voiced by members of several groups is that Hutchins — who was arrested by the FBI last week and charged with allegedly creating a banking trojan that was sold on dark web marketplace AlphaBay — could have sent sensitive information from the groups to people associated with the cybercrime underground. “This is bad. We need to assume for the period he was among us, any and all traffic was compromised and could be, along with our names etc. in the hands of various adversaries,” one member wrote in an email. Additionally, the communications include the […]

The post Hutchins arrest stokes fears among those sharing sensitive threat intel appeared first on Cyberscoop.

Continue reading Hutchins arrest stokes fears among those sharing sensitive threat intel

Revised Active Defense Bill Allows Victims to Recover or Destroy Stolen Data

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer. Continue reading Revised Active Defense Bill Allows Victims to Recover or Destroy Stolen Data

Revised Active Defense Bill Allows Victims to Recover or Destroy Stolen Data

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer. Continue reading Revised Active Defense Bill Allows Victims to Recover or Destroy Stolen Data

Cyber experts tell Congress that if companies can’t hack back, maybe the feds should

Corporate cybersecurity experts told senators that the U.S. government should launch offensive cyber-missions against hackers who attack and steal information from American companies. During a Senate Homeland Security and Governmental Affairs hearing Wednesday, Chairman Ron Johnson, R-Wis., asked a panel of prominent private sector cybersecurity executives how the U.S. government could better collaborate with American companies to combat malicious digital activity. The four-person panel, which consisted of individuals that work for Symantec, Monsanto, the Marine Corps University and a prominent U.S. law firm, unanimously agreed and told lawmakers that the U.S. government must do more to curb malicious cyber-activity. The follow-up question, however, of how exactly the country should advance such a broad effort, was met with widely different answers. “I would say where the government can help corporate America most is to do the thing corporate America cannot do for itself,” said Kevin Keeney, director of cyber incident response for the […]

The post Cyber experts tell Congress that if companies can’t hack back, maybe the feds should appeared first on Cyberscoop.

Continue reading Cyber experts tell Congress that if companies can’t hack back, maybe the feds should

How the FBI relies on dark web intel firms as frontline investigators

A cadre of former intelligence officers is lurking on the dark recesses of the internet on behalf of government and a shortlist of wealthy clients. U.S. law enforcement officials regularly rely on a complex network of relationships they’ve formed with a select group of private intelligence firms to monitor the vast, opaque expanses of the dark web, former FBI officials, company executives and defense contractors tell CyberScoop. Insiders say the relationships are especially distinct because the companies operate in a hazardous legal environment where they must constantly balance operational risks and client interests while maintaining law enforcement’s trust. “Generally, private sector companies want to help law enforcement catch bad guys, but they don’t want to be dragged into diverting time and other resources to assist in the prosecution process,” said Levi Gundert, vice president of intelligence and strategy for threat-intel firm Recorded Future. “The business needs to focus on serving customers, not […]

The post How the FBI relies on dark web intel firms as frontline investigators appeared first on Cyberscoop.

Continue reading How the FBI relies on dark web intel firms as frontline investigators