Category Archives: Hack Back

Google and Microsoft ask Georgia governor to veto ‘hack back’ bill

Posted on by

Google and Microsoft are asking Georgia Gov. Nathan Deal to veto a controversial bill that would criminalize “unauthorized computer access” and potentially allow companies to conduct offensive hacking operations. The Georgia General Assembly passed the bill in late March and sent it over to Deal, who has 40 days to sign it. The legislation has been met with outcries from the security researcher community. Critics say it would put a chilling effect on legitimate cybersecurity research, in which ethical hackers find and report vulnerabilities in organizations’ networks. But in a in a letter dated April 16, representatives from Microsoft and Google focus on one of the bill’s provisions exempting “active defense measures that are designed to prevent or detect unauthorized computer access.” The companies say that this exemption gives companies broad authority to “hack back” if said hacking is deemed to be for the sake of cybersecurity. “On its face, this provision broadly authorizes the hacking of […]

The post Google and Microsoft ask Georgia governor to veto ‘hack back’ bill appeared first on Cyberscoop.

Continue reading Google and Microsoft ask Georgia governor to veto ‘hack back’ bill

Rep. Graves: ‘Active defense’ bill will launch a new industry

Posted on by

One of the authors of a controversial “hack back” bill in Congress believes the legislation can launch a new industry around “active defense” that allows companies to strike back against hackers who steal data. Rep. Tom Graves, R-Ga., predicts the private sector will develop new tools that will add a new layer of deterrence. Graves, who strenuously objects to the “hack back” terminology for the bill, spoke with CyberScoop earlier this month about the legislation. “You currently have a 1.5 percent conviction rate in cyberattacks,” Graves said. “I think you’ll see that rate go up because attribution will go up, but also because I think you’ll see the number of attacks reduced. And then you’ll see information sharing occurring prior to successful attacks, which will protect additional systems and networks as information being shared about attacks taking place or attempted attacks and the process they’re going about.” Graves and Rep. Kyrsten Sinema, D-Ariz., […]

The post Rep. Graves: ‘Active defense’ bill will launch a new industry appeared first on Cyberscoop.

Continue reading Rep. Graves: ‘Active defense’ bill will launch a new industry

“Hacking back” legislation is back in Congress

Posted on by

A bill legalizing companies’ ability to “hack back” after they’ve been attacked is back on track after months of feedback. Let’s unpack. Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., introduced a modified Active Cyber Defence Certainty (ACDC) Act on Friday allowing companies to “hack back” against hackers in an effort to identify and stop cyberattacks. The ACDC amends the Computer Fraud and Abuse Act (CFAA), which makes it illegal to access computers without authorization. Companies and individuals would be granted the right to “active defense” using various ways to identify, disrupt and possibly even destroy data in the name of “hacking back.” “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Graves said in a statement. “I thank everyone who helped sharpen this idea and improve the legislation. I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.” […]

The post “Hacking back” legislation is back in Congress appeared first on Cyberscoop.

Continue reading “Hacking back” legislation is back in Congress

Cyber experts tell Congress that if companies can’t hack back, maybe the feds should

Posted on by

Corporate cybersecurity experts told senators that the U.S. government should launch offensive cyber-missions against hackers who attack and steal information from American companies. During a Senate Homeland Security and Governmental Affairs hearing Wednesday, Chairman Ron Johnson, R-Wis., asked a panel of prominent private sector cybersecurity executives how the U.S. government could better collaborate with American companies to combat malicious digital activity. The four-person panel, which consisted of individuals that work for Symantec, Monsanto, the Marine Corps University and a prominent U.S. law firm, unanimously agreed and told lawmakers that the U.S. government must do more to curb malicious cyber-activity. The follow-up question, however, of how exactly the country should advance such a broad effort, was met with widely different answers. “I would say where the government can help corporate America most is to do the thing corporate America cannot do for itself,” said Kevin Keeney, director of cyber incident response for the […]

The post Cyber experts tell Congress that if companies can’t hack back, maybe the feds should appeared first on Cyberscoop.

Continue reading Cyber experts tell Congress that if companies can’t hack back, maybe the feds should