Hacking Back: Industry Reactions to Offensive Security Research

Hacking Back: Industry Reactions to Offensive Security Research

Hacking Back: Industry Reactions to Offensive Security Research

“Companies not prepared to deal with the consequences of attempting to penetrate attacker infrastructure should stay far away from retaliation. The attackers have nothing to lose and you may encourage escalation. A DDoS attack can quickly grow from annoyance to crippling. Attackers may decide to release personal information about company executives and their families. If extortion is involved, the attackers may decide that your attempts to “hack back” increase the price to go away. Depending on location, you may be violating local laws and put yourself into the attacker category.

One has to ask, “what’s the goal?”, “what do you gain by penetrating the attackers infrastructure?”. If you were successful, what next? If you manage to take down infrastructure, have you stopped the threat? Is the end game to reveal the attackers? At least law enforcement has the ability to ultimately intervene at a physical level. If you can’t stop the people, they will just set up new infrastructure.” writes Jason Lewis, Chief Collection Officer, LookingGlass

Excerpted from full article: http://www.securityweek.com/hacking-back-industry-reactions-offensive-security-research