ASCII.jp If you do it, do you want to do it?Reverse hacking method is "bad muscle" for this reason

Cyber attack victims are preparing for a bill that can track hackers in the U.S. Congress.The Republican Party and the Democratic Party are supported from both sides, but there is no concern that the trackers may return to the hacker, but that the damage may increase.

Corporate efforts to spend billions of dollars a year on cyber security are irresistible, and hackers have not stopped.At the end of November, the world's largest ship broker (a company that brokers the use of ships between the shipkeepers and the employment ship) and clarkson was the target of cyber attacks.On the other hand, Uber has been hiding a large hacking for more than a year, and has been listed in a ball from regulatory authorities (see "Is it due to the impact of Uber's large amount of information leakage, a sloppy security countermeasure").The judicial authorities in charge of the cyber crime investigation are at a loss.This is because there is a new interest in "reverse hacking (the victims of cyber attacks are tolerating the attacker in cyber space)".

At present, doing something like a vigilante violates the computer fraud and unauthorized usage Control Law (CFAA), which crack down on accessing a third -party computer without prior permission.However, a proposal for this law is currently being passed by the U.S. Council.When a bill called "Active Cyber Defense Certainty" is passed, victims of cyber attacks are a third -party computer to track cyber attackers and stolen data.You will be able to access.The revised bill has been invented by Republican Republican member Tom Graves and has been co -suggested by Democratic Capital Cylesten Cinema.Recently, the number of supporters of the bill has been increasing from both the Republican and the Democratic Party.

Efforts to encourage reverse hacking have failed so far.One of the reasons is concerned about the damage.Usually, hackers attack and hide their footprints through other people's machines (in some cases via thousands of machines) without being noticed by the owner.If a company tracks cyber attackers, it is necessary to quickly access the same terminal used by hackers, whether it is a baby surveillance camera, a home router or precision medical device.However, in response to the reverse hacking that is excited to go up on the same ring as the hacker, hackers can easily use the terminals they use easily or make more malicious tricks.

According to Galette Hawkins spokeswoman, Greaves, the ACDC bill has several guardrails to prevent such problems.Only the so -called "selected defenders" are exempt from the application of CFAA, where the attacker who runs reverse hacking is clear.Also, when the victim tracks hackers, it is not possible to use techniques such as "giving physical and financial losses regardless of whether they are pretending."In addition, it is not possible to use tactics that "intentionally exceeds" the permissible range for intruders' investigations by accessing third -party computers.

In addition, the ACDC bill stipulates that defenders will inform the US Federal Bureau (FBI) the plans for reverse hacking.However, there is no need to obtain permission from the FBI to delete the stolen files or to disturb the advanced attacks targeting the hacker server.

According to Hawkins Public Relations, when preparing the ACDC bill, the team of Greibs has requested many business people and policy experts to publicly announce that it supports the ACDC bill.Currently, reverse hacking is legally in the gray zone, so there aren't many companies who want to publicize the ACDC bill.

One of the reasons for this is that if this bill is enacted, the situation will not improve, but rather not want to be involved in a bill that will be worse.The article is written in a fairly vague expression.For example, the specific elements of "selected defenders" are not written.As a result, anyone who suspects hacking has given the excuse for accessing another person's terminal.At that time, it can be claimed that it was an accident, not what you did, even if the damage occurred.

There are other reasons why the legalization of reverse hacking causes unexpected troubles.Professor Robert Chesney of the University of Texas School of Law has pointed out that skilled hackers will always be trapped to inexperienced trackers.For example, to delete the data of a person who has nothing to do with it.Hackers are often attacked through multiple countries, and there is a possibility that Americans who are tracking hackers may violate the laws of other countries that prohibit such acts.

Even if the victim can identify the attacker (even though it is quite difficult), counterattacking may intensify the enemy and increase the damage.It is also difficult to think that companies that cannot defend themselves can win the cyber war."It's like chasing the culprit to the hideout after entering a burglar and stolen money. You will face the criminal who has no idea who has anyone who has it," he said.According to the high -ranking officials, the current cloud security company, Varmour, Mark Weatherford.

Like many cyber security experts, Weatherford senior officers also believe that hacker tracking should be left to government agencies that can use technical expertise and diplomatic means.Some say that he should adjust such efforts in the international agreement (see President Microsoft, Proposing the Cyber -attacked Geneva Convention).

The challenge is to make it possible for FBI and other institutions to be able to deal with hacking storms.In the provisions of the ACDC bill, there is a clause that requires the Ministry of Justice to create an annual report.The annual report demands the total number of investigations of computer fraudulent crimes by hacker tightening agencies and the number of staff members of the law enforcement agencies that have investigated and prosecuted cyber crimes.The only movement to increase this transparency is the only inadequate ACDC bill.