Cybersecurity

‘Hack back’ bill picks up new cosponsors

Rep. Tom Graves (R-Ga.) announced a host of new, bipartisan co-sponsors to his Active Cyber Defense Certainty Act on Friday afternoon. 

The bill would allow victims of hackers to hack back their assailants under a limited set of circumstances, in order to identify the attacker or retrieve or delete stolen data. 

{mosads}

Graves has said this legislation will increase the ability of victims to properly attribute damage to hackers and prevent stolen documents from falling into the wrong hands. 

The idea of hacking back is controversial within the cybersecurity community, with many worrying the bill might cause more harm than good. Hackers frequently route their attacks through the computers of other victims, creating a risk of collateral damage. 

The bill requires anyone taking advantage of its provisions to first notify the FBI of their intent. 

The original bill was released in mid-October and was co-sponsored by Rep. Kyrsten Sinema (D-Ariz.). 

New sponsors come from both sides of the aisle: Reps. Buddy Carter (R-Ga.), Henry Cuellar (D-Texas), Trey Gowdy (R-S.C.), Walter Jones (R-N.C), Barry Loudermilk (R-Ga.), Stephanie Murphy (D-Fla.) and Austin Scott (R-Ga.).

Graves held private hearings on hacking back and released discussion drafts of the bill dating back to early 2016.  

“Active defense” traditionally refers not to hacking back but to actions that slow hackers, including moving files during an attack to avoid the intruder or setting up fake documents to slow the progress to the real ones.