If you’re over 40, you probably remember Matthew Broderick playing a high schooler who hacked his way into the Defense Department’s network and inadvertently brought the world to the brink of nuclear war. If you were terrified with the premise of WarGames, you weren’t alone. Turns out, Ronald Regan saw it too, and promptly got the ball rolling on the Computer Fraud and Abuse Act (CFAA), passed by Congress in 1986. The law effectively made “accessing a computer without authorization” AKA hacking, illegal. And thus began a debate that’s been roiling amongst cybersecurity experts for more than 30 years.
To hack back or not to hack back, that is the question. While at first blush, it might seen obvious, (It’s illegal after all, right?), the answer is just not that simple. Consider the story of legendary hacker Shawn Carpenter, who was called in when defense contractor Lockheed Martin’s systems were compromised. It didn’t take long for him to suspect that it was the Chinese behind the hack. But since hacking back was illegal, there was little Lockheed would allow Carpenter to do. In a story you could imagine on the big screen, Carpenter set up cyber honeypots on his own home computers where he lured the Chinese hackers and caught them in the act, uncovering a trove of documents that had been stolen, including highly sensitive plans for weapons, aircraft and more. Still, Carpenter was accused of crimes and had to fight for his innocence. (There’s more to that story you can read here).
Lockheed-type situations have been duplicated dozens, if not hundreds of times, over the past few decades, with companies suffering millions of dollars in data loss with little they are able to (legally) do to stop it. But last year, cyber hack-back proponents found an ally in Representative Tom Graves (GA), who submitted a bill to the House that would allow some retribution currently prohibited by the CFAA. Opponents fear that this could make way for a Cyber Wild West, where vigilante justice could, as Regan feared, take World Powers to the brink of serious conflict.
A fascinating article about the history and implications of hack-backs appeared in the New Yorker this week.
Poster artwork by James White (Signalnoise)