Hack-back Operations: Exploring the Cyber Threat Landscape
VerifiedAdded on 2021/06/18
|10
|3309
|57
Report
AI Summary
This report, titled "Microsoft Office User," delves into the complexities of cybersecurity, focusing on the contentious issue of 'hack-back' operations. It begins by establishing the current cyber threat landscape, emphasizing the pervasive nature of cybercrimes and the substantial financial losses incurre...
Microsoft Office User
[COMPANY NAME] [Company address]
[DOCUMENT TITLE]
[COMPANY NAME] [Company address]
[DOCUMENT TITLE]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction......................................................................................................................1
Background.......................................................................................................................1
Threat Landscape..............................................................................................................2
Arguments of both sides.....................................................................................................2
Arguments supporting ‘hack-back’............................................................................................2
Arguments against ‘Hack-back’.................................................................................................4
Recommendations.............................................................................................................6
Conclusion........................................................................................................................7
Introduction
Every single nation over the globe is encountering some or different type of threat. Any kind
of task that involves securing the web tends to be a daunting job even for the specialist and
experts. There does not go by a single week where instances of virus infection, phishing
related scams, hacking attempts among others are not reported. Individuals, governments and
organizations all are at risk of these cyber borne threats. Irrespective of the type and extent of
security measures employed, there would still be substantial security risks. A lot of these
threats are caused by threat agents that are motivated by means of causing destruction,
espionage, theft and personal gains. Each year, 100s of billions are lost due to cyber threats.
In 2012, cybercrime cost 1 trillion USD (Kharat, 2017). In 2021, it is expected to rise 6
trillion. Cybersecurity spending is also going to rise up to 1 trillion USD (Horowitz and
Lucero, 2016). Keeping this in mind, many groups around the world are voicing their support
for ‘hacking back’ i.e., attacking the attackers, hoping that this would effective demotivate
them in carrying out cybercrimes. This paper will provide a brief about the cyber threat
landscape and then explore both sides of the conversation to effectively provide a set of
general recommendations
Background
Since the last two decades, companies around the world had been victimized over the attacks
on their computing systems. Hackers tend to attack these corporation’s websites, disrupt their
Introduction......................................................................................................................1
Background.......................................................................................................................1
Threat Landscape..............................................................................................................2
Arguments of both sides.....................................................................................................2
Arguments supporting ‘hack-back’............................................................................................2
Arguments against ‘Hack-back’.................................................................................................4
Recommendations.............................................................................................................6
Conclusion........................................................................................................................7
Introduction
Every single nation over the globe is encountering some or different type of threat. Any kind
of task that involves securing the web tends to be a daunting job even for the specialist and
experts. There does not go by a single week where instances of virus infection, phishing
related scams, hacking attempts among others are not reported. Individuals, governments and
organizations all are at risk of these cyber borne threats. Irrespective of the type and extent of
security measures employed, there would still be substantial security risks. A lot of these
threats are caused by threat agents that are motivated by means of causing destruction,
espionage, theft and personal gains. Each year, 100s of billions are lost due to cyber threats.
In 2012, cybercrime cost 1 trillion USD (Kharat, 2017). In 2021, it is expected to rise 6
trillion. Cybersecurity spending is also going to rise up to 1 trillion USD (Horowitz and
Lucero, 2016). Keeping this in mind, many groups around the world are voicing their support
for ‘hacking back’ i.e., attacking the attackers, hoping that this would effective demotivate
them in carrying out cybercrimes. This paper will provide a brief about the cyber threat
landscape and then explore both sides of the conversation to effectively provide a set of
general recommendations
Background
Since the last two decades, companies around the world had been victimized over the attacks
on their computing systems. Hackers tend to attack these corporation’s websites, disrupt their
communication systems and most importantly, steal their data. NSA Director, General
Alexander, has termed these cyber-frauds as the ‘greatest transfer of wealth in the world
history’ (Rabkin and Rabkin, 2016).
Despite having invested billions in cyber-security infrastructure, some of the most clever
hacking organizations still tend to work around their way into heaviest cyber-defences in the
world. These determined attackers, who spend a great deal of time in working around their
way into these heavily guarded defences, are termed as ‘advanced persistent threats’ (A. and
Ghani, 2016). A lot of these cybercriminals operate typically from foreign countries beyond
the reach of the host countries.
Owing to these increasing and persistent cyber threats, many frustrated computer security
experts have been voicing their opinions about having retaliatory measures so that they can
essentially conduct ‘hack-back operations’. As a result, there had been many such dialogues
that has happened throughout the world and also an exploration of risks that involves with it.
As such, all these conversations have just generated talks without any action plans. This is
because, in the United States alone, the Computer Fraud and Abuse Act (or CFAA) prohibits
private organizations and individuals to attack or damage computer systems even if they are
being attacked by an external party (Goldman, 2012).
Threat Landscape
The emerging threats of today’s world tend to be extremely destructive as they now focus
more on intellectual government property, critical industries and financial corporations that
are essentially the fabric of any nation. Based on this scenario, one can deduce that threat
actors are ‘elements that help or cause in attaining a digital incident’ (Verizon, 2014).
Modern day threat is widespread and target advanced computing system, industrial
infrastructure, public infrastructures such as traffic signals, dams, electricity and even
common consumer grade products such as smartphones, app-stores and desktop computers.
Threats come in variety of shapes and forms. They range from threats such as Malware,
Trojans and viruses that affect systems worldwide and cause destruction, theft or disruption,
to threats of an insider attack, phishing scams or even ransomwares. For instance, Wannacry,
a ransomware released in 2017 affected nearly 300,000 systems around the world before
being subdued owing to a fortunate discovery of the third day of its attack (Popli and Girdhar,
2017). However, it managed to affect hundreds of thousands of systems around the world.
The threat agents are hacktivists, criminals, terrorists and even some-times state-sponsored
groups.
Alexander, has termed these cyber-frauds as the ‘greatest transfer of wealth in the world
history’ (Rabkin and Rabkin, 2016).
Despite having invested billions in cyber-security infrastructure, some of the most clever
hacking organizations still tend to work around their way into heaviest cyber-defences in the
world. These determined attackers, who spend a great deal of time in working around their
way into these heavily guarded defences, are termed as ‘advanced persistent threats’ (A. and
Ghani, 2016). A lot of these cybercriminals operate typically from foreign countries beyond
the reach of the host countries.
Owing to these increasing and persistent cyber threats, many frustrated computer security
experts have been voicing their opinions about having retaliatory measures so that they can
essentially conduct ‘hack-back operations’. As a result, there had been many such dialogues
that has happened throughout the world and also an exploration of risks that involves with it.
As such, all these conversations have just generated talks without any action plans. This is
because, in the United States alone, the Computer Fraud and Abuse Act (or CFAA) prohibits
private organizations and individuals to attack or damage computer systems even if they are
being attacked by an external party (Goldman, 2012).
Threat Landscape
The emerging threats of today’s world tend to be extremely destructive as they now focus
more on intellectual government property, critical industries and financial corporations that
are essentially the fabric of any nation. Based on this scenario, one can deduce that threat
actors are ‘elements that help or cause in attaining a digital incident’ (Verizon, 2014).
Modern day threat is widespread and target advanced computing system, industrial
infrastructure, public infrastructures such as traffic signals, dams, electricity and even
common consumer grade products such as smartphones, app-stores and desktop computers.
Threats come in variety of shapes and forms. They range from threats such as Malware,
Trojans and viruses that affect systems worldwide and cause destruction, theft or disruption,
to threats of an insider attack, phishing scams or even ransomwares. For instance, Wannacry,
a ransomware released in 2017 affected nearly 300,000 systems around the world before
being subdued owing to a fortunate discovery of the third day of its attack (Popli and Girdhar,
2017). However, it managed to affect hundreds of thousands of systems around the world.
The threat agents are hacktivists, criminals, terrorists and even some-times state-sponsored
groups.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Arguments of both sides
Arguments supporting ‘hack-back’
Cyber intrusions are heavily disguises and in various ways. This is because attackers
make use of multiple routes through which they attack their target. Their attack is
routed through a series of networks. As a result, if the company or the organization
wishes to retaliate, this exercise might lead to the hackers themselves and in the
process causing damage to them or even better finding details about them which then
can be used for legal prosecution.
Another argument supporting the retaliation option is that many cyber attackers
originates from countries such as China and Russia and are pre-dominantly globalized
nations and thereby have stringent laws and are therefore in co-operation with global
laws. However, since the attackers attack by remaining behind smokes and mirrors, a
mere legal notice to their legal authorities will do no good as they can easily hide
when provoked. Instead in such cases it might be better to follow up with an initial
warning by collecting more information about these perpetrators and then handing it
over to the local authorities so that they can act on it.
Yet another similar kind of argument comes from the US government which has
employed a kind of ‘Name and Shame’ campaign. In this case, the government would
probe into the attackers and then publicise the name of the attackers when they have
found it including which country they belong to. Accordingly, in May 2014, the US
government indicted 5 Chinese attackers who had hacked into private US companies.
Simultaneously, In March 2016, US had indicted several Iranian government
employees for their attack against US Banks as well as trying to control a Dam.
Although there was little chance of actually having these criminals arrested, US
government officials hoped that this series of retaliation events might have had some
deterrent effect. As such, in the case of China, there is some evidence that suggests
that there appears to have been a temporary shift in their behaviour.
Apart from Government based organizations, even private organizations have shown
to have some capacity for this kind of investigation. For instance, the case of Ghostnet
suggests this. In 2009, a group of independent non-govt sponsored researches
organized an ‘information Warfare Monitor’ mostly based in Canada. This
engagement was able to expose an espionage program called ‘GhostNet’. The
Arguments supporting ‘hack-back’
Cyber intrusions are heavily disguises and in various ways. This is because attackers
make use of multiple routes through which they attack their target. Their attack is
routed through a series of networks. As a result, if the company or the organization
wishes to retaliate, this exercise might lead to the hackers themselves and in the
process causing damage to them or even better finding details about them which then
can be used for legal prosecution.
Another argument supporting the retaliation option is that many cyber attackers
originates from countries such as China and Russia and are pre-dominantly globalized
nations and thereby have stringent laws and are therefore in co-operation with global
laws. However, since the attackers attack by remaining behind smokes and mirrors, a
mere legal notice to their legal authorities will do no good as they can easily hide
when provoked. Instead in such cases it might be better to follow up with an initial
warning by collecting more information about these perpetrators and then handing it
over to the local authorities so that they can act on it.
Yet another similar kind of argument comes from the US government which has
employed a kind of ‘Name and Shame’ campaign. In this case, the government would
probe into the attackers and then publicise the name of the attackers when they have
found it including which country they belong to. Accordingly, in May 2014, the US
government indicted 5 Chinese attackers who had hacked into private US companies.
Simultaneously, In March 2016, US had indicted several Iranian government
employees for their attack against US Banks as well as trying to control a Dam.
Although there was little chance of actually having these criminals arrested, US
government officials hoped that this series of retaliation events might have had some
deterrent effect. As such, in the case of China, there is some evidence that suggests
that there appears to have been a temporary shift in their behaviour.
Apart from Government based organizations, even private organizations have shown
to have some capacity for this kind of investigation. For instance, the case of Ghostnet
suggests this. In 2009, a group of independent non-govt sponsored researches
organized an ‘information Warfare Monitor’ mostly based in Canada. This
engagement was able to expose an espionage program called ‘GhostNet’. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
researchers showed that ‘GhostNet’ was installed on various computers which were of
strategic interest to China (Wilcox et al., 2013). These computers belonged to Foreign
embassies including Dalai Lama. The researchers observed that their program was
sending files, emails, key-strokes and audio data back to China. Now, none of these
evidence can help bring China to the court of law but the overall situation sounds
overall persuasive. The argument is essentially that a small group of private
researchers could so much without actually doing any sort of counter-hacking and this
goes on to say that they could a lot more if they had broader legal authority.
Another argument suggests that the government should allow victims of cyber-
attacks try and defend themselves through the means of counter-hacking. As such, the
suggested approach is conducting counter-hacking through a proxy. This means that
the government would essentially maintain a list of companies that would conduct
these operations. Once these companies gather enough data, then they can conduct
their operations for counter-hacking. If these goes successfully, then perhaps there
could be a future demands from corporations for such ‘hack-back’ scenarios. This
could further down the line help reduce the overall instances of cybercrimes.
Arguments against ‘Hack-back’
Businesses and organizations have valuable and mission-critical assets that has
information about their businesses, their clients, suppliers, data, patents and other IP.
Whereas in contrast these criminal groups usually do not (Pool and Custers, 2017). As
a result, if the enterprises did end-up creating a system that would ultimately attack
these cyber-criminals, this would cost these organizations hundreds of millions of
dollars and ultimately they would be attacking targets that readily replaceable.
Another major issues is that, although it may seem, but a retaliation is not similar to
drawing a gun on an intruder. This is because, unlike traditional intrusions, cyber-
intrusions are sometimes not known until weeks or even months and even if it’s
known, the overall investigation as well as forensic analysis could take days, weeks or
perhaps months before they even have a slight intelligence as to who was behind the
attack. Now, when they might have a concrete information, the attackers may have
gone into hiding or may have changed their aliases, location or identity or perhaps
have even left their respective positions. As a result, retaliation is comparatively
complex and never quick.
strategic interest to China (Wilcox et al., 2013). These computers belonged to Foreign
embassies including Dalai Lama. The researchers observed that their program was
sending files, emails, key-strokes and audio data back to China. Now, none of these
evidence can help bring China to the court of law but the overall situation sounds
overall persuasive. The argument is essentially that a small group of private
researchers could so much without actually doing any sort of counter-hacking and this
goes on to say that they could a lot more if they had broader legal authority.
Another argument suggests that the government should allow victims of cyber-
attacks try and defend themselves through the means of counter-hacking. As such, the
suggested approach is conducting counter-hacking through a proxy. This means that
the government would essentially maintain a list of companies that would conduct
these operations. Once these companies gather enough data, then they can conduct
their operations for counter-hacking. If these goes successfully, then perhaps there
could be a future demands from corporations for such ‘hack-back’ scenarios. This
could further down the line help reduce the overall instances of cybercrimes.
Arguments against ‘Hack-back’
Businesses and organizations have valuable and mission-critical assets that has
information about their businesses, their clients, suppliers, data, patents and other IP.
Whereas in contrast these criminal groups usually do not (Pool and Custers, 2017). As
a result, if the enterprises did end-up creating a system that would ultimately attack
these cyber-criminals, this would cost these organizations hundreds of millions of
dollars and ultimately they would be attacking targets that readily replaceable.
Another major issues is that, although it may seem, but a retaliation is not similar to
drawing a gun on an intruder. This is because, unlike traditional intrusions, cyber-
intrusions are sometimes not known until weeks or even months and even if it’s
known, the overall investigation as well as forensic analysis could take days, weeks or
perhaps months before they even have a slight intelligence as to who was behind the
attack. Now, when they might have a concrete information, the attackers may have
gone into hiding or may have changed their aliases, location or identity or perhaps
have even left their respective positions. As a result, retaliation is comparatively
complex and never quick.
Thirdly, the major problem with this sort of approach is that any form of hacking,
even those which are done for ‘purest’ intensions are essentially a federal crime in
nearly all countries. This prohibits anyone from ‘knowingly’ accessing another
computer without an official authorization.
Chasing the hackers is quite difficult, and this is in part because internet enables a
high level of anonymity. Hackers tend to use anonymization services such as VPN,
TOR, Encryption and other hopping points to hide behind. For instance, if a hacker
wants to steal something from London, he or she would first penetrate a computer in
Taiwan and then use that computer to penetrate another one in Perth and so on, until
enough ‘hop points’ have been achieved to practically make their trail invisible. A
sophisticated hacker could hop as much as 30 times before they unleash an attack
(Gupta and Anand, 2017). Chasing them would cost money, resources and wasted
time that could be spent elsewhere.
Another argument that questions the retaliation approach is the fact that an accurate
‘traceback’ is a difficult thing to achieve and it carries a substantial risk which could
ultimately lead to organizations and government attacking legitimate businesses or
individuals around the world. For instance, cyber experts purposely infect several
hundreds to thousands of computers with malware in a way by compromising their
security and gaining access to their system. These systems is then effectively used to
attack others automatically. This is known as a ‘Bot’. This bot then join other pool of
‘Bot’s and collectively becomes ‘Botnet’ which then are controlled by Hackers to
attack institutions and organizations around the world (JIANG et al., 2012). These
‘Botnet’s essentially comprise of thousands of computers which are owned by
innocent users.
A clever cyber-fraudster could use these retaliation laws to its own group’s advantage.
For instance, they could do this by making use of another organization or user’s
systems to launch an attack on another individual or an organization. Since the law
now permits to retaliate, the organization or user to attack back, this organization or
the user is going to attack the victim which would in-turn suffer twice. This way, the
attacker causes massive damages while being completely off-the-grid. This is
essentially a false flag attack.
An effective retaliation requires an investigation on a massive scale such thtat the
perpetrators are found quickly. Afterwards it requires a meticulous planning and
coordination with the company and security experts to effective create a plan for
even those which are done for ‘purest’ intensions are essentially a federal crime in
nearly all countries. This prohibits anyone from ‘knowingly’ accessing another
computer without an official authorization.
Chasing the hackers is quite difficult, and this is in part because internet enables a
high level of anonymity. Hackers tend to use anonymization services such as VPN,
TOR, Encryption and other hopping points to hide behind. For instance, if a hacker
wants to steal something from London, he or she would first penetrate a computer in
Taiwan and then use that computer to penetrate another one in Perth and so on, until
enough ‘hop points’ have been achieved to practically make their trail invisible. A
sophisticated hacker could hop as much as 30 times before they unleash an attack
(Gupta and Anand, 2017). Chasing them would cost money, resources and wasted
time that could be spent elsewhere.
Another argument that questions the retaliation approach is the fact that an accurate
‘traceback’ is a difficult thing to achieve and it carries a substantial risk which could
ultimately lead to organizations and government attacking legitimate businesses or
individuals around the world. For instance, cyber experts purposely infect several
hundreds to thousands of computers with malware in a way by compromising their
security and gaining access to their system. These systems is then effectively used to
attack others automatically. This is known as a ‘Bot’. This bot then join other pool of
‘Bot’s and collectively becomes ‘Botnet’ which then are controlled by Hackers to
attack institutions and organizations around the world (JIANG et al., 2012). These
‘Botnet’s essentially comprise of thousands of computers which are owned by
innocent users.
A clever cyber-fraudster could use these retaliation laws to its own group’s advantage.
For instance, they could do this by making use of another organization or user’s
systems to launch an attack on another individual or an organization. Since the law
now permits to retaliate, the organization or user to attack back, this organization or
the user is going to attack the victim which would in-turn suffer twice. This way, the
attacker causes massive damages while being completely off-the-grid. This is
essentially a false flag attack.
An effective retaliation requires an investigation on a massive scale such thtat the
perpetrators are found quickly. Afterwards it requires a meticulous planning and
coordination with the company and security experts to effective create a plan for
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
retaliation. All of these requires heavy investments and lot of company resources.
Some of these organizations may perhaps be ill-prepared to carry out such an attack.
Irrespective, even if they launch an attack, it may just damage some other
organization or group which had nothing to do with the attack in the first place. Or
they might be successful in attacking the actual group, in which case, the company
would have burnt through precious resources of the company and ultimately end up
with significant damages monetarily.
Recommendations
Since there are existing laws that prohibits retaliation, as a result currently there could never
be any sort of retaliation without being charged with federal crimes. Also, based on the
arguments put forward by advocators of each side, one can deduce that retaliation could
never be a rational or an healthy choice, no matter how tempting or desperate it may sound.
However, based on the arguments put forward by both sides, the following sets of
recommendation may help achieve a middle-ground.
a) Instead of engaging in a retaliation which is a risky behaviour otherwise, corporations
or organizations when being attacked should share as much data as possible so that it
can help get an industry-wide response.
b) When an organization suspects it’s being attacked, the organization can instead
conduct a live-forensic investigation on the system being compromised to understand
the source of the attackers. Now with this intelligence, these organizations can either
approach the government or the court in order to file a lawsuit against the
perpetrators. This method of retaliation ensures that there are no legal consequences
and also increases the chances of prosecution for the perpetrators.
c) Another recommendation would also be to analyse the attackers and with enough
evidence release their name to the public. This ‘naming and shaming’ tactic, may also
prove effective especially if the perpetrators originate from a country having good
reputation in the international market. This is because, a country in the international
market is effectively always banking on creating goodwill so as to improvise their
foreign trade and cross-country business. No country would like to get branded as a
Some of these organizations may perhaps be ill-prepared to carry out such an attack.
Irrespective, even if they launch an attack, it may just damage some other
organization or group which had nothing to do with the attack in the first place. Or
they might be successful in attacking the actual group, in which case, the company
would have burnt through precious resources of the company and ultimately end up
with significant damages monetarily.
Recommendations
Since there are existing laws that prohibits retaliation, as a result currently there could never
be any sort of retaliation without being charged with federal crimes. Also, based on the
arguments put forward by advocators of each side, one can deduce that retaliation could
never be a rational or an healthy choice, no matter how tempting or desperate it may sound.
However, based on the arguments put forward by both sides, the following sets of
recommendation may help achieve a middle-ground.
a) Instead of engaging in a retaliation which is a risky behaviour otherwise, corporations
or organizations when being attacked should share as much data as possible so that it
can help get an industry-wide response.
b) When an organization suspects it’s being attacked, the organization can instead
conduct a live-forensic investigation on the system being compromised to understand
the source of the attackers. Now with this intelligence, these organizations can either
approach the government or the court in order to file a lawsuit against the
perpetrators. This method of retaliation ensures that there are no legal consequences
and also increases the chances of prosecution for the perpetrators.
c) Another recommendation would also be to analyse the attackers and with enough
evidence release their name to the public. This ‘naming and shaming’ tactic, may also
prove effective especially if the perpetrators originate from a country having good
reputation in the international market. This is because, a country in the international
market is effectively always banking on creating goodwill so as to improvise their
foreign trade and cross-country business. No country would like to get branded as a
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
‘cyber-terrorist state’ and therefore would make their own domestic laws stringent
enough to deter any potential cyber-terorrists in the future.
d) Another set of recommendation is essentially a general security practice that says that
organizations should remove non-essential machines from internet access in order to
prevent attackers exploiting the known holes. If something couldn’t be fixed or
updated, it should be removed from the main network. Apart from this, an
organization could also improve their general security posture and follow-up regularly
with best security practices to keep their systems protected against such threats.
e) Finally, an organization could also consider transferring some of these cyber-risks to a
third party insurance company by purchasing something that is referred to as a ‘cyber
insurance’. This cyber insurance will not deter attack but can effectively protect them
against damages that are caused by security incidents.
Conclusion
Ultimately, one may ask what is the final solution to these hack attacks. The answer is
essentially not that simple as there is no clear answer. This paper had analysed the arguments
put forward by both the sides. Even though the arguments from both the side sound
convincing, one has to ultimately oppose the hack-back movement. This is because, if
retaliation is legalized, then corporations and organizations from around the world would
form hands in creating ‘hack-back’ tools. Now, this hack-back tool would no doubt be
comprehensive and extremely powerful. But, what happens when such a tool actually leaks
out to the general public and finally on to the hands of perpetrators themselves? This problem
and many other problems currently plague the retaliation mentality. As such, the challenges
lies with social identification, law enforcement and legal liability. Advocates of hack-back
movement may argue about the benefits of such laws, but beyond that it would always end-up
in self-destruction instead. Ultimately with hack-back tools and techniques, the integrity of
internet itself may undermined. The current attacks on specific infrastructures may turn into
wide-spread attack on entire business sectors. This could ultimately lead to a cyber-warfare
scenario. However, doing absolutely nothing is also not a viable option and in such case, one
has to create a middle ground that ultimately helps and provides tools and legal framework to
corporations and organizations around the world in fighting these cyber threats.
enough to deter any potential cyber-terorrists in the future.
d) Another set of recommendation is essentially a general security practice that says that
organizations should remove non-essential machines from internet access in order to
prevent attackers exploiting the known holes. If something couldn’t be fixed or
updated, it should be removed from the main network. Apart from this, an
organization could also improve their general security posture and follow-up regularly
with best security practices to keep their systems protected against such threats.
e) Finally, an organization could also consider transferring some of these cyber-risks to a
third party insurance company by purchasing something that is referred to as a ‘cyber
insurance’. This cyber insurance will not deter attack but can effectively protect them
against damages that are caused by security incidents.
Conclusion
Ultimately, one may ask what is the final solution to these hack attacks. The answer is
essentially not that simple as there is no clear answer. This paper had analysed the arguments
put forward by both the sides. Even though the arguments from both the side sound
convincing, one has to ultimately oppose the hack-back movement. This is because, if
retaliation is legalized, then corporations and organizations from around the world would
form hands in creating ‘hack-back’ tools. Now, this hack-back tool would no doubt be
comprehensive and extremely powerful. But, what happens when such a tool actually leaks
out to the general public and finally on to the hands of perpetrators themselves? This problem
and many other problems currently plague the retaliation mentality. As such, the challenges
lies with social identification, law enforcement and legal liability. Advocates of hack-back
movement may argue about the benefits of such laws, but beyond that it would always end-up
in self-destruction instead. Ultimately with hack-back tools and techniques, the integrity of
internet itself may undermined. The current attacks on specific infrastructures may turn into
wide-spread attack on entire business sectors. This could ultimately lead to a cyber-warfare
scenario. However, doing absolutely nothing is also not a viable option and in such case, one
has to create a middle ground that ultimately helps and provides tools and legal framework to
corporations and organizations around the world in fighting these cyber threats.
References
References
A., M. and Ghani, N. (2016). Critical Analysis on Advanced Persistent Threats. International
Journal of Computer Applications, 141(13), pp.46-50.
Goldman, L. (2012). Interpreting the Computer Fraud and Abuse Act. Pittsburgh Journal of
Technology Law and Policy, 13.
Gupta, A. and Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal
Of Engineering And Computer Science.
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
JIANG, J., ZHUGE, J., DUAN, H. and WU, J. (2012). Research on Botnet Mechanisms and
Defenses. Journal of Software, 23(1), pp.82-96.
Kharat, S. (2017). Cyber Crime A Threat to Persons, Property, Government and Societies.
SSRN Electronic Journal.
Pool, R. and Custers, B. (2017). The Police Hack Back: Legitimacy, Necessity and Privacy
Implications of The Next Step in Fighting Cybercrime. European Journal of Crime, Criminal
Law and Criminal Justice, 25(2), pp.123-144.
Popli, N. and Girdhar, A. (2017). WannaCry Malware Analysis. MERI-Journal of
Management & IT, 10(2).
Rabkin, J. and Rabkin, A. (2016). Hacking Back Without Cracking Up. [ebook] Stanford
University. Available at:
https://www.hoover.org/sites/default/files/research/docs/rabkin_webreadypdf.pdf [Accessed
26 May 2018].
References
A., M. and Ghani, N. (2016). Critical Analysis on Advanced Persistent Threats. International
Journal of Computer Applications, 141(13), pp.46-50.
Goldman, L. (2012). Interpreting the Computer Fraud and Abuse Act. Pittsburgh Journal of
Technology Law and Policy, 13.
Gupta, A. and Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal
Of Engineering And Computer Science.
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
JIANG, J., ZHUGE, J., DUAN, H. and WU, J. (2012). Research on Botnet Mechanisms and
Defenses. Journal of Software, 23(1), pp.82-96.
Kharat, S. (2017). Cyber Crime A Threat to Persons, Property, Government and Societies.
SSRN Electronic Journal.
Pool, R. and Custers, B. (2017). The Police Hack Back: Legitimacy, Necessity and Privacy
Implications of The Next Step in Fighting Cybercrime. European Journal of Crime, Criminal
Law and Criminal Justice, 25(2), pp.123-144.
Popli, N. and Girdhar, A. (2017). WannaCry Malware Analysis. MERI-Journal of
Management & IT, 10(2).
Rabkin, J. and Rabkin, A. (2016). Hacking Back Without Cracking Up. [ebook] Stanford
University. Available at:
https://www.hoover.org/sites/default/files/research/docs/rabkin_webreadypdf.pdf [Accessed
26 May 2018].
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Wilcox, C., Hardesty, B., Sharples, R., Griffin, D., Lawson, T. and Gunn, R. (2013).
Ghostnet impacts on globally threatened turtles, a spatial risk analysis for northern Australia.
Conservation Letters, 6(4), pp.247-254.
Ghostnet impacts on globally threatened turtles, a spatial risk analysis for northern Australia.
Conservation Letters, 6(4), pp.247-254.
1 out of 10
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.