The Daily Swig Web security digest

US Congress tables ‘hack back’ legislation

James Walker | 16 October 2017 at 16:00

ACDC aimed at rocking the balance of power between hackers and their victims.

October 13 saw two members of the US House of Representatives announce the formal introduction of a new draft bill that would allow hacking victims to play a more active role in cyber defense, including retrieving stolen files and locating their perpetrators.

The Active Cyber Defense Certainty Act (ACDC) would exempt victims from hacking laws when the aim is to identify the assailant, cut off attacks, or retrieve stolen data.

Pegged as the most significant update of Computer Fraud and Abuse Act (CFAA) since 1986, the bill is the result of a lengthy discussion process, which began when Representatives Tom Graves and Kyrsten Sinema launched an initial version of the bill in March.

The tabled legislation makes target changes to the “limited defensive measures” enshrined with the CFAA. Cybercrime victims are currently prohibited from taking any actions other than preventative protections, such as antivirus software.

“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” said Representative Graves. “The certainty the bill provides will empower individuals and companies to use new defenses against cybercriminals.

“I also hope it spurs a new generation of tools and methods to level the lopsided cyber battlefield, if not give an edge to cyber defenders. We must continue working toward the day when it’s the norm – not the exception – for criminal hackers to be identified and prosecuted.”