Should hack-back be legal?
3 days ago
- #legal
- #cybersecurity
- #server-management
- Server operators frequently encounter automated probes targeting sensitive files like .env and .git.
- Attempting to disrupt attackers' systems with junk data is illegal in most jurisdictions, including under German, Austrian, and U.S. laws.
- Legal frameworks protect systems, not intentions, making 'hack-back' strategies legally risky.
- Tarpitting is a legal alternative to slow down attackers but has limitations against sophisticated botnets.
- A layered security approach, including rate limiting, geo-blocking, and WAFs, is recommended to mitigate scanning threats.
- Current laws lack nuance, potentially hindering effective defense against malicious scanning without harming legitimate activities.
- Some jurisdictions are exploring active cyber defense laws, but a balanced, workable standard is yet to be established.