SECURITY experts like to say that there are now two types of company: those which know they have been hacked and those which have been hacked without realizing it. An annual study of 56 large American firms found that they suffered 102 successful cyber-attacks a week between them in 2012, a 42% rise on the year before. Rising numbers of online attacks are stoking a debate about how best to combat cyber-crooks. One emerging school of thought holds that companies should be allowed to defend themselves more aggressively by “hacking back”—using hacker-like techniques to recover stolen intellectual property and frustrate their assailants.
The discussion has been sparked by the rise of a new generation of hacker, either working for criminal groups or with close links to the state in places such as China. Advocates of hacking back argue that the usual digital defenses are no match for these attackers. Instead, firms need to go on the offensive, using everything from spyware that monitors suspected hackers’ activities to software that retrieves or deletes pilfered property (see article). If an aerospace firm spots the blueprints for its next plane flying off its database and into the computers of a foreign rival, it should be able to give chase.
The concept of hacking back has some prominent supporters, notably in America. In May a private commission on intellectual-property theft, whose members include Jon Huntsman, a former ambassador to China, and Dennis Blair, a former director of national intelligence, gave its support to technology that helps firms track stolen files and then reclaim them or prevent their use without damaging other networks. Another idea, floated more recently, is for governments to license private firms to hunt down and deal with hackers on businesses’ behalf. But encouraging digital vigilantes will only make the mayhem worse.
Hackers like to cover their tracks by routing attacks through other people’s computers, without the owners’ knowledge. That raises the alarming prospect of collateral damage to innocent bystanders systems: imagine the possible consequences if the unwitting host of a battle between hackers and counter-hackers were a hospital’s computer.
Endorsing the idea of hacking back would also undermine current diplomatic efforts to get China and Russia to rein in their hordes of unofficial hackers.