The right to hack back has been debated for many years. It is quite clear today that such an action would be illegal. However, there are increasing grey areas where it already happens.
Four years ago the Dutch police took over a Bredolab C&C server and used it to deliver warning messages to users infected by Bredolab – almost certainly in contravention of national laws such as the UK’s Computer Misuse Act (cf: Dutch Police infect users with Trojan – legal or illegal; good thing or bad thing?). Security firms, such as anti-malware companies, regularly hack suspected C&C servers to learn more about the malware and the gangs behind them.
Leave a reply