Your business has been hacked. You are angry and want to take action against the criminals. Passivity is not something you value as a business owner. Your local law enforcement agency didn’t give you the sense they could get your data back or would be able to find the crooks. Should you get someone to hack in retaliation?
Hackers for Hire
Someone that wants to hire a hacker can find multiple sources on the internet. There are plenty of dark market hackers available. Check out any hacker forum and you will find potential hackers for hire.
A new online service started in November called Hacker’s List. A hacker’s version of Elance or Task Rabbit, where a person can list a job request – who they want hacked and for what information. A hacker (who remains anonymous) accepts the job and gets paid through the online service. As you can imagine, there are questions about the legality of this new venture.
Or there are a multitude of how-to hacker kits online. A quick internet search will provide you with thousands of options. They say anyone with basic computer skills can learn quickly how to hack.
But as informed people know, just because it is on the internet, it doesn’t mean it is true, legal, or ethical.
The significant law covering hacking is the Computer Fraud and Abuse Act. This law prohibits businesses and individuals from gaining unauthorized access to computers or overloading them with traffic (denial of service attacks, for example). Exemptions include efforts by law enforcement and government intelligence groups.
It is not a law that is just on the books and ignored. People have been prosecuted under this law, found guilty and sentenced to prison time.
The FBI cautions businesses from taking offensive measures. They do investigate possible retaliation situations. Once such investigation was the rumor that JPMorgan Chase and Co was exploring retaliation after their network was being seriously hacked in 2013.
Would you hire someone to enter a competitor’s business after hours, search for useful information and take that information? That is a physical version of cyber hacking.
Would you open someone’s USPS mail to see if the information was of use to you?
Would you arrange for a riot in front of a business so their customers could not transact business?
If someone broke into your business and stole paper blueprints, would you search out that person and illegally enter their place of business to take the blueprints back?
A recent survey sponsored by Bloomberg investors, analysts and traders indicated that 71% of the respondents said businesses do not have the right to intervene against cyber-attacks.
When we think of a physical world example akin to a cyber action, it helps us think through what is legal or not in the cyber space. While most of us don’t like certain laws and have internal guidance on what action we take after being victimized, we also generally strive to work within the dictates of the society in which we interact. If the law bothers us enough, we have the option in the United States to work to change it.