According to Bloomberg, the hack-back mentality is being fueled, in part, by the lack of intervention by U.S. officials. When that's the case, there remains little recourse for private-sector companies doing business in the U.S., so they've begun walking a fine legal line as they attempt to hack the hackers. U.S. companies have even hired cybersecurity firms to help them fight back, many of which are well equipped, their employees having ties to military and government security programs.
Image Source: Flickr (blu-news.org)
This has caught the attention of the Federal Bureau of Investigation (FBI), which is currently looking into whether hackers hired by U.S. banks may have disabled servers that Iran was using to attack the websites of major financial institutions last year.
"It's kind of a wild west right now," said U.S. Representative and chairman of the Homeland Security Committee, Michael McCaul (R, Texas). He added that some companies that have been hacked might be going on the offensive "without getting permission" from the government, adding, "they're very frustrated."
Companies that hack back find themselves in a legal gray area of sorts. It's not really clear if U.S. firms can legally initiate strikes against foreign entities on their own behalf. Nevertheless, it's reportedly happening, and there was even a meeting among major banks last year about retaliatory strikes. Banks and financial institutions like JP Morgan, Citigroup, and Goldman Sachs Group supposedly discussed hitting back against hackers from offshore locations.
As cyberattacks continue to increase in frequency, watch for this to become a hot topic in 2015.