Proposed ‘Hack-back bill’ is receiving support

The Active Cyber Defense Certainty Act (ACDC), officially introduced in mid-October by the two Republican Congressmen, is picking up new co-sponsors from both sides of the aisle. ACDC gives authorised individuals and companies the legal authority to penetrate the attacker’s networks and devices – to ‘hack back’ – in order to collect evidence needed for the attribution of the attack, disrupt cyberattacks without damaging others’ computers, or retrieve and destroy stolen files. The ACDC could therefore allow authorised individuals and private sector to develop and use tools that are currently restricted under the USA Computer Fraud and Abuse Act, in order to protect their networks. The proposed bill requires parties to firstly notify the FBI National Cyber Investigative Joint Task Force of their intent, and ‘hack back’ only upon a confirmation of receipt by FBI. The proposed bill is causing worries about collateral damage, as hackers frequently route their attacks through the computers of other victims.