Join us for the Honeynet Workshop 2024: May 27th–29th, Copenhagen, Denmark

Thoughts on the Active Cyber Defense Certainty Act 2.0

16 Jun 2017 David Dittrich active-response-continuum attribution computer-fraud-and-abuse-act hackback hacking-back law
On May 25, 2017, Representative Tom Graves released the second draft of proposed amendments to 18 U.S.C. 1030 (known as the Computer Fraud and Abuse Act). Representative Graves’ bill is known as the Active Cyber Defense Certainty Act (or ACDC Act). There is no universally accepted umbrella term for this, but it is variously called “Active Defense”, “Active Cyber Defense”, “hacking back,” “hackback”, and “strike back.” You will find the word “active” applied almost universally in these discussions, though it frequently results in establishing a simple (though false) dichotomy of “passive defense” vs.

Hide and go seek, not hide and go tweak

31 Jul 2013 David Dittrich active-response-continuum ethics humanitarian-law improper-ruse law-of-war tallinn-manual
On July 31, 2013, Jason Geffner of CrowdStrike discussed a new tool called “Tortilla” that allows incident responders and computer security researchers to hide behind the Tor network as they poke and prod malicious software infrastructure. Were I there, I would have asked Jason this question: What things should I not do while using Tortilla, and why shouldn’t I do them? I know Jason and respect his technical skills, but if he and CrowdStrike don’t have a good answer, that will say a lot about our field’s collective ability to reason about actions along the Active Response Continuum.

Debating the Active Response Continuum: Defining the Terms of the Debate

28 May 2013 David Dittrich active-defense active-response-continuum aggressive-network-defense hack-back
[This post expresses the personal opinion of the author and is not an official statement representing the Honeynet Project.] At the AusCERT 2013 conference, Dmitri Alperovich called for debate about, “the kinds of actions that infosec professionals are allowed to take against attackers.” I agree with Dmitri, and in fact I made the same call, at the same conference on May 23, 2005! (AusCERT invited me to speak on an emerging topic and I chose to speak for the first time publicly at AusCERT 2005 about the Active Response Continuum research I had been doing with funding from Cisco.

No, Executing Offensive Actions Against Our Adversaries Really Does Have High Risk (Deal With It)

10 Dec 2012 David Dittrich active-defense active-response-continuum counter-attack crowdstrike ethics hack-back
This is a response to a CSO Online blog post by Jeff Bardin ("Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk," November 2012.), which is a rebuttal to a blog post by Jody Westby on Forbes online (“Caution: Active Response to Cyber Attacks Has High Risk.”) Mr. Bardin is obviously playing on words in the title and I seriously doubt he believes that it is higher risk to not take aggressive actions than is to do so.