Tom Graves (R-GA) released an update to the initial Active Cyber Defense Certainty Act (ACDC) that intends to exempt victims of cyber attacks from being prosecuted for attempting to hack back at their attackers under the Computer Fraud and Abuse Act (CFAA). If enacted, the law allows organizations that are the victims of hacks to conduct their own hacks to identify the assailants, stop the attacks or retrieve stolen files. At a high level, it makes sense. In practice, it is ridiculous.
According to the proposed law, organizations would be exempt from prosecution if they alert law enforcement before committing such acts. It sounds very straightforward, and I wish there were more to this law. The reality, though, is that most victims are ill-equipped to deal with an incident and even less equipped to hack another organization without creating damage. It is reminiscent of the scene in The Dark Knight, where Batman points out that the would-be vigilantes le he is wearing bulletproof armor.
Read more here:: IT news – Security