"Active Defense and Hacking Back: The legalities, implications and next steps of retaliatory hacking in self-defense"

Presented at CrikeyCon VII (2021), March 6, 2021, 9:45 a.m. (30 minutes).

To protect digital businesses, companies are increasingly employing active defense capabilities, at the same time they put basic cyber-hygiene protocols in place. This means maintaining up‐to‐date intelligence from both internal and third‐party sources, mitigating insider threats, engaging attackers on the company's own network, and partnering to mitigate external threats. However, organisations are increasingly questioning whether or not they have (or ought to have) a right to 'hack back' as an offensive retaliatory measure. Revenge is sweet, but is it legal? This presentation explores the current legal positions and evolving debate, proposing the time has come to permit hacking back in particular circumstances and lightening the nudge with a tongue-in-cheek addendum to NIST (The ‘Revenge' Function).

Presenters:

• Jordan Welden-Iley 'JJ'
  Jordan Welden-Iley isn't your run-of-the-mill cyber security advisor. The former Australian lawyer and corporate advisor, travelled an interesting career path before landing in cyber security. Persuading judges in Court, investigating the depths of ponzi schemes, and hunting merger and acquisition targets; the prefect crucible. On his way to being a cyber czar, this dude currently graces Australia's enterprise businesses helping them solve their cyber security problems.

Similar Presentations:

• DEF CON 21 (2013) / Legal Aspects of Full Spectrum Computer Network (Active) Defense
• Black Hat USA 2013 / Legal Aspects of Full Spectrum Computer Network (Active) Defense
• BSidesLV 2017 / Baby Got Hack Back