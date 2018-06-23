Good afternoon, Cyber Saturday readers.

David Sanger at the New York Times has out a new book on cyber espionage and digital intrigue, The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age. While I have not yet read it, I did catch an excerpt that has been making the rounds on Twitter. The passage reveals new details about how Mandiant, a computer forensics firm founded by Kevin Mandia, a U.S. Air Force veteran, clinched its landmark linking of a Chinese hacking group that had ravaged American corporates in years past and Unit 61398 of the Chinese military. (Hat tip to Thomas Rid, a professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies and author of another excellent book, Rise of the Machines: A Cybernetic History, who tweeted a screenshot of the text.)

Here’s the section in question: “As soon as they detected Chinese hackers breaking into the private networks of some of their clients—mostly Fortune 500 companies—Mandia’s investigators reached back through the network to activate the cameras on the hackers’ own laptops,” Sanger writes. “They could see their keystrokes while actually watching them at their desks.”

When Mandiant released its report on the hacking group, so-called Advanced Persistant Threat 1, or “APT1,” the paper was a bombshell. Now five years later, the firm’s methodology, as revealed by Sanger, has resulted in a second bombshell. If accurate—and it seems to be, given that Sanger describes personally watching over the shoulders of Mandiant’s crew while it spied on the spies—the anecdote suggests that Mandiant engaged, even if mildly, in a “hack back,” a highly controversial and legally dubious countermeasure. (The firm did not immediately respond to Fortune’s request for comment about the incident on Saturday afternoon.)

Critics of hack backs warn that such retaliation could escalate into all-out conflict. Imagine: a private company taking on an entire nation. Such recklessness could draw world powers onto a dangerous collision course. There’s no better review of this audacious activity than this recent story in the New Yorker, which describes its legal ambiguity in detail. And yet no U.S. company has ever been charged for a hack back. As the piece’s author, Nicholas Schmidle, explains, “A former Justice Department official told me recently that the optics would be ‘awfully poor’ if the department prosecuted a company that had retaliated against foreign hackers….’I can’t imagine a jury convicting anyone for that.'”

Neither can I. And speaking of optics, a piece of advice: Cover your webcam. No, it’s not weird or paranoid. It’s a common sense precautionary measure—as prudent as locking one’s door upon leaving home. I use a small, plastic shutter that conveniently slides open should I need to video-chat. Heck, even Mark Zuckerberg uses a piece of tape. Go get one!

