Skip to Content

Is it Time for America to Hack Back?


A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.

Foreign governments use hackers to steal U.S. corporate secrets and meddle with our political system. Meanwhile, a botnet of millions of rogue devices recently cut off access to popular websites on the East Coast, and is now rampaging through Europe. Wouldn’t it be nice if we could turn the tables and put a stop to this?

The CEO of security company Invincea, Anup Ghosh, told me this week he fears that this urge for retaliation—to hack back—is building among the public and politicians. Indeed, a prominent Republican congressman this week called for “consequences” over Russia’s suspected hacking . I get it. There’s an intuitive appeal to using cyber soldiers to knock our adversaries’ offline until they get the message to stop.

In the case of the botnet of rogue devices known as Mirai, Invincea says it has found a way to “kill” it by exploiting a flaw in its code. And in the past, some have floated the idea of launching “white worms” that would spread in a way that would quarantine certain types of malware.

Alas, as appealing as it sounds for America to do more in the way of cyber offense, it’s probably a terrible idea. According to Ghosh, the notion can be attractive to policy types—those who don’t work with computer code—but is regarded with horror by security pros. The reason, he said, is that launching online attacks can have entirely unpredictable consequences, and that aggressive code can quickly mutate or ricochet and damage all sides.

I asked Edward Amoroso, who runs the consultancy group Tag Cyber, if Ghosh’s view is too timid. Nope. Amoroso, who used to be the Chief Information Security Officer at AT&T, said past examples show “hacking back” is dangerous and irresponsible, and doing so would amount to “playing chicken with history.” He says the answer lies instead in defense—hardening our computer systems to keep hackers out in the first place.

So there you have it. I defer to the guys with the computer training to have the final word on any plan to hack back.