The Atlantic

When Companies Get Hacked, Should They Be Allowed to Hack Back?

It’s an idea that resurfaces after high-profile cyberattacks, despite most firms’ lack of enthusiasm about it.
Source: Damien Meyer / AFP / Getty

There is an old debate (at least, counting in internet years) that tends to crop up after major cybersecurity breaches such as the widespread WannaCry ransomware attack in May. In the aftermath of such incidents, some decry the sorry state of cybersecurity and insist that if only tech firms, with their wealth of resources and technical expertise, were allowed to go after the perpetrators of these attacks, they would do a much better job of stopping the damage and deterring other perpetrators than the slow, plodding, over-worked, under-resourced, jurisdiction-bound law-enforcement agencies.

Which raises a question: Beyond the standard set of protective tools—encryption, firewalls, anti-virus software, intrusion-detection systems, two-factor authentication—should companies be allowed to go outside the boundaries of their own networks and crash the servers that are attacking them, or delete data that has been stolen from them off their adversaries’ machines? The answer of most companies and cybersecurity experts

You're reading a preview, sign up to read more.

More from The Atlantic

The Atlantic4 min readPolitics
The Most Dangerous Form of Bribery
Election corruption can’t be solved by corrupt elections, so the Founders devised a special solution: impeachment.
The Atlantic11 min readPolitics
The Kingmaker
Harry Reid may be the only person who can keep the Democrats from killing one another before selecting a nominee. But will he live long enough to do it?
The Atlantic4 min readPsychology
Mister Rogers And The Art Of Paying Attention
From the hungry cries of newborns, to the whining helplessness of tired toddlers, to the sulking of older children, kids demand their parents’ attention in many different ways. Adults use the phrase just looking for attention to imply that something