Advertisment

A new bill, entitled the Active Cyber Defense Certainty Act (ACDC), will soon be introduced in the United States House of Representatives by Republican Representative Tom Graves of Georgia, and if enacted would allow the victims of cybercrime to hack their attackers. Victims of cybercrimes would also be allowed to hire others and direct them to undertake active cyber defense measures on their behalf. Rep. Graves’ proposed legislation would amend the Computer Fraud and Abuse Act of 1986. An amended draft of the bill added a requirement that a victim who intends to use active cyber defense measures must first notify the FBI’s National Cyber Investigative Joint Task Force.

Rep. Graves unveiled a first draft of the bill at an event in Georgia back in March. After Rep. Graves received advice and suggestions for changes to the bill at the event, he created an amended draft of the bill. “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Rep. Graves said, according to On the Wire. “I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.”

The bill is intended to enable the victims of a cybercrime to deploy certain active cyber defense measures against hackers who are located outside of the victim’s network, in order to identify and stop the hacker. Under the proposed law, a defense to prosecution would be created for victims hacking the computers of a hacker committing a cybercrime against them. The bill would allow the use of beacons. Posts on Slashdot and the Lawfare blog, as well as other news sites, claimed that the bill would allow the destruction of data, but according to two different drafts of the bill posted on Rep. Graves’ website, the bill does not allow the destruction of data located on other people’s computers. Those seeking to claim a defense to prosecution for using active cyber defense techniques also would not be protected if their active cyber defense measures caused physical harm to a person or caused a threat to public health or safety. An updated draft of the bill included a prohibition on active cyber defense measures that cause financial damage to another person.

Active cyber defense measures protected under the bill include allowing unauthorized access of an attacker’s computer, to allow the victim to gather information which shows criminal activity by the hacker, for the purpose of sharing that information with law enforcement. The bill would also allow the victim to disrupt a hacker’s unauthorized access of the victim’s network, with the exception of the prohibited actions mentioned above, such as deleting data on other computers. The updated draft of the bill also allows victims to monitor the behavior of an attacker for the purpose of developing techniques to prevent future intrusions, and for developing other cyber defense techniques.

When a victim notifies the FBI’s National Cyber Investigative Joint Task Force, they must include information on the type of cyber breach that occurred to the victim, as well as what kind of active cyber defense measure the victim intends to deploy, and who they intend to deploy the active cyber defense measure against. They must also tell the FBI’s National Cyber Investigative Joint Task Force what they have done to preserve evidence of the hacker’s criminal intrusion, as well as what steps they will take to prevent harming computers which are not under the attacker’s control, but which may have been used by the attacker to launch the attack or to hide their actual IP address.

What could possibly go wrong? Cybercrime victims using active cyber defense measures could misattribute an attacker and end up hacking the wrong people, as well as causing collateral damage to innocent people. Under the updated draft of the bill, the legislation would sunset after 2 years of being enacted, unless legislators renewed it. The newer draft of the bill also forbids placing “a backdoor enabling intrusive access” onto the attacker’s computer.

Get the latest Bitcoin News on The Bitcoin News
Our Social Networks:
Facebook Instagram Pinterest Reddit Telegram Twitter Youtube