US companies are taking retaliatory action against hackers and are investing in what is dubbed “active defence” or “strike-back” technology.
According to Reuters, the strikes can involve distraction and delay techniques to full on hacks.
Insecurity experts say they even know of some cases where companies have taken action that could break laws and have hired contractors to hack the assailant’s own systems.
The reason is that hacking prevention is increasingly difficult and companies think that the only way is to go after cyber criminals.
Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new cyber security company CrowdStrike said that the goal was not only to put out the fire but to hit the arsonist.
Once a company detects a network breach, they waste the hacker’s time and resources by appearing to grant access to tempting material that proves impossible to extract.
Companies allow hackers to make off with bogus files or “beacons” that reveal information about the thieves’ own machines.
As you might expect, CrowdStrike does not recommend that companies try to breach their opponent’s computers, but they say the private sector does need to fight back against cyber spies.
What the moves do suggest is that security professionals are starting to get frustrated that they really cannot do anything to stop hackers. Some feel that a bad situation is getting worse, endangering not only their companies but the national economy.