Hacking back: Optimal use of self-defense in cyberspace
School of Economics
Social Science Research Network
Should the law permit hackback? How should the law on self-defense in cyberspace be designed? In this paper, we use game-theoretic analysis to develop criteria that determine whether police enforcement, litigation, or hackback is best, and under what circumstances. Our model suggests that the law should permit hackback only if: (1) other alternatives, such as police enforcement and resort to courts, would be ineffective; (2) there is a serious prospect of hitting the hacker instead of innocent third parties; and (3) the damages that can be potentially mitigated to the defender's systems outweigh the potential damages to third parties. The law should require that counterstrikers use only force that is necessary to avoid damage to their own systems. Also, proper liability rules will induce counterstrikers to internalize the damages of third parties in their decision-making. Finally, better intrusion detection systems (IDS) and traceback technology improve the deterrent effect and efficacy of hackback.
Digitial Object Identifier (DOI)
Majuca, R. P., & Kesan, J. P. (2009). Hacking back: Optimal use of self-defense in cyberspace. Social Science Research Network https://doi.org/10.2139/ssrn.1363932
Accepted paper series
Hacking; Computer security—Law and legislation