* Reasons why you shouldn’t launch a hacker counterattack There’s a longstanding debate, mostly underground and informal, about how satisfying it would be to strike back at criminal hackers, industrial spies, saboteurs and other baddies who have the nerve to attack our systems.People have speculated about counter-flooding, using buffer-overflow attacks, sending “explosive” HTML code that could cause system freezes, and so on. Much of this talk is really just good-natured fun – more along the lines of “wouldn’t it be nice if” than actually serious proposals for corporate responses.But to be absolutely sure that all of the readers of this column, at least, have a chance to think about it, let me flatly state that any such counterattacks are to be formally forbidden by corporate policy.Firstly, although I am not a lawyer and this is not legal advice (for legal advice, consult an attorney with appropriate expertise), as far as I know there is absolutely no waiver in U.S. law which would exculpate anyone who gains unauthorized access to other people’s computer systems. In particular, the Computer Fraud and Abuse Act of 1986, the Unlawful Access to Stored Communications Act, and the Electronic Communications Privacy Act of 1986 do not make any allowance for revenge attacks. Investigation of such crimes (the revenge attacks) could involve seizure of equipment as evidence. Secondly, because IPv4 provides inadequate authentication of packets, it is difficult or impossible to prove the exact origin of denial-of-service attack packets or even of packet streams used in attack sessions. Attacking the wrong target would be an unmitigated disaster.Thirdly, many attackers subvert poorly secured intermediary systems to launch their attacks; attacking these hosts would damage other victims but cause no direct harm to the real attackers. Fourthly, unauthorized penetration of anyone’s computer systems and networks can lead to civil lawsuits for damages; even if the lawsuits are unsuccessful, they can rack up expensive attorneys’ fees and also cause expensive computer equipment to be seized as evidence under subpoena.No, although it might seem like a satisfying tactic that would be the geek equivalent of innumerable Steven Seagal and Jean-Claude Van Damme movies, trying to strike back at attackers through illegal means is a thoroughly bad idea. Related content news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe