The Atlantic

When Companies Get Hacked, Should They Be Allowed to Hack Back?

It’s an idea that resurfaces after high-profile cyberattacks, despite most firms’ lack of enthusiasm about it.
Source: Damien Meyer / AFP / Getty

There is an old debate (at least, counting in internet years) that tends to crop up after major cybersecurity breaches such as the widespread WannaCry ransomware attack in May. In the aftermath of such incidents, some decry the sorry state of cybersecurity and insist that if only tech firms, with their wealth of resources and technical expertise, were allowed to go after the perpetrators of these attacks, they would do a much better job of stopping the damage and deterring other perpetrators than the slow, plodding, over-worked, under-resourced, jurisdiction-bound law-enforcement agencies.

Which raises a question: Beyond the standard set of protective tools—encryption, firewalls, anti-virus software, intrusion-detection systems, two-factor authentication—should companies be allowed to go outside the boundaries of their own networks and crash the servers that are attacking them, or delete data that has been stolen from them off their adversaries’ machines? The answer of most companies and cybersecurity experts

You're reading a preview, sign up to read more.

More from The Atlantic

The Atlantic6 min readPolitics
Berlin Has Become an Unlikely Home for China’s Expat Artists
The German capital offers not only freedom, but also invites people to provoke and challenge orthodoxy.
The Atlantic6 min readPolitics
Tom Steyer on Impeachment: ‘We Have Won the Argument. Period.’
A conversation with the billionaire activist who has been narrowly focused on removing Donald Trump from office
The Atlantic6 min readSociety
The British Empire's Homophobia Lives On in Former Colonies
NAIROBI—When the Nigerian writer Unoma Azuah was growing up in the Asaba Niger Delta, she once asked her grandmother about a teenage boy in her village with an effeminate aura whom others would tease, calling him a girl. Her grandmother replied that