Hacking Back and International Law: An Irreconcilable Pair?

Imagine you‘re at the onset of a global pandemic, and one of the nation‘s leading hospitals falls victim to a debilitating cyberattack, crippling its medical infrastructure for days. This is exactly what happened to Brno University Hospital on March 13, then home to one of the largest COVID-19 testing facilities in the Czech Republic. Now imagine further that your national security authorities identify a command and control server through which the attackers execute the malicious cyber operation, which would end immediately if you were to hack “back” into that system to render it inoperative (this part is fiction). Technically, that would be feasible. Alas, you realise that the server is located abroad. Shouldn’t you be allowed to go ahead and heroically save the nation?

Continue Reading →

Hackback in Deutschland: Wer, was, wie und warum?

Medienrecherchen zeigen, dass die Bundesregierung das Thema „Hackback“ nun offensiv angeht: Es liegt ein internes Konzeptpapier vor, das beschreibt, welche Gegenmaßnahmen nach einem Cyber-Angriff aus dem Ausland künftig ergriffen werden sollen. Aber so nachvollziehbar das Bedürfnis nach solchen Maßnahmen auch sein mag, es ist schon vollkommen unklar, wer für die Durchführung von solchen „Hackbacks“ zuständig sein soll – und darf.

Continue Reading →