Congressman Proposes Organizations Should Be Allowed To 'Hack Back'

Engadget reports:
Representative Tom Graves, R-Ga., thinks that when anyone gets hacked — individuals or companies — they should be able to “fight back” and go “hunt for hackers outside of their own networks.” The Active Cyber Defense Certainty (“ACDC”) Act is getting closer to being put before lawmakers, and the congressman trying to make “hacking back” easy-breezy-legal believes it would’ve stopped the WannaCry ransomware. Despite its endlessly lulzy acronym, Graves says he “looks forward to formally introducing ACDC” to the House of Representatives in the next few weeks… The bipartisan ACDC bill would let companies who believe they are under ongoing attack break into the computer of whoever they think is attacking them, for the purposes of stopping the attack or gathering info for law enforcement.
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. “To start with, when shooting back, there’s the fundamental question of who to shoot… We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress.” And if new retaliatory tools are developed, “How can we be sure that these new weapons won’t be stolen and misused? Who can guarantee that they won’t be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?”
Slashdot reader hattable writes, “I would think a proposal like this would land dead in the water, but given some recent, and ‘interesting’ decisions coming from Congress and White House officials, I am not sure many can predict the momentum.”

Read more of this story at Slashdot.

FCC Seeks To Increase ISP Competition In Apartment Buildings

An anonymous reader quotes a report from Ars Technica: Exclusive deals between broadband providers and landlords have long been a problem for Internet users, despite rules that are supposed to prevent or at least limit such arrangements. The Federal Communications Commission is starting to ask questions about whether it can do more to stop deals that impede broadband competition inside apartment and condominium buildings. FCC Chairman Ajit Pai yesterday released a draft Notice of Inquiry (NOI) that seeks public comment “on ways to facilitate greater consumer choice and to enhance broadband deployment in multiple tenant environments (MTEs).” The commission is scheduled to vote on the NOI at its June 22 meeting, and it would then take public comments before deciding whether to issue new rules or take any other action. The NOI discusses preempting local rules “that may expressly prohibit or have the effect of prohibiting the provision of telecommunications services” in multi-unit buildings. But one San Francisco regulation that could be preempted was designed to boost competition by expanding access to wires inside buildings. It’s too early to tell whether the FCC really wants to preempt any state or city rules or what authority the FCC would use to do so. The NOI could also lead to an expansion of FCC rules, as it seeks comment on whether the commission should impose new restrictions on exclusive marketing and bulk billing arrangements between companies and building owners. The NOI further seeks comment on how “revenue sharing agreements and exclusive wiring arrangements between MTE owners and broadband providers may affect broadband competition” and “other contractual provisions and non-contractual practices that may impact the ability of broadband providers to compete in MTEs.” The NOI also asks whether the commission should encourage cities and states to adopt model codes that promote competition in multi-unit buildings, and the document asks what practices those model codes should prohibit or mandate.

Read more of this story at Slashdot.

Threatpost News Wrap, June 2, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

US Senators Propose Bug Bounties For Hacking Homeland Security

An anonymous reader quotes CNN:
U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS… It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force… The Hack the DHS Act establishes a framework for bug bounties, including establishing “mission-critical” systems that aren’t allowed to be hacked, and making sure researchers who find bugs in DHS don’t get prosecuted under the Computer Fraud and Abuse Act. “It’s better to find vulnerabilities through someone you have engaged with and vetted,” said Jeff Greene, the director of government affairs and policy at security firm Symantec. “In an era of constrained budgets, it’s a cost-effective way of identifying vulnerabilities”… If passed, it would be among the first non-military bug bounty programs in the public sector.

Read more of this story at Slashdot.