GO
Loading...

Enter multiple symbols separated by commas

Companies Battle Cyberattacks Using 'Hack Back'

It's something computer security professionals don't want to talk about, and companies won't admit to doing.

It's called a "hack back," when the victim of a cyberattack turns the tables and actively fights back against their attacker.

"This literally is a wild west out there," Greg Hoglund, a cypersecurity specialist, told CNBC.

Hoglund is the founder and former CEO of HBGary and has worked on cybersecurity for the Pentagon and the U.S. intelligence community.

(Read More: Hacker Claims Airplanes Vulnerable at 30,000 Feet)

"When I think of hack back, I think of more of a counterstrike, or a mitigative action to stop an imminent or ongoing attack. You're not going out and trying to find trouble, you're in trouble and trying to stop the pain right then," he said.

A hack back could mean a company shutting down a cyberattack already in progress, or hacking into a cybercriminals' network to delete or alter information that's already been stolen.

The bad guys are so pervasive, according to Hoglund, that some companies are taking matters into their own hands. Victims of attacks are fighting back by hacking the hackers where the hacker becomes the hackee.

But this new way of fighting cybercrime is in legally uncharted territory.

(Read More: Cyberthreats Escalate as Banks Go Paperless)

"Reverse hacking is a felony in the United States, just as the initial hacking was. It's sort of like, if someone steals your phone, it doesn't mean you're allowed to break into their house and take it back," Fordham University law professor Joel Reidenberg told CNBC.

But Reidenberg said law enforcement is unlikely to detect or prosecute a hack back. "If the only organization that gets harmed is a number of criminals' computers, I don't think it would be of great interest to law enforcement."

(Read More: Cyberattacks: Big Business for Small Security Firms)


By CNBC's Scott Cohn; Follow him on Twitter @ScottCohnCNBC

CNBC's Gennine Kelly contributed to this post; Follow her on Twitter @GKellyCNBC