America tells private firms to “hack back”

Original Article ↗ Hacker News Discussion ↗

Security responsibility & limits

  • Some argue insecure systems should be treated as fair game and owners held liable, but others counter that no usable system can be perfectly secure; even diligent operators can be compromised (e.g., cloud 0‑days).
  • Frustration centers on egregious negligence going unpunished, not on every breach implying fault.
  • There’s debate over how far responsibility runs when core dependencies (like major cloud providers or identity platforms) are flawed.

Defense against nation‑state actors

  • Commenters question whether anything short of “billions of dollars” can protect, especially for safety‑critical devices.
  • Others argue you can’t “avoid paying for security” and advocate strong internal security/reliability orgs and secure-by-default platforms so product teams don’t roll their own.

Hack‑back feasibility & attribution

  • Many highlight that attribution is hard even for intelligence agencies; attackers route through compromised hosts and multiple jurisdictions.
  • Risk of “hacking back” the wrong party (another victim, cloud provider, hospital, security researcher) is seen as high.
  • Some foresee misidentified “hackers” being DDoS’d or exploited by overeager corporate defenders.

Privatized cyber‑warfare & ‘letters of marque’

  • Strong concern that encouraging hack back effectively licenses private cyber‑armies / vigilante justice.
  • Analogies drawn to letters of marque and privateers: state outsourcing coercive force to profit‑seeking actors.
  • Objections center on governments losing monopoly on (digital) violence and the lack of due process.

Effectiveness, incentives, and escalation

  • Offense is seen as often easier and cheaper than defense, but hacking back rarely recovers data and may just escalate conflict, especially against state‑linked groups.
  • Some note boutique offensive‑security shops already operate with tacit state tolerance; others see that as a problem being normalized, not solved.

Political and ethical worries

  • Several see a pattern of legitimizing extra‑legal action—digital and physical—when it aligns with the current administration’s interests.
  • Fears include false‑flag operations, friendly‑fire cyber “wars” between misattributing defenders, and broader “cyberpunk” style erosion of rule of law.