BSidesLV 2017 has ended
Wednesday, July 26 • 11:00 - 12:25
Baby Got Hack Back

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
You’ve heard it before: the bad guys are winning; US companies are under attack every day, and defenders are on the losing end of the war. We are less resourced and, held back by the legal framework, less free to act, to fight back against our adversaries. This is not just a common lament in security circles, it is also the foundation of the ‘hack back’ argument. It continues that organizations on the receiving end of attacks should be able to defend themselves the same way US citizens can defend themselves against intruders in their homes. Defenders should be able to fight back, launch a counterstrike. This is hack back. And today it is illegal for private entities in the US. But there is increasing noise about legalizing it, with a bill introduced to do just that earlier this year, and a number of foreign governments also discussing it. The arguments that support it are appealing, yet it is widely opposed by many in the security community, with dire warnings about potential consequences of authorizing such measures.

This talk will examine the arguments for and against hack back; the current legal constraints; potential outcomes of authorizing it; and how hack back fits within both broader cybersecurity policy discussions, and other security program practices, such as active defense. We will begin with an objective, balanced overview from the Department of Justice’s Leonard Bailey and Rapid7’s Jen Ellis (40 mins) of the legal and practical dimensions of hack back. They will then be joined by advocates for and against authorizing hack back for a lively debate (40 mins). There may also be some bad rapping, but we make no promises.

avatar for Leonard Bailey

Leonard Bailey

Leonard Bailey joined the Department of Justice’s Terrorism and Violent Crime Section (TVCS) in 1991 and served as Special Counsel and Special Investigative Counsel to the Department’s Inspector General in the late 1990’s. In 2000, he joined the Computer Crime and Intellectual... Read More →
avatar for Jen Ellis

Jen Ellis

VP, Community and Public Affairs, Rapid7
Jen Ellis is Rapid7’s Vice President of Community and Public Affairs. She believes security practitioners are the guardians of Society’s trust in technology, and works extensively with security professionals, technology providers/operators, and various Government entities to promote... Read More →
avatar for Robert Graham

Robert Graham

Errata Security
Robert Graham is the CEO of Errata Security, a pentest/consultingfirm. He's known for creating the first IPS, the BlackICE series ofproducts, sidejacking, and masscan. In his spare time, he scans theInternet. He has been speaking at several conferences a year for thepast decade. He... Read More →
avatar for Davi Ottenheimer

Davi Ottenheimer

product security, mongoDB
flyingpenguins, Cyberwar History, Threat Intel, Hunt, Active Defense, Cyber Letters of Marque, Cloudy Virtualization Container Security, Adversarial Machine Learning, Data Integrity and Ethics in Machine Learning (Formerly Known as Realities of Securing Big Data).

Wednesday July 26, 2017 11:00 - 12:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169