sounds like a good opportunity to bring back "letters of marque." These were less about authorizing ships to fight back against pirates, and more about authorizing private to your army to find and capture pirate vessels with the expectation that they would be allowed to keep whatever loot they captured. sounds like we're taking a step in that direction as the Internet is being identified as Lawless as the sea.
I think there may be adversaries smart enough to coordinate a situation to get a little hacking war going on between two friendlies who both think they're 'hacking back' at enemies.
Verifying the actual source of a hack is not necessarily easy, as far as I know.
I look forward to the first instance of a DDoS or targeted exploit used against security researchers who have been misidentified as “hackers” by some corporate IDS.
One reason: When a corporation attacks someone, how do they decide who they are attacking? What if they attack the wrong person due to misattribution? What if they do it due to incompetence (stretch your mind adn try to imagine incompetence in IT) or just to look like they did something? What if they attack enemies or competitors? I'm sure they can find some excuse.
In every other domain of justice, there is a warrant, an arrest, indictment, and trial, involving they agreement of many people in two branches of government.
Also, does this mean I can 'hack back' the endless scammers?
I agree with the characterisation of this activity as 'cyber-warfare', but that has the consequence that telling businesses to 'hack back' is inviting them to raise private armies, with which I strenuously disagree. That sort of thing does, however, to fit with the present administration's ideology.
Would this open "interesting" possibilities for false flags: make one entity attack another entity you don't like, and now watch them fight each other.
The referenced policy says "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities."
I have this huge looming sensation private credit will trigger a mini 2008, but instead of investors sucking up the losses, as they should, american taxpayers will be left with the bill.
Relying on good will and people doing the right thing is clearly bullshit - any system which is insecure should be a legitimate target, and the onus needs to be on those who own the systems to secure them, and be unable to disclaim liability if they do not.
However, the law needs to reflect that if people are to actually take the suggestions seriously.
State sponsored cyberattacks by China should be considered an act of war by the US government. Telling private firms to hack back isn’t a solution. Unfortunately Trump has been spineless and weak on China, as we have seen in the tariff debacle and in the TikTok ban debacle.
171 comments
https://en.wikipedia.org/wiki/Letter_of_marque
> more about authorizing private to your army to find and capture pirate vessels
I think important detail is that it authorised attacks on any foreign vessel (of a specific nation), not only on pirate ships.
Verifying the actual source of a hack is not necessarily easy, as far as I know.
One reason: When a corporation attacks someone, how do they decide who they are attacking? What if they attack the wrong person due to misattribution? What if they do it due to incompetence (stretch your mind adn try to imagine incompetence in IT) or just to look like they did something? What if they attack enemies or competitors? I'm sure they can find some excuse.
In every other domain of justice, there is a warrant, an arrest, indictment, and trial, involving they agreement of many people in two branches of government.
Also, does this mean I can 'hack back' the endless scammers?
https://www.whitehouse.gov/wp-content/uploads/2026/03/Presid...
I don't see where the policy instructs the private sector to "hack back", a quoted term in the article.
>
https://archive.ph/vwuA1Link seems to be down ATM. Is this caused by that cloud flare issue affecting archive.today that was just posted recently?
> America tells private firms to “hack back”
Only if they know that they have been hacked. Hello Microsoft
However, the law needs to reflect that if people are to actually take the suggestions seriously.