Abstract
Beyond the context of “ethical hacking” where network attacks are conducted with the explicit permission of the network owner, such as during a penetration test, “hacking” typically violates state and federal laws. An emergent perspective that a company may take the law into their own hands and fight fire with fire termed ‘hack-back’ or ‘active defense’ has begun to gain momentum. This is where a corporate entity may engage in attacks which are commensurate with the attack perpetrated. We explore the emergent area of ‘active defense’ or ‘hack back strategy’ where, in response to persistent and potentially damaging hack attempts upon an entity, an active defense model is considered. We outline the cyberdefense team and what this might mean from an active defense perspective
