Businesses, under siege from hackers looking to steal sensitive information, increasingly want to take matters into their own hands. But the head of the National Security Agency is warning them not to become hackers themselves.
"Be very careful about going down that road," Adm. Michael Rogers, the NSA director, said Tuesday at a cybersecurity event hosted by the U.S. Chamber of Commerce. "As a nonlawyer, I would tell you, wow, think about the legal implications of this."
Some business groups are tired of focusing only on defensive measures as hackers breach their systems. They want to retaliate and damage the hackers' computer systems.
Advocates of "hacking back" say that punishing attackers can be an effective tool for a company to protect itself.
But the Computer Fraud and Abuse Act makes it illegal to break into a computer network without permission. There's no exemption for counterattacks.
Rogers said he understands the desire to hire "cyber mercenaries" to go after hackers. But he argued that companies should instead trust federal law enforcement to prosecute cyber criminals.
Stewart Baker, a former general counsel for the NSA, said companies should get careful legal advice before doing anything to a computer system they don't own.