Hack-Back
What is Hack-Back?
Hack-BackOffensive retaliatory action by a private victim against an attacker's infrastructure, generally illegal under most national computer-misuse laws.
Hack-back, sometimes called active cyber defense outside one's own perimeter, refers to private entities counter-attacking adversary infrastructure to retrieve stolen data, disable a botnet, or destroy malware. In nearly all jurisdictions, including the United States (CFAA), the European Union, and the United Kingdom (Computer Misuse Act 1990), unauthorised access to a third-party system is unlawful — even when that system was used to attack you. Proponents argue hack-back deters attackers and recovers losses; opponents warn of attribution errors, collateral damage to innocent hosts, escalation, and the lack of judicial oversight. Most regulators and frameworks recommend pursuing law-enforcement, takedown providers, and active defense within owned assets instead.
● Examples
- 01
Private firm wipes data on a foreign server believed to host stolen intellectual property.
- 02
Victim deploys a remote-access trojan against a phishing kit's command-and-control server.
● Frequently asked questions
What is Hack-Back?
Offensive retaliatory action by a private victim against an attacker's infrastructure, generally illegal under most national computer-misuse laws. It belongs to the Defense & Operations category of cybersecurity.
What does Hack-Back mean?
Offensive retaliatory action by a private victim against an attacker's infrastructure, generally illegal under most national computer-misuse laws.
How does Hack-Back work?
Hack-back, sometimes called active cyber defense outside one's own perimeter, refers to private entities counter-attacking adversary infrastructure to retrieve stolen data, disable a botnet, or destroy malware. In nearly all jurisdictions, including the United States (CFAA), the European Union, and the United Kingdom (Computer Misuse Act 1990), unauthorised access to a third-party system is unlawful — even when that system was used to attack you. Proponents argue hack-back deters attackers and recovers losses; opponents warn of attribution errors, collateral damage to innocent hosts, escalation, and the lack of judicial oversight. Most regulators and frameworks recommend pursuing law-enforcement, takedown providers, and active defense within owned assets instead.
How do you defend against Hack-Back?
Defences for Hack-Back typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Hack-Back?
Common alternative names include: Counter-hacking, Offensive countermeasures.
● Related terms
- defense-ops№ 012
Active Defense
A defensive strategy that goes beyond passive monitoring to engage, mislead, and disrupt adversaries inside the defender's own network and assets.
- defense-ops№ 293
Deception Technology
A defensive approach that deploys decoys, breadcrumbs, and fake assets across the environment to detect, mislead, and study attackers with high fidelity.
- forensics-ir№ 524
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
- defense-ops№ 1148
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.