FBI Probes Revenge Hacks by U.S. Banks

U.S. banks that were attacked by Iran-based hackers in late 2012 reportedly considered hacking the Iranians in response, according to Bloomberg News. That would-be retaliation has apparently gotten the attention of the U.S. Federal Bureau of Investigations (FBI), which is now looking into the banks’ actions, Bloomberg reported.

The FBI is “looking into whether hackers working on behalf of any U.S. financial institutions disabled servers that were being used by Iran to attack the Web sites of major banks,” according to Bloomberg. The article cited sources who claimed that JPMorgan Chase “advocated such a move in a closed meeting in February 2013.” A bank spokesperson told Bloomberg that said no such action had been taken. We reached out to the FBI to verify those reports, and were told by a spokesperson, “I’ll decline to comment.”

Computer Fraud and Abuse Act

Under the U.S. Computer Fraud and Abuse Act, approved by Congress in 1986, knowingly accessing a computer without authorization to access data, cause damage or extort payments is a criminal offense that can carry heavy penalties.

Tech entrepreneur and hacktivist Aaron Swartz, for example, was arrested in early 2011 and charged with two counts of wire fraud and 11 counts of violating the Computer Fraud and Abuse Act in connection with downloading large numbers of articles from the academic publishing site JSTOR. He faced up to 35 years in prison and up to $1 million in fines.

Shortly after declining a plea bargain in the case, Swartz hanged himself. His case has become a cause celebre for online activists and proponents of open access.

$575 Billion in Cybercrime Losses

For some, though, the risk of being prosecuted for Computer Fraud and Abuse Act violations is increasingly being outweighed by the frustration of becoming the victims of costly, business-damaging hacks. The Bloomberg article cited several security experts and former law-enforcement officials who said organizations that have been hacked are itching to strike back.

“That has led a growing number of companies to push the limits of existing law to consider ways to break into hackers’ networks to retrieve stolen data or even knock computers offline to stop attacks,” the article noted.

While the frustration of being hacked is understandable, revenge hacking is not only against the law but could make a hacking victim’s situation even worse, Bloomberg added, noting, “attackers who aren’t purged from the network could escalate the assault or ramp up attacks on other companies targeted by the same group.”

Cybercrime could be costing the global economy as much as $575 billion in losses, according to a June 2014 report from Intel’s McAfee computer security firm.