Should hack-back be legal?
Summary
The article examines whether hack-back actions could be legal, from a server operator’s viewpoint. It surveys current laws (Germany, Austria, CFAA) that prohibit deliberate disruption of third-party systems, discusses tarpitting as a sanctioned countermeasure with limitations, and argues for a layered defense strategy. It also raises the idea of a nuanced legal framework for narrowly scoped, proportionate active defenses, noting that such frameworks are not yet established and attribution remains a challenge.