There have been many posts and links on Cybercrime Review discussing the legal implications of hacking back - see my collection of those posts, here: Hacking Back - are you authorized? A discussion of whether it's an invitation to federal prison or a justified reaction/strategy?. What is lost in these discussions is a strong foothold in real world examples. Well, now we have a recent, real life "hack back" to look upon - the Republic of Georgia's counter-espionage hack of a supposed Russian perpetrator who was propagating malware for the purposes of espionage against Georgia. This is a must read.
Here's the story from IT world: Irked by cyberspying, Georgia outs Russia-based hacker -- with photos
And here is the Georgia CERT report: CYBER ESPIONAGE -- Against Georgian Government - (Georbot Botnet)
A quick summary for those who don't want to follow the links -- Georgia had been getting attacked and mined for information from a botnet, and this included infiltration of government entities. Fed up with this, the Georgian government decided to take action: (taken from a ZDNET article about the same):
In order to lay the bait after the attacks increased in severity over the course of 2011, Georgia allowed a computer to be infected on purpose. Placing a ZIP archive named "Georgian-Nato Agreement," once opened, the investigator's own malware was installed.
While the alleged hacker was being photographed, his computer was rapidly mined for sensitive documents. One Word document contained instructions on who and how to hack particular targets; as well as website registration data linked to an address within Russia.As mentioned above, there are pictures of the Russian hacker in the report - part of the malware the hacker had been propagating (against Georgia) enabled webcams and took photographs. Georgia CERT experienced sweet revenge when this functionality was turned on the hacker himself.
Does this example change your opinion of "hacking back?"