Hack bill to allow hacked companies to "hack back"

A "hack bill", which is currently in the House of Representatives, would allow hacking victims to take certain retaliatory actions against the attackers
21 October 2017   1932

Rep. Tom Graves (R-GA-14) and Rep. Kyrsten Sinema (D-AZ-9) have introduced the Active Cyber Defense Certainty (ACDC) Act in the House of Representatives.

Active Cyber Defense Certainty Act
Active Cyber Defense Certainty Act

Known as the “hack back” bill, H.R. 4036 would amend the Computer Fraud and Abuse Act (section 1030 of title 18, United States Code) by defining the parameters within which parties defending their own computers or networks can respond to attacks by hacking the perpetrators.

Thus, if passed, the ACDC would except a hacking victim (a “defender”) “who uses a [tracking] program, code, or command” to help identify the source of a hack from prosecution under section 1030, so long as the software “originated on the computer of the defender but [was] copied or removed by an unauthorized user”. On top of that, the defender’s actions must not “result in the destruction of data or result in an impairment of the essential operating functionality of the attacker’s computer system, or intentionally create a backdoor enabling intrusive access into the attacker’s computer system".

The bill would also exclude from prosecution a defender who carries out an “active cyber defense measure,” defined as any measure by which the victim accesses an attacker’s computer to gather information that would help identify the attacker, disrupt continued hacking, or monitor the attacker “to assist in developing future … cyber defense techniques".

The ACDC would also authorize hacking victims to retrieve and destroy files stolen from them.

Finally, the bill requires defenders to notify the FBI’s National Cyber Investigative Joint Task Force of the type of breach that occurred, the intended target of the victim’s active cyber defense measures, and the steps that the victim intends to take in order to preserve evidence of the hack and prevent future attacks. 

However, probably, it's too early to be so excited.

Computer defenders should also exercise ex- 2 treme caution to avoid violating the law of any other 3 nation where an attacker’s computer may reside.
 

From the Active Cyber Defense Certainty Act

Thus, the ACDC also highlights that if untrained actors are authorized to retaliate against hackers, they may end up inadvertently victimizing innocent third parties. In light of this reality, the bill’s cautionary statement seemingly undercuts much of the power that the bill aims to grant hacking victims.

Binance Singapore Unit to Apply For License

Under the new law, aimed at regulating crypto paymetns and trading, firms must register with the Monetary Authority to receive a license
17 February 2020   294

Binance, a Singapore-based cryptocurrency exchange unit, has applied for a license under the new Payment Services Act, which entered into force on January 28.

We have already applied. We submitted the application pretty fast. Binance’s Singapore entity has been in close touch with the local regulators, and they have always been open-minded.

 

Changpeng Zhao

Founder and CEO, Binance

Under the new law, crypto companies in Singapore must register with the Monetary Authority and receive one of three licenses: an exchange of money, a standard or large payment institution. The measure is aimed at regulating payments and crypto trading using requirements for participants in the traditional finance industry. Zhao did not specify which of the licenses Binance Singapore chose.

Binance has been offering crypto-fiat trading services in Singapore since April 2019 and works with eight coins, including Bitcoin, Ethereum and XRP. The trading platform is supported by Vertex Venture Holdings, a venture division of Singapore's Temasek Holdings.