Hack bill to allow hacked companies to "hack back"

A "hack bill", which is currently in the House of Representatives, would allow hacking victims to take certain retaliatory actions against the attackers
21 October 2017   1689

Rep. Tom Graves (R-GA-14) and Rep. Kyrsten Sinema (D-AZ-9) have introduced the Active Cyber Defense Certainty (ACDC) Act in the House of Representatives.

Active Cyber Defense Certainty Act
Active Cyber Defense Certainty Act

Known as the “hack back” bill, H.R. 4036 would amend the Computer Fraud and Abuse Act (section 1030 of title 18, United States Code) by defining the parameters within which parties defending their own computers or networks can respond to attacks by hacking the perpetrators.

Thus, if passed, the ACDC would except a hacking victim (a “defender”) “who uses a [tracking] program, code, or command” to help identify the source of a hack from prosecution under section 1030, so long as the software “originated on the computer of the defender but [was] copied or removed by an unauthorized user”. On top of that, the defender’s actions must not “result in the destruction of data or result in an impairment of the essential operating functionality of the attacker’s computer system, or intentionally create a backdoor enabling intrusive access into the attacker’s computer system".

The bill would also exclude from prosecution a defender who carries out an “active cyber defense measure,” defined as any measure by which the victim accesses an attacker’s computer to gather information that would help identify the attacker, disrupt continued hacking, or monitor the attacker “to assist in developing future … cyber defense techniques".

The ACDC would also authorize hacking victims to retrieve and destroy files stolen from them.

Finally, the bill requires defenders to notify the FBI’s National Cyber Investigative Joint Task Force of the type of breach that occurred, the intended target of the victim’s active cyber defense measures, and the steps that the victim intends to take in order to preserve evidence of the hack and prevent future attacks. 

However, probably, it's too early to be so excited.

Computer defenders should also exercise ex- 2 treme caution to avoid violating the law of any other 3 nation where an attacker’s computer may reside.
 

From the Active Cyber Defense Certainty Act

Thus, the ACDC also highlights that if untrained actors are authorized to retaliate against hackers, they may end up inadvertently victimizing innocent third parties. In light of this reality, the bill’s cautionary statement seemingly undercuts much of the power that the bill aims to grant hacking victims.

Binance to Start US Expansion

Site operator and US partner of the exchange BAM Trading is registered with FinCEN as a money transfer operator, but it operates only in California
14 June 2019   244

Binance in partnership with BAM Trading Services will open the US division called Binance US.

Note that BAM Trading, which will act as the site operator, is registered with FinCEN as a money transfer operator, however, it operates only in the territory of California.

We are excited to finally launch Binance.US and bring the security, speed, and liquidity of Binance.com to North America. Binance.US will be led by our local partner BAM and will serve the U.S. market in full regulatory compliance.
 

Changpeng Zhao

CEO, Binance

BAM Trading involves the mechanisms of the match and the principles of working with wallets that are implemented on the parent platform.

It is worth adding that FinCEN did not verify the information provided by BAM Trading, and the fact of registration is not a recommendation, confirmation of legality (activity) or direct support of a business by a government department.

From September 12, the parent platform Binance.com will stop serving American users.

At the same time, the exchange will no longer serve users who violate the provisions of the Terms of Use: they will retain access to their wallets with funds, but will not be able to trade.