donald trump gop rnc election
Ross
Franklin/AP

“We will explore the possibility of a free market for
Cyber-Insurance and make clear that users have a
self-defense right to deal with hackers as they see
fit.”

It’s just one sentence on the last two pages of the 2016
Republican Party Platform, but it has cybersecurity
professionals freaking out over its wider implications.

“If you walk by your neighbor’s house, look in his window, and
see the thing he stole from you yesterday, you’re not allowed to
break into his house and take it back,” Bruce Schneier, a
computer security expert and cryptographer,
told InfoRiskToday. “That’s the law. There’s a real reason
why we let the police and the justice system handle this.”

Though it seems the GOP platform is suggesting the digital
equivalent of exactly that.

In a striking departure from its 2012 vision for cybersecurity
— in which the GOP urged the government to share more
information on cyber threats and up its defenses — the
2016 platform’s phrasing that users can deal with hackers
“as they see fit” suggests the concept of “hacking back.”

And that’s a very dangerous concept, according to many
cybersecurity experts.

“What? Oh my god,” one hacker told Tech Insider on condition of
anonymity, since he’s a so-called “grey hat” who
worries about his own security. “That is crazy.”

The reaction was mainly due to the problem of attribution — a
rather messy business in the cybersecurity world. It’s pretty
easy to figure out who a thief walking into a gas station
and stealing a candy bar is, but that’s never the case on the
Internet, since hackers often use proxies and stolen computers to
mask who they truly are.

“Hacking back by organizations is a bad idea,” Malcolm Harkins,
Chief Security and Trust Officer for Cylance, wrote
on LinkedIn. “Bruce [Schneier] is right. It is
a truly crazy suggestion.”

If a company was hacked by someone operating from China, for
example, how would it actually know that? Without the resources
of intelligence agencies and the federal government, it’s much
more difficult to know whether the hacker came from China, or if
some unsuspecting person’s computer was hacked and now being used
to launch an attack.

The grey hat hacker Tech Insider spoke with showed how murky this
kind of thing is, explaining that he could hack a computer at
Coca-Cola and then use it to break into a network at Yum brands,
its competitor. By this platform, it would seem
that Coca-Cola hacking back into Yum brands would be a
self-defense play.

The hacker said it was possible that an attacker could use one
company’s servers to hack another in order to get a response back
— a digital “false flag” operation.

Besides its urging for average Internet users to fight back
against hackers, it also calls for more offensive hacking
operations by the US government in order “to avoid the cyber
equivalent of Pearl Harbor.”

That also is seen by experts as a problem, since there are
very few rules between nations when it comes to cyberspace. It’s
what the President has referred to as the “wild West.”

“The way that this section of the Republican platform is written
sounds as though it’s rationalizing the use of force following a
cyber-attack by way of defending the country,” former NSA IT
architect Will Ackerly told
FedScoop. “To that end, any offensive practice would give
everyone else in the room the latitude to justify their offensive
actions based on the United States’ rhetoric.”

The Republican Party did not immediately respond to a request for
comment from Tech Insider.