Cybersecurity Firm Lets Clients Chase Hackers Back
Palo Alto-headquartered Cymmetria unveiled a "hack back" software that pushes up against the limits of U.S. law
Palo Alto, California-headquartered cybersecurity firm Cymmetria Inc. released a new software tool to hack into the computer of a cyber attacker, a legally delicate maneuver known as a “hack back.”
Cymmetria's founding team
“We work within the limits of the customer’s network,” said Gadi Evron, Cymmetria’s founder, and CEO. “We don’t chase the hacker beyond the confines of the private network in which we operate.”
As long as the hacker maintains a channel into a company’s network, Cymmertria’s software can respond by tracking and taking control of the hacker’s computer, even wiping its hard drive clean.
Cymmetria’s product launch builds on its reputation in the area of hacker deception, a method of setting decoys for infiltrators and catching them in the act. A graduate of Y Combinator’s acceleration program, Cymmeteria was founded in 2014 in Israel. In 2015, the company closed a $9 million funding round led by San Francisco-based venture firm Sherpa Capital. With offices in Palo Alto, California and Tel-Aviv, the company employs 35 people according to LinkedIn’s data.
This past year has seen a bipartisan effort in the U.S. Congress to give more leeway to information security specialists, who are responding to increasingly more intensive and sophisticated attacks, to hack back. Under the proposed Active Cyber Defense Certainty Act, cyber defense personnel would be permitted to actively chase after hackers prancing around the digital universe.
Critics warn that legalizing hack backs could have unintended consequences such as damage to third parties, or abuse of power.