Home / Blogs

State Hacking: Do's and Don'ts, Pros and Cons

Wout de Natris

Over the past days a lot has been said and written on counter hacking by enforcement agencies. The cause is a letter Dutch Minister I. Opstelten, Security & Justice, sent to parliament. Pros and cons were debated and exchanged. Despite the fact that I perfectly understand the frustration of enforcement agencies of having to find actionable data and evidence that gets criminals convicted in a borderless, amorphous environment, a line seems to be crossed with this idea presented to Dutch parliament. Where are we?

(Inter)national cooperation

Two things stand out for me in this discussion: information can be extremely hard to find on and around the Internet; national and international cooperation is apparently very hard to achieve.

a. Researching the Internet
The first is that it is often unclear where criminal activities, spam, hacks, espionage, etc. on the Internet really comes from. This all has to do with flaws in soft and hardware, the ease with which Internet resources can be acquired, hosting companies that specialise in bullet proof hosting and borders in the real world, that do not exist online and many, many more. Most of the options to change this lie beyond the grasp of governments, in the private realm.

b. Cooperation
The second is that national and international cooperation is very hard to establish, as the report of De Natris Consult shows. In other words receiving data and evidence from abroad takes time, effort and at times is completely impossible as some agencies and countries are not able to or flatly refuse to cooperate. People that state that this need to be bettered, are spot on, but also need to realise that this is going to take years if not decades to realise. If ever. At the same time: start working on it today, right after reading this blog post. Don't lose another second to start achieving it.

I'm not even bringing in coordination of effort between different entities at national and international level here, as it is too far beyond the reality of most people. One of the answers to a securer Internet does lie here though.

Both these approaches are in the realm of governments, so why do most not make haste to better the positions of agencies to investigate, cooperate and coordinate and their ability to have more success at what they are meant to do in the first place?

We have to conclude that the two roads presented here to a safer Internet at present do not present a solution.


So, back to hacking. The public person advocating it most loudly in The Netherlands is Ronald Prins, CEO of Fox IT, accused on Twitter by Dutch ex-parliamentarian Femke Halsmema of having a commercial interest in the matter. Whether true or not, is not really relevant here, as the idea is embraced by a Dutch minister (and his advisers). I want to go back to crossing lines. What if we reverse the subject?


In a dictatorship there are many laws that are not acceptable in a democracy. Still, they are the applicable law in those states. So here we are, hacking away and at some stage a dictatorship decides to do so also and manages to hack into a server, in this country, of a secure hosting company hosting the domain of subversive elements (free speech advocates in our vocabulary) within the dictatorship. As a result it arrests the whole organisation and executes most members after a show process. Soon after the executions the dictatorship reports the hack to the The Netherlands' government as part of an investigation on the basis of laws X and Y. This is only reciprocal, right? (I would not be surprised if this is not already standard practice, illegally, unannounced, without anyone knowing. Making it standard practise is another matter.) It's not something that a country like The Netherlands wants to see happening.


In a democracy the rule of law is the standard. If a country is to allow hacks nationally or internationally, it could only be after due judicial process before the hacking and checks afterwards. Nationally I'd say that this is and should be the standard. The law allows it or not and has obligatory, standardised procedures before it is allowed.

Internationally international law and agreements kick in immediately. The question whether a hack could ever produce actionable data and evidence is a principal one. But even if this hurdle is taken, the circumstances should be the same as nationally. Any other way the rule of law is undermined, with all the negative consequences to a democracy. So if hacks are to be allowed, not without due judicial process in The Netherlands and elsewhere. The circumstances and specifics must be very well defined, for any country wanting to go this way. A sort of last resort when all else fails.

Securing a nation

An element that I think is seriously overlooked in this discussion, is how does a country want to protect its citizens, institutions and industry from online threats? By counter hacking surely not. Even if copying actionable data and evidence from servers and computers situated abroad is to be allowed, if the criminals are active from an unwilling country, not much changes. I have more confidence in another approach, on which more at a later stage. It will take cooperation, international cooperation even.


Yes, I do believe that, under the proper circumstances, hacking could be a tool used in investigations. E.g. to determine the location of a server when this is unclear. It ought to be a sort of last resort though. If not it is going to be easier and easier for enforcement agencies to cross lines further and further, invading privacy further and deeper, "as we have nothing to hide". A descending scale. It did not work this way in the past and shouldn't in the future. Innocent until proven guilty seems to become a burden, but this is one of the bold underscores of democracy. Also in times of the Internet. Again: do not do a digital something just because you can, without discussing consequences in a serious way!

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Law, Malware, Policy & Regulation, Privacy, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

DotConnectAfrica on "CONNECTing the Dots: Options for Future Action" at UNESCO, Paris

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Sponsored Topics


DNS Security

Sponsored by
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines


Sponsored by


Sponsored by