Home / Blogs

State Hacking: Do's and Don'ts, Pros and Cons

Wout de Natris

Over the past days a lot has been said and written on counter hacking by enforcement agencies. The cause is a letter Dutch Minister I. Opstelten, Security & Justice, sent to parliament. Pros and cons were debated and exchanged. Despite the fact that I perfectly understand the frustration of enforcement agencies of having to find actionable data and evidence that gets criminals convicted in a borderless, amorphous environment, a line seems to be crossed with this idea presented to Dutch parliament. Where are we?

(Inter)national cooperation

Two things stand out for me in this discussion: information can be extremely hard to find on and around the Internet; national and international cooperation is apparently very hard to achieve.

a. Researching the Internet
The first is that it is often unclear where criminal activities, spam, hacks, espionage, etc. on the Internet really comes from. This all has to do with flaws in soft and hardware, the ease with which Internet resources can be acquired, hosting companies that specialise in bullet proof hosting and borders in the real world, that do not exist online and many, many more. Most of the options to change this lie beyond the grasp of governments, in the private realm.

b. Cooperation
The second is that national and international cooperation is very hard to establish, as the report of De Natris Consult shows. In other words receiving data and evidence from abroad takes time, effort and at times is completely impossible as some agencies and countries are not able to or flatly refuse to cooperate. People that state that this need to be bettered, are spot on, but also need to realise that this is going to take years if not decades to realise. If ever. At the same time: start working on it today, right after reading this blog post. Don't lose another second to start achieving it.

I'm not even bringing in coordination of effort between different entities at national and international level here, as it is too far beyond the reality of most people. One of the answers to a securer Internet does lie here though.

Both these approaches are in the realm of governments, so why do most not make haste to better the positions of agencies to investigate, cooperate and coordinate and their ability to have more success at what they are meant to do in the first place?

We have to conclude that the two roads presented here to a safer Internet at present do not present a solution.


So, back to hacking. The public person advocating it most loudly in The Netherlands is Ronald Prins, CEO of Fox IT, accused on Twitter by Dutch ex-parliamentarian Femke Halsmema of having a commercial interest in the matter. Whether true or not, is not really relevant here, as the idea is embraced by a Dutch minister (and his advisers). I want to go back to crossing lines. What if we reverse the subject?


In a dictatorship there are many laws that are not acceptable in a democracy. Still, they are the applicable law in those states. So here we are, hacking away and at some stage a dictatorship decides to do so also and manages to hack into a server, in this country, of a secure hosting company hosting the domain of subversive elements (free speech advocates in our vocabulary) within the dictatorship. As a result it arrests the whole organisation and executes most members after a show process. Soon after the executions the dictatorship reports the hack to the The Netherlands' government as part of an investigation on the basis of laws X and Y. This is only reciprocal, right? (I would not be surprised if this is not already standard practice, illegally, unannounced, without anyone knowing. Making it standard practise is another matter.) It's not something that a country like The Netherlands wants to see happening.


In a democracy the rule of law is the standard. If a country is to allow hacks nationally or internationally, it could only be after due judicial process before the hacking and checks afterwards. Nationally I'd say that this is and should be the standard. The law allows it or not and has obligatory, standardised procedures before it is allowed.

Internationally international law and agreements kick in immediately. The question whether a hack could ever produce actionable data and evidence is a principal one. But even if this hurdle is taken, the circumstances should be the same as nationally. Any other way the rule of law is undermined, with all the negative consequences to a democracy. So if hacks are to be allowed, not without due judicial process in The Netherlands and elsewhere. The circumstances and specifics must be very well defined, for any country wanting to go this way. A sort of last resort when all else fails.

Securing a nation

An element that I think is seriously overlooked in this discussion, is how does a country want to protect its citizens, institutions and industry from online threats? By counter hacking surely not. Even if copying actionable data and evidence from servers and computers situated abroad is to be allowed, if the criminals are active from an unwilling country, not much changes. I have more confidence in another approach, on which more at a later stage. It will take cooperation, international cooperation even.


Yes, I do believe that, under the proper circumstances, hacking could be a tool used in investigations. E.g. to determine the location of a server when this is unclear. It ought to be a sort of last resort though. If not it is going to be easier and easier for enforcement agencies to cross lines further and further, invading privacy further and deeper, "as we have nothing to hide". A descending scale. It did not work this way in the past and shouldn't in the future. Innocent until proven guilty seems to become a burden, but this is one of the bold underscores of democracy. Also in times of the Internet. Again: do not do a digital something just because you can, without discussing consequences in a serious way!

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Law, Malware, Policy & Regulation, Privacy, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

The Deep Web and the Darknet - The Nether Regions of the Internet

Introducing the Verisign DNS Firewall

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

DotConnectAfrica on "CONNECTing the Dots: Options for Future Action" at UNESCO, Paris

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

Sponsored Topics