FBI investigating possible revenge hacking by U.S. banks
American companies are seeking ways to fend off hack attacks, like the one that recently crippled Sony Pictures.
One method they're using is called revenge hacking. Companies who are hacked will try and hack their attackers, either to shut down their systems or to retrieve stolen information. But according to U.S. law, that is illegal. Now, the FBI is looking into some of the country's largest banks to see if they took revenge too far, CBS News' Jan Crawford reports.
In 2012, the U.S. government announced that Iran was behind the hacking of some of the country's largest banking institutions. The banks soon met with U.S. officials, where according to Bloomberg News, an individual from J.P. Morgan proposed that the banks hit back by taking down the Iranian servers.
"There were a lot of legal questions that came up, but somebody shut down the servers, and the FBI is trying to find out who did it," Bloomberg News reporter Michael Riley said.
According to the Computer Fraud and Abuse Act, a law passed almost 30 years ago, U.S. companies cannot access external computers to overload servers to retrieve stolen information or even to stop an impending attack.
"Right now the situation is that companies are on defense," Riley said. "They have to try and keep hackers out of their networks, and the hackers only have to win once."
Riley said the recent Sony hack showed that the FBI can help figure out who is behind an attack and can provide a company information on how to get the hackers out of their networks, but at that point information is already compromised.
"They are incredibly frustrated, they are incredibly vulnerable, and they are looking for other options, and some of those options may be going after the hackers," Riley said.
And for many companies the financial incentive is high. In 2013, Target reported up to 40 million debit or credit card accounts were compromised by hackers. Another 70 million customers had personal data stolen, eventually costing upwards of $350 million. A recent report by McAfee estimated that hacking costs the global economy up to $575 billion annually.
"Companies are under attack. Look at Target; Sony, they have been sued. Sony is being sued by their own employees saying, 'You should have done more to protect my data,'" cyber security firm Fortalice Solutions CEO Theresa Payton said.
She advises companies that, despite pressure, to not resort to cyber vigilantism.
"You could actually make a bad situation go from bad to a catastrophe," Payton said. "You have no idea what you could be taking offline. It could be an energy utility server. It could be a financial services server of a small community bank -- you don't know."
Payton said she hopes the FBI investigation will actually create a better framework for all industries dealing with hacking threats so they're better protected and not as vulnerable.