Is the second Trump administration open to private-sector companies — or non-military or other government agencies — using offensive security against cyber threats?
September 14, 2025 •
“Google Threat Intelligence Group vice president Sandra Joyce recently revealed that the company is planning to form a ‘disruption unit’ in the coming months. ‘What we’re doing in the Google Threat Intelligence Group is intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation,’ Joyce said. ‘We have to get from a reactive position to a proactive one … if we’re going to make a difference right now.’”
The One Big Beautiful Bill Act was followed by the Aug. 15 proposal of the Scam Farms Marque and Reprisal Authorization Act of 2025 (House bill H.R. 4988), which reads: “The President of the United States is authorized and requested to commission, under officially issued letters of marque and reprisal, so many of privately armed and equipped persons and entities as, in the judgment of the President, the service may require, with suitable instructions to the leaders thereof, to employ all means reasonably necessary to seize outside the geographic boundaries of the United States and its territories the person and property of any individual or foreign government, as applicable, who the President determines is a member of a criminal enterprise or any conspirator associated with an enterprise involved in cybercrime who is responsible for an act of aggression against the United States,”
The Center for Cybersecurity Policy and Law wrote this in May 2025: “To Hack Back, or Not Hack Back? That is the Question … or is it?”:
“The call to embrace an offensive cyber response raises profound and urgent questions: Are we prepared to unleash these tools? Who should wield them? How do we protect against unintended consequences? Could use of such tools actually make us more vulnerable?
“Advocates argue that offensive cyber tools can deter adversaries and neutralize threats, but their deployment raises critical concerns about escalation, attribution, and collateral damage — including the risk of inadvertently harming innocent parties or foreign entities not responsible for malicious activities. Legal and ethical dilemmas abound, especially if offensive actions potentially bypass norms or set new precedents internationally. As the threat landscape intensifies, the nation must confront not only the tactical viability of offensive cyber operations but also their legal, ethical, and strategic implications.”
“The Trump administration and industry partners have discussed whether privateering contracts — once used to deputize pirate ships — could offer inspiration for authorizing private sector hacking operations against China, though many say the 18th-century tool wouldn’t cleanly map onto modern cyber warfare.
“The authority stems from a historically maritime legal mechanism, known as a letter of marque, that allowed privately owned ships to lawfully attack other vessels. Today, that authorization would aim to give the U.S. a better fighting chance against China and other nation-state adversaries.”
Dick Wilkinson, Chief Technology Officer: “In reality- Absolutely terrible idea. The actual military that has legal authority to do offensive cyber operations, barely does any offensive cyber operations. Offensive operations are only carried out after weeks or months of planning and careful coordination. Even after that, there are still extremely high chances of causing problems and tripping over other things out there in the cyber environment. Interagency coordination is almost nonexistent. Coordinating cyber pirates is just about impossible.”
Ryan Lindsay, Senior Unix Specialist Administrator: “I think one of the problems he may have is. As he’s removed any oversight, legal controls, for crypto and basically made that unregulated. If you now want to employ private sector hackers who’s currency of choice is crypto, there’s nothing to say that the privateer won’t just keep all the crypto they find, which might lead them to be more powerful than their employers. Also as the privateers are for hire, they can be hired to do offensive work against the US.”
Bryan S. Brandt, Technology Executive and Consultant: “Defense contractors have long supported cyber operations, so leveraging them to directly augment skill set or capacity has potential. There is enough structure in place to pursue specific objectives in close coordination with an official initiative.”
LOOKING BACK ON HACKING BACK?
No, this concept is not new, and we have discussed this topic numerous times in this blog over the past decade. For example, and for a more in-depth look:
In 2016: “Can ‘Hacking Back’ Be An Effective Cyber Answer?” — “With the exponential growth in data breaches over the past few years, the concept of ‘hacking back’ is growing in popularity. Proponents ask: If I can use a gun for self-defense in my home, why can’t I similarly ‘hack back’ against attackers who invade my cyberspace? Let’s examine that premise from different perspectives.”
In 2021: “The Case for Establishing a Digital Geneva Convention” — “Exponential increases in global cyber crime. Ransomware crippling governments and businesses. Nations ignoring cyber criminals operating on their soil. The time for international cooperation on cybersecurity is now.”
And this YouTube video described the process in 2023:
FINAL THOUGHTS
As I have written in many previous blogs, I see this “hack back” issue as problematic for the private sector, unless a very few highly trained and approved companies are unleashed to help. I don’t see the average Joe signing up to hack back and getting the OK from the presidential administration.
There are many, many issues with this idea, but don’t forget that this activity is going on now with U.S. three-letter agencies that are authorized to do it on a regular basis. Their authorities and skills make hacking back a part of daily life online, but the vast majority of Internet users should not be authorized, in my view, or our online problems will get worse, not better.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-privateers-the-return-of-the-hack-back-debate