 Hey, what is up everybody? My name is John Hammond, and this is a video and It's a weird video because it's different from what I normally do and I know that's weird and I'm sorry but here we go, this is just a video where I kind of just talk and Hopefully it's not that bad. I know normally I just do videos where I'm like trying to showcase some Technology you're doing tutorials and programming or cyber security stuff and nonsense And I want to keep doing that. I'm sure I've been saying this for years and honestly just freaking way too long I want to keep doing this and but I struggle with time. I'm still in college I'm still at school and it's like a military school So there's obviously a lot more demands and obligations that kind of come my way Then then not your usual school. So I've said over and over again like oh man I'm gonna have more time this semester or next semester or this new year and stuff like that I even like promised like hey I'm gonna try and upload a video every day for 2018 and I didn't even last a week It was awful and now it's April, right? And I I sucked and I and I failed at that. So I'm sorry. I apologize But that doesn't stop me, you know, I am gonna graduate. I am gonna oldest Okay, I'm gonna get out of this place. I'm gonna leave. I don't know I'm somehow going to go away from the school one way or the other and That'll that'll happen in May So my life will just start and I'll be doing my own thing And I won't have to deal with being here and and having these obligations in this and this prison cell not gonna lie. So This video still going, okay, sorry, I'm just trying to I'm trying to monitor the display right here So you guys have something to watch it's not just straight me talking and not just boring stuff So hopefully there is at least a little bit of entertainment for you as you're just listening to me if I don't know but I'm trying to say that I will have more time and I've said that over and over again, but I genuinely will because I'm Not going to be in school anymore. My life will start and hopefully I'll be able to do more things but whatever let me get to the real point of this video and This isn't really a point. It's just me me talking and rambling and hopefully it'll be somewhat entertaining I guess if you'd like to listen or value my opinion. I don't know whatever okay, so the title of this video is should we hack back and That requires some context and backstory and background, right? so I get told you I go to school and I go to a military school and One of the classes I'm taking is a national security class so it's all about national security like the protection of the United States and It includes intelligence and cyber operations. So one of the things we talked about this week in class was At least and you see it as like a recurring theme, but like, okay, someone Hacks someone does some cyber security vulnerability and exploit pentest blah blah blah whatever whatever frame you want to put it in But something bad has happened to critical infrastructure to a corporation to a business, whatever you see it all over the news The Panera thing that just happened I follow zero daily and that's my newsletter through hacker one where I try and follow my news source and I saw that recently But obviously real world thing People get hacked things go wrong. So the question What kind of thing about is do we hack back? Should we hack back and I always have like this crazy knee-jerk reaction of this because I've I can't say grown up because it's not the right word But like for so long I've been kind of in more of the like software development like Engineering and building and creative side. I only within these few years here at school that I got into like the cyber security The good versus evil the vulnerability exploit like inquisitive curious break something make it do something that it's not supposed to do so I Don't know. I've always just had it instilled in me. Whenever someone asks should we hack back? I'm immediately like no That's a stupid idea. That is a bad idea. You never hack back and I don't want I don't want it I don't sound like really cheesy or kind of silly and or childish the way that I'm saying some of these things So please I don't know take this in whatever grain of salt you want But when I say hack back, I literally like cringe at that phrase because it almost sounds so silly But if you put it in like a government or military frame Maybe it's a little bit different because when I have that knee-jerk reaction of should we as a corporation Should should we as something right? Let's let's put the organization frame on it. It's been on it now should We hack back and I say No, immediately. No, that's a horrible idea. But that's again coming from the like business standpoint Okay, business standpoint isn't right I'm not trying to say like economic advantage or industry crap like that But normally I would think in the mindset of like, okay, if I'm a corporation if I'm like a company and I get hacked Obviously if if we're questioning. Oh, should we hack back? We should be like no That's not our place that is not our authority all we do as a business as security people trying to protect our service We shut up and we put like we you know, you put your head in your hands You ask yourself like what happened? Why did this happen? Why didn't we see this coming sooner? How do we harden protects our systems? How do we patch this etc etc? and that I Guess is why I justify as a corporation or as it as a company. No, do not hack back and then I Try and consider it from okay if we're a bigger person, right? Like we're the military we are government We are the nation-states. It's supposed to defend and protect our nation critical infrastructure crap like that Do we hack back? This case, I don't know right like yeah, we are in a place where we kind of should and and hack back as maybe not an offensive thing Obviously you hack back as in defense. It doesn't really make much sense But obviously like doing something within our capability to limit the adversaries capability to hinder what they are doing or trying to do Maybe that's not Directly engaging with them. Maybe that's not an explicit attack on them but something that is somewhere kind of in the peripherals that still hinders or inhibits the initial problem or the initial scenario and I struggle with this in a weird way because being where I am at this military school in this institution they rave and go they throw all these buzzwords and they say like cyber cyber this cyber that and Honestly because I like to think that I'm in the scene that word cyber has become so Saturated like it's lost all its value and just desensitized to it So when they try to say oh cyber is a new operational domain. It's the the new Battlefield for warfare and I say yes in a way it is. I mean, okay. Yes, it is it don't get me wrong It is you break things services go down power grids can go down. You can level buildings depending on what you do but No one and I think this is this is an I think here. This is I think I am under I I don't know with certainty, but I guess from what I know No one has died from a cyber attack at least it directly at least like explicitly Right like obviously maybe there are things I don't know if Stuxent is a is a proper example or if like power goes down as a hospital and Some of the equipment doesn't work right to like properly treat patients or something and people indirectly die and indirectly isn't even the right word though because people may die people die due to or because of this attack In which case you can say oh, well, then yeah, like follow through with that logic Shift some of your words around and realize you make this jump because because The initial because is because there wasn't it. There was a cyber attack. There was a hack something went wrong something broke and I I wonder about that because When you when you put in the frame of like okay, cyber is an operational domain. It's a Warfighting playing field You try and parallel like how do we frame what an attack what what is the magnitude of one attack? What's appropriate to respond or or take action against or even accountability like how we put someone in jail? Or what is the appropriate punishment for stuff like that? Because we don't know at least I think we don't know I don't know someone maybe of you as a watcher have more policy or more or more of an understanding of what is really written down in Legislature and please share your opinions and input because I Genuinely don't know so please enlighten me and maybe anyone else is watching but I'll I say you try and parallel things that happen in regular warfare or regular warfighting that were used to like guns and shooting people and missiles and explosions with Cyber security like okay DOS attack or sequel injection you exfiltrate PII stuff like that and I kind of wondered I had this thought in class like because it because I Wondered yes cyber security is an operational domain, but why did it become that way? Like how did that happen? Why is it? Why is it a war fighting place? Did we ever even really want it to be obviously? Yeah, there were flaws in technology and those people took advantage of it because you can do cool things with it and that's some neat nifty adrenaline rush, but We didn't invent computers like we didn't make computers For warfare. I don't at least I don't know. I don't think we did maybe probably in some case or in some example or some scenario You could but when we have businesses and corporations and stuff like Sorry, I was switching a video for display when we oh, I don't even know where my thought was holy crap. That's awful awful transition I'm sorry guys We make guns and we make computers But when we made computers we never intended them to be used for warfare because we'd we have corporations and businesses And we're trying to provide a service. It's something for another Individual it's something like in in the benefit of or like literally providing you service like oh pay your taxes online Do your online shopping? Check your I don't know Determine your water bill pay your taxes stuff like that and they're check your bank statement They're all things that are supposed to be like services for the people for the public There was never an intent to have warfare with that But I wonder if guns that's I wonder if weapons really like other Operational man's like you think of like air air land and sea right so Worships designed for warfare. No, we're airplanes designed for warfare. Maybe no. I don't know You say guns you say like a legitimate weapon Again, you can probably say no like go no guns are used for hunting and that was originally to serve and provide food If you were I don't know of that mindset of getting food to like feed yourself and your family so I I wonder with that because you can you can put those both in a in a peculiar situation where Were those really ever meant to be warfare things? And I Don't know right Right at this point. I feel like I'm losing my point to to be honest. I never really had a point to begin with in that Sure, the video is called it. Should we hack back? There is no yes or no answer right I don't know for one thing. I'm a kid. I'm just a little I'm genuinely a little kid just still in school And I think As a corporation as a business as a company the answer is no never you got to focus on Yourself and why did this happen? Wow? How can we patch? How can you make this better? How can make sure this never happens again? Why does happen to begin with etc. It's ever that's it's a super internal thing, but if you are Government or military then you should really genuinely consider What are the implications if we engage like what are the consequences? What are the actions? What comes of this what comes of our world if we engage on this? So hey, I guess those are my two cents. I think At least what I'm trying to mull through in my head. So I'm curious Is this something that you guys enjoyed listening to if it's something you even wanted to listen to is Can you can you provide any of your input? What do you know? What are you willing to share? What do you think? And do that in the comment section if you're willing to leave a like stuff like that I'll put I'll put in the the garbage outro intro stuff Yeah, if you're willing if you're interested in my channel and you want to see more stuff, please subscribe I will be posting more tutorials and videos. I'll get in the python I'll get in the power shell get into more of real stuff try to reduce on the old videos because I know they suck Trying to do more for you. So thank you guys for watching long video just me rambling Curious if you like that kind of thing I can do more of it It's easier to do because I just sit in the corner and talk out loud rather than try and plan out interactions But uh, whatever. Thanks for watching. I'll see you in a later video