World Affairs Journal has a lengthy but worthy article on active defence in cyberspace. Read it, if for nothing else then for choice quotes of either unadulterated stupidity, or (also likely) sentences taken out of context. Such as this:
There is also the legal question of whether private firms who have been subject to cyber attacks can legally strike back against attackers who penetrate their networks and steal their data. Steven Chabinsky, formerly the top cyber lawyer at the FBI, argues that if a company can identify the server from which a cyber attack originated, it should be able to hack into that server to delete or retrieve its stolen data. “It is universally accepted that in the physical world you have the right to protect your property without first going to law enforcement,” Chabinsky argued at a recent cyber symposium.
I seriously doubt that “universally accepted” right applies in the similar fashion that Chabinsky seems to advocate. What he’s advocating would play out like this in the physical world: you ‘know” someone stole your property and stored it at a third party, so you’re well within your rights to break into the third party’s property to retrieve your stolen goods.