Post

The Host Pays: Why the Hackback Law Can Only Strike the Innocent

A commentary on Germany's active cyber defense law and the infrastructure it cannot tell apart from the enemy.

The Host Pays: Why the Hackback Law Can Only Strike the Innocent

The first system Germany destroys under its new law will belong to someone who did nothing. A clinic’s backup server, or a worn-out home router that an attacker borrowed for an afternoon and left running in a stranger’s hallway. On Wednesday, 27 May, the federal cabinet approved the bill.1 The Bundestag still has to pass it, and once it does the security services will be able to reach into that machine to read what is on it and delete what they find, without ever telling the owner.2 Dobrindt put the aim in three words. We strike back.3 The state will disrupt the attacker and destroy his infrastructure. The attacker stopped owning his infrastructure years ago.

I. The clean target the law imagines

Beneath the drafting, the law rests on one assumption. There is a server at the far end of an attack, it belongs to the adversary, and ending it costs no one else. The cabinet text lets the authorities take a threatening system offline and reroute or record its traffic. It lets them alter or delete the data the machine holds, including on systems abroad. It also lets them read that data out and keep it.4 A court order is required only where the intrusion reaches into a private system and collects data from it. The shutdown and the reroute carry no judicial check at all, and even the order that does apply can arrive up to three days after the operation in cases of imminent danger.5 Read the sequence. The box is touched first and the judge, where there is one, signs off after. The owner is never told.

Dobrindt calls this precision rather than a barrage. The aim, he says, is to disable the servers used as launch points.6 Precision is the word worth holding, because precision is a claim about knowledge. It says you know which box is the enemy’s. The rest of this argument is about why, in 2026, you do not.

II. The borrowed server

Here is what the launch point usually is. The dominant tradecraft for serious intrusion now runs through what Google’s Mandiant calls operational relay box networks, meshes of machines the attacker does not own and only borrows.7 The nodes are leased virtual servers and compromised devices, insecure home routers, end-of-life hardware, industrial controllers, healthcare equipment.8 The threat actor does not control the infrastructure. He uses it briefly and cycles it out for the next one. A single network of this kind serves several state groups at once.9

Operators build it that way on purpose. They push ordinary traffic, a stranger’s messages and browsing, through the same boxes that carry the attack, so the malicious flow disappears into the legitimate one.10 The machine a German operator would strike is therefore doing two jobs in the same instant. It relays an intrusion the owner cannot see, and it carries the daily life of a person who has no idea any of it is happening. Destroying it ends both. The government knows this. Its own draft describes the borrowed infrastructure in plain terms, the chains of proxy and VPN servers and the command servers run anonymously. It goes further still, and names the case where the state must break into a hacked third party precisely because the provider has itself been compromised and cannot be reached.11

III. The collateral question has no owner

The earlier work in this series mapped the same shape of failure, a consequential risk that every institution treats as someone else’s problem.1213 The active defense law reproduces it around one question. When the strike lands on the borrowed host, who answers for the host?

The defender has a ready answer, and it deserves to stand at full height before it is tested. The harshest reach, into a private system to collect its data, was written to the limits the Constitutional Court drew in June 2025, and it carries the judge that ruling demands.5 The power is held back for serious cases, a qualifying threshold with real content. The work is assigned to dedicated specialist units, trained to read infrastructure. Taken on its own terms, it is a genuine constraint. Every prong of it rests on one assumption, the same one folded into the word Dobrindt chose. It assumes the box at the far end can be known for what it is.

Begin with the statute, because the statute does not overlook the borrowed host. It names it. The official reasoning states that the power reaches the systems of the injured party, and it gives them a word, victim systems. It authorizes the strike on those systems anyway, and it authorizes the strike even where uninvolved third parties are unavoidably caught, with the changes undone afterward only where that is technically possible and does not defeat the operation.14 The drafters saw the case this series is about and wrote it into the grant of power.

The minister has heard this objection, and his answer deserves the same daylight. Presenting the cabinet decision, Dobrindt reached for an analogy. When a danger emanates from an ownerless suitcase, the state steps in and does not first establish whose suitcase it is. Who stands behind the system is, in his framing, irrelevant, though he allows that the owner of attacking devices is today often known.15 Set the suitcase against the statute it defends. The analogy works because the suitcase is herrenlos, a thing without an owner, so removing it wrongs no one. The hijacked router fails that condition in the only way that matters. It has an owner, and the law’s own reasoning has already given the owner’s machine its name, the victim system. The analogy and the precision claim cannot carry the law together. Precision says the state knows whose box it is. The suitcase waives the question. A defense that needs both has conceded that neither stands alone. Two weeks before the cabinet decision, the minister called the idea of blindly striking the uninvolved unrealistic.15 His bill authorizes the strike where they are unavoidably caught.

The check that should catch the error is attribution, the capability now collapsing fastest. The bill’s reasoning treats it as solved. The identification of the relevant systems, it states, is regularly unambiguous, by IP addresses, network characteristics and malware signatures.16 That sentence answers an easier question than the one the strike poses. Every relay node has an address, and finding it was never the contested step. Mandiant’s own framing is that these relay networks degrade the indicators defenders depend on and make it hard to pin an attack on any single actor, because the infrastructure shifts and is shared.7 The certainty the strike requires, that this box is the enemy’s, is the certainty the architecture is built to deny.

Oversight reaches the problem only after the fact. In the consultation, Interface’s Sven Herpig warned that these measures carry collateral damage and misattribution into the systems of third parties, and that because they run covert the affected party is often left with no individual remedy.17 He added the detail that should end the precision claim on its own. The operations tend to slow adversaries rather than stop them.17

The pattern does not stop at the harm. The authority to inflict it has no clear owner either. Konstantin von Notz of the Grünen, deputy chair of the parliamentary oversight panel, called the bill badly built and incoherent about who carries responsibility for the countermeasures.18 Die Linke calls it an unconstitutional hackback law and argues the federation holds no general competence for cyber defense without amending the Basic Law.19 The bill half-concedes the point. Its own reasoning admits that general cyber-defense competence stays with the states, and rests the new federal task on the nature of the matter and a clause about Germany’s standing among nations.20 Even the question of who is allowed to do this has no settled owner.

IV. The care the state cannot afford

Grant, for a moment, that an operator could tell the clinic from the relay. He would still need the time and the seniority to do it, on every strike, under load. The apparatus built to carry this does not have that slack, and the record is plain.

In the summer of 2025 the Federal Court of Audit reported that the government’s own information technology was not prepared for the current threat, that detection and resilience were lacking, and that German cyber security ran through a jungle of institutions and overlapping responsibilities.21 That is the body now being handed an offensive mission. Herpig’s reading of the staffing is that the state is standing up expensive, single-use strike capacity while the durable defensive structures that actually reduce risk stay starved.17 The bill answers a documented shortage of everyday defense with a new power to attack.

The new mission draws on the same drained well. The bill funds about 375 new posts across the three agencies, with annual costs it puts at roughly €56 million once the hiring is done.22 Those seats recruit from a market that already cannot fill the ordinary police pipeline, where applications have fallen in nearly all the states and training places sit empty.23 Senior cyber-forensics skill is among the most expensive talent on the market, and the state competes for it from the bottom of the public pay scale. The seats go unfilled or fill junior, and the careful judgment the strike depends on needs the seniority that will not be in the chair.

Applied to the attribution step, that logic makes the guardrail give way. The ministry sells the regime as precision, used only in individual cases. Its own budget tells a different story. The fiscal annex plans for roughly three hundred system shutdowns and six hundred traffic redirections a year at the BKA, and staffs the read, delete and alter power at about seventy full-time posts and the new task at over a hundred.22 At that planned volume the proportionality check is the first corner cut, the same way the petty case is the first to go unprosecuted when the queue grows. The law also sets no expiry and orders no evaluation of whether any of it worked.22 None of this requires bad faith. Volume is enough, and volume is the one thing the adversary controls.

V. Who pays

The cuckoo does not raise its own young. It lays in another bird’s nest and leaves, and the host feeds the chick that was never his. The attacker works the same way. He lays his operation in a stranger’s machine, runs it for an afternoon, and is gone to the next nest before anyone looks. The law arrives after he has left. It finds the host sitting on the egg and strikes that.24

The cost falls on someone, and the attacker is already gone, cycled to the next borrowed box before the order is signed. The machine that absorbs the strike is the one that was holding still, the clinic or the household behind the compromised router. It is hit without warning and given no door to knock on afterward. The order can issue without the owner ever being heard, and the host who carried out the takedown can be barred from saying it happened.2 The bill also writes no rule for what the strike breaks. The consultation asked for a liability basis and warned that existing law gives the struck operator no clear claim. The cabinet text contains none.25 In the first two pieces of this series no one paid the loss and no one owned the risk. Here the law assigns both, and it assigns them to the host. That is what the cabinet approved on Wednesday. A power written into statute, whose first certain casualty is the machine that did nothing and the owner who hears nothing.


  1. Federal cabinet adoption of the “Gesetz zur Stärkung der Cybersicherheit,” 27 May 2026; forwarded to the Bundesrat as Drucksache 323/26 on 29 May 2026, designated besonders eilbedürftig (particularly urgent), which halves the chamber’s comment period; Bundestag approval pending. Bundesregierung.de and ZDF, 27 May 2026. Statutory text cited throughout is the Gesetzentwurf der Bundesregierung, Bearbeitungsstand 21 May 2026, a Mantelgesetz amending the Federal Police Act (BPolG), the BSI Act (BSIG), the Federal Criminal Police Office Act (BKAG), the Telecommunications-Digital-Services Data Protection Act (TDDDG) and the Energy Industry Act (EnWG). ↩︎

  2. The owner need not be told. The court order issues without a hearing of the affected person and its notification may be withheld for secrecy (§ 41a(6) BPolG; § 68e BKAG), and the agency may forbid the operator who carried out the measure from disclosing it to those affected, a non-disclosure order that runs twelve months before any court reviews its continuation (§ 41a(11) BPolG; § 68f BKAG). A notification duty exists only for the read-delete-alter power and only toward the system owner (§ 78(1) no. 7 BPolG; § 74 BKAG, limited there to private systems), and it may be deferred while notification would endanger the purpose of the measure. For shutdowns and traffic redirection there is no individual notification duty at all. See also t-online, “Kabinett gibt BSI und Polizei Befugnisse zur Cyberabwehr,” 27 May 2026. ↩︎ ↩︎2

  3. Dobrindt on the cabinet decision: “Wir schlagen zurück.” taz, “Gesetzentwurf zur Cybersicherheit: Don’t call it Hackback,” 27 May 2026. ↩︎

  4. Powers granted to the Federal Police and the BKA: prohibit the operation of an IT system from which a danger emanates; redirect that traffic to a police-specified address and record it, or restrict or block it, in each case “auch ohne Wissen der Betroffenen”; and read out, delete or alter the relevant data, “auch durch Eingriff mit technischen Mitteln und ohne Wissen der Betroffenen” (§ 41a(1) BPolG; §§ 68b–68d BKAG). The reasoning to the new BKA task contemplates altering and deleting data on attackers’ systems located abroad (§ 3a(1) no. 3 and Begründung). Reported in Reuters (Markus Wacket), “German authorities to get more powers against foreign hackers,” 27 February 2026. ↩︎

  5. The court order is the exception, not the rule. The bill states that as a baseline these measures require neither qualified protected interests nor a judicial reservation; the reservation applies only where the intrusion reaches a private IT system and collects data from it (§ 41a(5)–(6) BPolG; § 68e BKAG, with Begründung). Where it applies, at imminent danger (“Gefahr im Verzug”) the agency may act first and a court must confirm “binnen drei Tagen” or the order lapses (§ 41a(6) BPolG; § 68e(4) BKAG). The private-system threshold tracks the Federal Constitutional Court’s IT-systems fundamental right (BVerfG, 24 June 2025, 1 BvR 2466/19 and 1 BvR 180/23, “Trojaner I” and “II”), cited in the bill. ↩︎ ↩︎2

  6. heise online, “Draft Law: Police to no longer just reactively defend against cyberattacks,” 28 February 2026. Dobrindt frames the goal as precise interventions to disable servers used as launch points. ↩︎

  7. Mandiant (Michael Raggi), “IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders,” Google Cloud, 22 May 2024. Command-and-control runs through proxy meshes of compromised devices the actor does not control and cycles rapidly; the networks degrade the indicators defenders rely on for attribution. ↩︎ ↩︎2

  8. Team Cymru, “An Introduction to Operational Relay Box (ORB) Networks,” December 2024. Nodes are leased VPS or compromised IoT devices, including insecure routers, industrial control systems and healthcare devices. ↩︎

  9. Mandiant reporting via BankInfoSecurity, 2024. A single ORB network can be used by multiple nation-state actors for command-and-control. ↩︎

  10. Mandiant analysis, summarized in Matt Ryan, “It’s ORBin’ Time: Detecting Covert Relay Networks,” July 2025. Operators route legitimate traffic through the same infrastructure used for malicious activity to mask it. ↩︎

  11. The government’s own draft describes this architecture: chains of proxy and VPN servers, command-and-control servers operated “weitgehend anonym,” and intrusions into the systems of hacked third parties undertaken precisely because the provider or affected company “gehackt wurde und daher nicht erreichbar ist.” The reasoning names the targets “Opfersysteme.” Regierungsentwurf, Begründung to § 41a BPolG and § 68d BKAG. ↩︎

  12. Leonard Gráf, “Peacetime Architecture: Why the ISMS Fails in a Geopolitical Threat Environment,” April 2026. ↩︎

  13. Leonard Gráf, “Who Pays When the Dam Opens,” April 2026. ↩︎

  14. The statute names the victim. The reasoning states the measure targets both attackers’ systems and those of the injured party (“Opfersysteme”) (Begründung to § 41a(1) no. 3 BPolG; Begründung to § 68d BKAG). It authorizes the measures “auch … wenn Dritte unvermeidbar betroffen werden” (§ 41a(3) BPolG; § 68d(4) BKAG), and requires changes to be reversed only “soweit dies technisch möglich ist und dem Zweck der Maßnahme nicht entgegensteht” (§ 41a(4) BPolG; § 68d(3) BKAG). ↩︎

  15. The minister supplied the analogy himself, presenting the cabinet decision: “Wenn von einem herrenlosen Koffer eine Gefahr ausgeht, dann schreiten wir dagegen ein und klären nicht erst auf, wem dieser Koffer gehört.” The report renders the ownership point in indirect speech, who exactly stands behind the system being irrelevant to the danger standard, and carries his caveat that it is often known today to whom attacking devices are attributable. Falk Steiner, “Umstrittene Befugnisse: BKA erhält Zugriff auf Angreifer-Infrastruktur,” heise online, 27 May 2026. The earlier statement: “Von daher ist die Idee, man könnte irgendwie blind Unbeteiligte treffen, unrealistisch.” heise online, “Dobrindt: Abschrecken, abwehren und abschalten in Kürze,” 12 May 2026. ↩︎ ↩︎2

  16. Begründung to § 41a BPolG: “Die Identifizierung entsprechender IT-Systeme ist regelmäßig eindeutig möglich (anhand von IP-Adressen, Adressbereichen, spezifischen Netzwerkmerkmalen und Schadsoftwaresignaturen, wie beispielsweise Hashwerten, Cookies, verwendeten User-Agents, etc.).” The same passage concedes that attackers may detect the police access and move to other systems or server chains. Regierungsentwurf, Bearbeitungsstand 21 May 2026, Begründung zu Artikel 1 Nummer 2. ↩︎

  17. Dr. Sven Herpig, Interface, written statement (Stellungnahme) on the Gesetz zur Stärkung der Cybersicherheit, submitted in the BMI’s Verbändebeteiligung on the Referentenentwurf of 27 February 2026; quoted by netzpolitik.org on 16 March 2026. Note: the Stellungnahme cites the Referentenentwurf’s numbering (§§ 62b–62g BKAG-E); the cabinet version of 27 May renumbered these powers §§ 68a–68f, as cited in this piece, without material change. Herpig names collateral damage and misattribution; the measures reach the systems of third parties; because they are covert, individual legal remedies are often unavailable; and the staffing builds single-use strike capacity at the expense of durable defensive structures. The slow-rather-than-stop point he makes quoting Tom Uren: effective takedowns are “speed bumps rather than roadblocks.” ↩︎ ↩︎2 ↩︎3

  18. Konstantin von Notz (Grüne), deputy chair of the Parlamentarisches Kontrollgremium, to the newspapers of the Mediengruppe Bayern, 28 May 2026: the bill is “handwerklich leider extrem schlecht gemacht,” with unclear future responsibility for digital countermeasures. ↩︎

  19. Clara Bünger (Die Linke), in taz, “Gesetzentwurf zur Cybersicherheit: Don’t call it Hackback,” 27 May 2026: “Der Regierungsentwurf ist im Kern ein verfassungswidriges Hackback-Gesetz.” Die Linke further argues the federation holds no general competence for cyber defense without amending the Basic Law. ↩︎

  20. The bill’s own reasoning concedes that “die generelle Zuständigkeit für die Gefahrenabwehr im Cyberraum liegt weiterhin bei den Ländern” and rests the new BKA task on Article 73(1) nos. 1, 9a and 10 of the Basic Law and on the nature of the matter (§ 3a BKAG; Begründung, section on legislative competence). ↩︎

  21. Bundesrechnungshof, report under § 88(2) BHO on federal cyber security, summer 2025: the federation’s own IT is “nicht auf die aktuellen Bedrohungen vorbereitet,” with deficits in detection and resilience and a security architecture marked by “einen Dschungel von Institutionen und Zuständigkeiten.” Cited in Herpig’s statement; document hosted via Politico, July 2025. ↩︎

  22. Funding and scale, from the bill’s own fiscal section (Regierungsentwurf, parts D and VI.3). About 375 new posts across the three agencies: 264 at the BKA (49 higher service, 215 upper service), 90 at the Federal Police, 21 at the BSI; annual costs of roughly €33.9 million plus €5 million in materials at the BKA, €14.6 million at the Federal Police and €3 million at the BSI. The annex plans for roughly 300 system shutdowns (§ 68b) and 600 traffic redirections (§ 68c) per year at the BKA, and staffs the read-delete-alter power (§ 68d) at about 70 full-time posts and the new task (§ 3a) at over 107. Section VIII provides no time limit and no evaluation clause. ↩︎ ↩︎2 ↩︎3

  23. CORRECTIV, “Polizei am Limit? Die Zahlen aller Bundesländer im Check,” 20 March 2026. Police applications fell in nearly all the Länder between 2020 and 2025; training places go unfilled; dropout is high. ↩︎

  24. The metaphor has an ancestor. Clifford Stoll, The Cuckoo’s Egg (Doubleday, 1989), the founding account of a tracked intrusion, named the attacker’s planted code the egg, hatched inside the victim’s machine. This piece begins after the hatching. The intruder is gone, the host remains in the nest, and the law strikes the nest. ↩︎

  25. AG KRITIS, Stellungnahme zum Referentenentwurf eines Gesetzes zur Stärkung der Cybersicherheit, 12 March 2026, section 3.4.2, demanding a special statutory liability basis for direct and indirect damage caused by the new powers and finding that neither the affected operator nor indirectly harmed companies and citizens hold a clear legal basis for damages claims against the state under current law. The Regierungsentwurf of 21 May 2026 contains no liability provision; neither the word Haftung nor Entschädigung appears anywhere in the cabinet text. ↩︎

This post is licensed under CC BY 4.0 by the author.