Companies are taking the law into their own hands to beat hackers who cost them millions of pounds each year.

They are going on the offensive and adopting hacking tools and techniques themselves, according to a former director of information warfare for the US Department of Defense.

Bob Ayers, director of UK security consultancy Para-Protect, says companies are frustrated by limitations in law enforcement methods, and some are now fighting back.

A popular tactic is hiring experts to trace the source of a hack and find weaknesses in a culprit's system. One website was offering the facility to overload a hacker's own computer with spam email, said Ayers.

"Viruses are simplistic, with almost anyone able to create them, but they are extremely effective. The Love Bug spread from the Philippines in six hours."

But counter-attacks could fall foul of the Computer Misuse Act or hit the wrong target.

"There is a rise in cyber-vigilantes, with many companies taking the law into their own hands," warned Ayers.

"If survival is threatened and a denial of service attack can put a user out of business, what are the options? Companies can call the National Hi-Tech Crime Unit and maybe sit and wait for the police to arrive a week later."

The cost of investigating an attack can also deter companies from taking the legal route, Ayers said.

• The US government prosecuted UK hacker Richard Pryce in 1997 for breaking into US Air Force systems. Pryce was fined just £1200 after an investigation costing $1 million.

Also published in Computing