Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Is vigilante hacking legal?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="net1" data-source="post: 16994"><p>A legal expert is arguing that those under attack from 'zombie servers' and other Internet nuisances may be able to legally strike back - as long as they are careful </p><p>Striking back at computers that are attacking a company or home network could be legal under US federal nuisance laws, a technology-law expert said on Thursday.</p><p></p><p>Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal, stressed during a speech at the Black Hat Security Briefings conference in Seattle that no court case has yet established precedent regarding the use of a limited counterstrike to stop Internet attackers, but that nuisance statutes appear to apply.</p><p></p><p></p><p></p><p>"It has a lot of promise... if we can get the court to look at it," Karnow said. "The law allows you to go in without permission and abate, or stop, the nuisance. You can even sue the malefactor for the expense of the abatement."</p><p></p><p>Nuisance laws allow the state and private individuals to file lawsuits aimed at ending activities deemed harmful to a community. They have been used to close buildings that house drug dealers and to shut down businesses, such as quarries that create excessive dust in a neighborhood.</p><p></p><p>Karnow pointed to "self help" provisions that allow citizens to take action to mitigate an obvious nuisance as a way of dealing with intruders and so-called zombie servers. Under the law, the victim of an attack could conceivably shut down the offending program on the attacking server -- even if the server belonged to someone else, he said.</p><p></p><p>Karnow's solution could give hope to system administrators whose networks are under attack and who have found that petitioning law enforcement agencies is both slow and frequently ineffective.</p><p></p><p>Administrators on the North American Network Operators Group (NANOG) have for weeks discussed what to do about an estimated 20,000 servers still infected by the Slammer worm that continues to send an enormous amount of traffic though the Net. A similar number of computers are believed to be infected by the Code Red and Nimda worms and pose a threat to servers that haven't properly been patched.</p><p></p><p>However, Karnow warned that counterattacks would have to be used judiciously and only to a limited extent.</p><p></p><p>"The real problem is collateral damage," he said. "Suppose you screw up -- you hit the wrong machine (or) you shut down an entire computer rather than just a process. What happens if you are sued, not by a bad guy, but by an intermediary who was affected by your counterstrike?"</p><p></p><p>Such issues should continue to deter anyone considering hacking back, he said.</p><p></p><p>There are only a few known cases of defensive hacking. After the Code Red worm struck, a security expert created a tool that deleted the Code Red program and restarted the infected server.</p><p></p><p>The FBI pulled evidence from a Russian server without authorisation after they successfully arrested two suspected Russian computer hackers in a sting operation.</p><p></p><p>"It is a completely untested argument, but I think it is really worth exploring, because it has the notion of self help and allows aggressive action to abate the attack," he said. However, he warned anyone from trying to be "Version 1.0" in testing the law.</p><p></p><p>"The judge who just learned how to use his cell phone is the person who is deciding on these technology issues," he said. "And this is beyond the bleeding edge of the law."</p><p></p><p></p><p>ZDNet</p></blockquote><p></p>
[QUOTE="net1, post: 16994"] A legal expert is arguing that those under attack from 'zombie servers' and other Internet nuisances may be able to legally strike back - as long as they are careful Striking back at computers that are attacking a company or home network could be legal under US federal nuisance laws, a technology-law expert said on Thursday. Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal, stressed during a speech at the Black Hat Security Briefings conference in Seattle that no court case has yet established precedent regarding the use of a limited counterstrike to stop Internet attackers, but that nuisance statutes appear to apply. "It has a lot of promise... if we can get the court to look at it," Karnow said. "The law allows you to go in without permission and abate, or stop, the nuisance. You can even sue the malefactor for the expense of the abatement." Nuisance laws allow the state and private individuals to file lawsuits aimed at ending activities deemed harmful to a community. They have been used to close buildings that house drug dealers and to shut down businesses, such as quarries that create excessive dust in a neighborhood. Karnow pointed to "self help" provisions that allow citizens to take action to mitigate an obvious nuisance as a way of dealing with intruders and so-called zombie servers. Under the law, the victim of an attack could conceivably shut down the offending program on the attacking server -- even if the server belonged to someone else, he said. Karnow's solution could give hope to system administrators whose networks are under attack and who have found that petitioning law enforcement agencies is both slow and frequently ineffective. Administrators on the North American Network Operators Group (NANOG) have for weeks discussed what to do about an estimated 20,000 servers still infected by the Slammer worm that continues to send an enormous amount of traffic though the Net. A similar number of computers are believed to be infected by the Code Red and Nimda worms and pose a threat to servers that haven't properly been patched. However, Karnow warned that counterattacks would have to be used judiciously and only to a limited extent. "The real problem is collateral damage," he said. "Suppose you screw up -- you hit the wrong machine (or) you shut down an entire computer rather than just a process. What happens if you are sued, not by a bad guy, but by an intermediary who was affected by your counterstrike?" Such issues should continue to deter anyone considering hacking back, he said. There are only a few known cases of defensive hacking. After the Code Red worm struck, a security expert created a tool that deleted the Code Red program and restarted the infected server. The FBI pulled evidence from a Russian server without authorisation after they successfully arrested two suspected Russian computer hackers in a sting operation. "It is a completely untested argument, but I think it is really worth exploring, because it has the notion of self help and allows aggressive action to abate the attack," he said. However, he warned anyone from trying to be "Version 1.0" in testing the law. "The judge who just learned how to use his cell phone is the person who is deciding on these technology issues," he said. "And this is beyond the bleeding edge of the law." ZDNet [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Is vigilante hacking legal?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top