[ISN] Is vigilante hacking legal?

From: InfoSec News (isnat_private)
Date: Thu Feb 27 2003 - 22:53:09 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "WiFi Security", Stewart S. Miller"

    By Robert Lemos 
    Staff Writer, CNET News.com
    February 27, 2003
    SEATTLE -- Striking back at computers that are attacking a company or
    home network could be legal under federal nuisance laws, a
    technology-law expert said Thursday.
    Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal, 
    stressed during a speech at the Black Hat Security Briefings 
    conference here that no court case has yet established precedent 
    regarding the use of a limited counterstrike to stop Internet 
    attackers, but that nuisance statutes appear to apply.
    "It has a lot of promise...if we can get the court to look at it," 
    Karnow said. "The law allows you to go in without permission and 
    abate, or stop, the nuisance. You can even sue the malefactor for the 
    expense of the abatement." 
    Nuisance laws allow the state and private individuals to file lawsuits 
    aimed at ending activities deemed harmful to a community. They have 
    been used to close buildings that house drug dealers and to shut down 
    businesses, such as quarries that create excessive dust in a 
    Karnow pointed to "self help" provisions that allow citizens to take 
    action to mitigate an obvious nuisance as a way of dealing with 
    intruders and so-called zombie servers. Under the law, the victim of 
    an attack could conceivably shut down the offending program on the 
    attacking server--even if the server belonged to someone else, he 
    Karnow's solution could give hope to system administrators whose 
    networks are under attack and who have found that petitioning law 
    enforcement agencies is both slow and frequently ineffective. 
    Administrators on the North American Network Operators Group (NANOG) 
    have for weeks discussed what to do about an estimated 20,000 servers 
    still infected by the Slammer worm that continues to send an enormous 
    amount of traffic though the Net. A similar number of computers are 
    believed to be infected by the Code Red and Nimda worms and pose a 
    threat to servers that haven't properly been patched.
    However, Karnow warned that counterattacks would have to be used 
    judiciously and only to a limited extent. 
    "The real problem is collateral damage," he said. "Suppose you screw 
    up--you hit the wrong machine (or) you shut down an entire computer 
    rather than just a process. What happens if you are sued, not by a bad 
    guy, but by an intermediary who was affected by your counterstrike?" 
    Such issues should continue to deter anyone considering hacking back, 
    he said. 
    There are only a few known cases of defensive hacking. After the Code 
    Red worm struck, a security expert created a tool that deleted the 
    Code Red program and restarted the infected server.
    The FBI pulled evidence from a Russian server without authorization 
    after they successfully arrested two suspected Russian computer 
    hackers in a sting operation. 
    "It is a completely untested argument, but I think it is really worth 
    exploring, because it has the notion of self help and allows 
    aggressive action to abate the attack," he said. However, he warned 
    anyone from trying to be "Version 1.0" in testing the law. 
    "The judge who just learned how to use his cell phone is the person 
    who is deciding on these technology issues," he said. "And this is 
    beyond the bleeding edge of the law."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 01:09:41 PST