CRIME Hack-Back another perspective

From: Zot O'Connor (zot@private)
Date: Thu Jul 10 2003 - 14:25:01 PDT

  • Next message: Steve Nichols: "CRIME Thought you guys might like this."

    Thought a subject change was in line....
    There is a different concept that people are not mentioning as much
    (Crispin touched on it), and that is crime prevention.
    If I see someone about to murder somebody I have a right, and some might
    say an obligation to attempt to prevent it.  Some people would say "Call
    911," others "Shoot them."   In the middle would be "Do something to
    prevent harm to the 'victim.'"
    The "Shoot Them" argument gives rise to an interesting issue.  If a box
    is being actively used to attack me, or other systems, do I have the
    right or duty to prevent that box from attacking me or others?  This
    does not ask "Is the box rooted, or otherwise under control of an
    unauthorized user."  If a car is careening down a hill, and I can push
    it off the cliff before it hits the crowd of photogenic pitiable
    children ,my rights and obligations do not ask is the car stolen,
    runaway, drunk-driven, or sleep-driven.  I have the right (obligation)
    to protect the children.
    So if a box is actively attacking me, or others, I can
       Email the owner of the box.
       Call 911
       Call a tech savvy Law Agency
       Track down can call the Owner of the box.
       Track down can call the ISP.
       Block me from the attacking box (firewall)
       Attempt to shut down the offending activity.
       Log onto the box and disable the offending activity.
       Log onto the box and disable the box.
       Attempt to block the box from getting out by attacking the network.
       DoS the network at some point.
       Fly to the location of the box and pull the plug.
       Shoot the owner of the box.
    I see these in a progressing order of intrusiveness and effectiveness
    (last item notwithstanding). 
    Obviously if the box is in the Ukraine most of the early steps are
    useless, but if the box is in a responsive company, then the early ones
    might work (they have for me). 
    So this is a case dependent list.
    If the hostile activity is putting you out of business, and no bodily
    harm is done to the owner of the box, then one might make a clean
    self-defence argument: 
            The box was initiating hostile behavior that negatively impacted
            my business.  My response negatively impacted theirs in the same
            way (Network, not precise attack method).
    Now, to loop back to the RIAA comments, you can make an argument that
    RIAA and it clients are losing money, and a criminal activity is going
    on.  Since the first steps are ineffective, partially due to numbers,
    and the time factor, they could make an preventive argument.  Now I
    doubt they would fly or shoot, but I could see them attempting to
    disable the file sharing, removing the "stolen" material, or blocking
    access to the server....
    I know what you are thinking, OH MY GOD Zot is advocating RIAA backed
    Yes, in a way I am.  The 'net used to be self policing and it was pretty
    damn effective.  SPAMmers were shut down and hounded.  Bad networks were
    isolated.  People had accounts terminated with no chance of getting
    another one.  Behavior was modified.
    While some of these things are not possible any more, or desirable,
    self-policing is much more effective than relying on laws and law
    We all make the police's job easier:  We buy cars with door locks, and
    use them (and test them).  We lock our houses.  We buy alarm systems. 
    We call the police when we suspicious or criminal behavior.  Many of us
    go to lengths for crime prevention, some detection, and some of us
    interdiction, and a fewer, criminal apprehension/identification (i.e. we
    chase that bastard driver down and give him the finger).
    So if we saw someone breaking into a neighbors house, we would likely
    use similar steps listed above, depending on current factors:  Is anyone
    in physical danger, are they stealing small stupid things, do I really
    *like* this neighbor, if I run over there, will they shoot at me, or
    run, does this neighbor have any of my stuff still, does this neighbor
    have any cool stuff I want, etc.
    So, yes, I can perceive times when hack back is not only allowable, not
    only favorable, but even expected as an obligation.
    Zot O'Connor

    This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 14:44:51 PDT