Blogs....

DoreneFC at aol.com DoreneFC at aol.com
Sun Mar 2 04:43:02 PST 2003


Hacker hacking could be legal

By Robert Lemos

CNET News.com

February 28, 2003, 4:34 AM PT

SEATTLE--Striking back at computers that are attacking a

company or home network could be legal under federal nuisance

laws, a technology-law expert said Thursday.

Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal,

stressed during a speech at the Black Hat Security Briefings conference

here that no court case has yet established precedent regarding the use of

a limited counterstrike to stop Internet attackers, but that nuisance statutes

appear to apply.

"It has a lot of promise...if we can get the court to look at it," Karnow said.

"The law allows you to go in without permission and abate, or stop, the

nuisance. You can even sue the malefactor for the expense of the

abatement."

Nuisance laws allow

the state and private

individuals to file

lawsuits aimed at

ending activities

deemed harmful to a

community. They have

been used to close

buildings that house

drug dealers and to

shut down businesses,

such as quarries that

create excessive dust

in a neighborhood.

Karnow pointed to "self help" provisions that allow citizens to take action to

mitigate an obvious nuisance as a way of dealing with intruders and

so-called zombie servers. Under the law, the victim of an attack could

conceivably shut down the offending program on the attacking

server--even if the server belonged to someone else, he said.

Karnow's solution could give hope to system administrators whose

networks are under attack and who have found that petitioning law

enforcement agencies is both slow and frequently ineffective.

Administrators on the North American Network Operators Group

(NANOG) have for weeks discussed what to do about an estimated 20,000

servers still infected by the Slammer worm that continues to send an

enormous amount of traffic though the Net. A similar number of computers

are believed to be infected by the Code Red and Nimda worms and pose a

threat to servers that haven't properly been patched.

However, Karnow warned that counterattacks would have to be used

judiciously and only to a limited extent.

"The real problem is collateral damage," he said. "Suppose you screw

up--you hit the wrong machine (or) you shut down an entire computer

rather than just a process. What happens if you are sued, not by a bad guy,

but by an intermediary who was affected by your counterstrike?"

Such issues should continue to deter anyone considering hacking back, he

said.

There are only a few known cases of defensive hacking. After the Code

Red worm struck, a security expert created a tool that deleted the Code

Red program and restarted the infected server.

The FBI pulled evidence from a Russian server without authorization after

they successfully arrested two suspected Russian computer hackers in a

sting operation.

"It is a completely untested argument, but I think it is really worth exploring,

because it has the notion of self help and allows aggressive action to abate

the attack," he said. However, he warned anyone from trying to be "Version

1.0" in testing the law.

"The judge who just learned how to use his cell phone is the person who is

deciding on these technology issues," he said. "And this is beyond the

bleeding edge of the law."



More information about the lbo-talk mailing list