Re: Botnets, IRC servers and firewalls?

[Paul Robertson <proberts () patriot net>]

On Thu, 5 Feb 2004, Gadi Evron wrote:

> > Not in this country, and nor should you- morally the theif and the
> > murderer are the ones at fault.  I can use your *pen* to kill someone
> > quite easily- does this mean that you're now required to have a "pen
> > safe?"  I can use the category 5 cable connecting your computer to the
> > jack in the wall to strangle someone- does that now have to be locked up?
> > Any legal system flawed enough to produce liability in such cases on a
> > regular basis is doomed to more abuse than the original damage.
>
> Most computer crimes are not "hacking", they are about computers being
> used to perpetrate/help commit a crime, such as fraud.

In fraud cases in my experience (and those of the folks I generally work
with) it's either the victim's computer (company) or the perp's computer
(fraud against home users.)  Very rarely is it a disintrested 3rd party's
computer, unless it's the perp's employer- which isn't a random 3rd party.
[I keep up to date on this area pretty agressively.]

> Economic damages caused by computer crimes, worms, etc. are sky-rocketing.

Worms and Trojans are where the end user issues tend to intersect with the
crime issues.

> The difference between if a person stole your gun to kill someone, or
> your .. cable.. is that a gun is a weapon.

That makes it "essentially no difference."  In the US, other than
situaitons where a juvenile has access to the weapon and the state has a
specific law about that (common on the East Coast) there's no criminal
liability.  If I have children in my house, then I'm obligated to have
trigger locks on my firearms, otherwise I'm not.  I'm never obligated to
have a trigger lock on a Bosch cordless drill, which can also do damage-
but that's only because of specific "feel good" legislation (if you think
someone with access to the property can't find the key...)  None the less,
outside of places where that specific legislation is in place, it won't
end in a successful legal action.  If my firearms are in my house, and
somone breaks in, I'm not liable if they use them to do something bad,
nor should I be.

> If someone stole your gun and committed a crime you may not be tried for
> murder, but you will be for negligence.

You *may* be civilly sued for negligence, but you're not likely to be
tried for criminal negligence and the civil suit is likely doomed to fail.

> DDoS is a weapon, used for blackmail, economic harm, etc.

But the computer isn't normally used to DDoS, so it's more like a drill
than a gun (if you take the opinion that guns have some inherrent property
that makes them "bad"- which also means you're not following the
statistics of how many guns save how many lives each year compared to
deaths- again with US-centric stats.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards