Firewall Wizards mailing list archives

Re: Response to door knocking

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 8 Feb 1999 12:08:53 -0500 (EST)

Mr. John McDermott proclaimed:

--- On Wed, 3 Feb 1999 21:00:02 +0100  Damir Rajnovic 
<Damir.Rajnovic () eurocert net> wrote:

At 3:35 +0100 3/2/99, Robert Graham wrote:

other sites. Thus, if I don't take "reasonable" measures against
hackers, I can be sued. Consider a scenario where an unknown hacker
broke into my site, then used it as a stepping stone to attack VICTIM.
Now, the hacker remains unknown and the VICTIM is suing me. Gosh,
wound't it have been nice to have gathered additional information that
my forensics team and the police could have used to track down the
hacker?


If someone was using your machine without your knowledge you should
be innocent.


This is far from my understanding of current US law.  If you are the 
"intermediate victim" of a relay attack, it is my understanding that you 
may be both civilly and criminally liable in the US.

Can someone cite the relevent statute here?  I don't have it handy.


Not a lawyer, don't know statutes, but I think the relevant two words
in what you said are "may be" ... liable.  In the case where the person
left the site on the Internet with cracking tools and the root password
plainly posted, I suspect a higher degree of negligence could be found
than a person who practiced reasonable measures to secure it.  However,
US law is currently never clear on any point - it is all very case-
dependent, as well as dependent on whom you can get to represent you in
court.

I suspect that the state would have to get creative about criminal law:
the laws just aren't up to current technology.  [Laws about stealing
cows and cars may not apply to relayed breakins and possible alteration
of data.]  Civil lawsuits are where liability may be found.

As I said, I'm not a lawyer.  But anyone who replied to your
"understanding" with an absolute yes or no probably isn't, either.  ;-)

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.

Current thread:

Re: Response to door knocking, (continued)
- Re: Response to door knocking Paul D. Robertson (Feb 01)
  - Re: Response to door knocking Amos Hayes (Feb 03)
    - Re: Response to door knocking Chris Cappuccio (Feb 04)
    - Re: Response to door knocking Paul D. Robertson (Feb 04)
- Re: Response to door knocking Damir Rajnovic (Feb 02)
- Re: Response to door knocking Robert Graham (Feb 03)
  - Re: Response to door knocking Damir Rajnovic (Feb 04)
  - Re: Response to door knocking Paul D. Robertson (Feb 04)
- RE: Response to door knocking Webb, Andy (Feb 04)
- Re: Response to door knocking John McDermott (Feb 06)
  - Re: Response to door knocking Joseph S D Yao (Feb 08)
- Re: Response to door knocking JohnLNick (Feb 08)