Re: Rate Stratfor's Incident Response

[Benjamin Kreuter <ben.kreuter () gmail com>]

On Thu, 12 Jan 2012 16:06:53 -0500
Valdis.Kletnieks () vt edu wrote:

> On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said:
>
> > Really, calling it "breaking in" is a stretch.  You connected a
> > computer to a publicly accessible computer network, where anyone can
> > send anything to your computer.  If hacking such a system is
> > "breaking in," you might as well claim that shouting across your
> > neighbor's yard is "breaking in."
>
> Bad analogy.  Closer would be if you have a house that's got a
> driveway on a public street, and you claim it's not breaking and
> entering if you walk up the driveway, try the doorknob, find it
> unlocked, and let yourself in without the permission of the
> residents.  Saying that "anybody could walk up and let themselves in
> the door" doesn't make it legal.

Would you say that we should arrest the person who walks into the
house, takes a picture of themselves standing next to an expensive
television and leaves the picture next to a note that says "your door
was unlocked?"

Really though, it is still a terrible analogy.  You can disconnect a
computer from the Internet; you cannot disconnect a building from a
street.  A hacker in a foreign country might be attacking your computer
system from that country, and could be outside the jurisdiction of any
relevant law enforcement agency; a person who breaks into a building is
committing a crime in whatever jurisdiction the building is in.

Analogies are nice and they help non-technical folks understand what
is going on, but let's not get carried away with them. Someone who
attacks a computer system over the Internet (or any other network) is
sending unwanted/malicious messages.  This is not the same as physically
breaking into a building, locker, or computer. It may be illegal, but
it is still very different from other crimes.  If anything, the closest
type of criminal would be a con man, which seems fitting given how many
of today's attacks have an element of social engineering.

-- Ben


-- 
Benjamin R Kreuter
UVA Computer Science
brk7bx () virginia edu

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell

Attachment: signature.asc
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/