Honeypots mailing list archives
Re: what to do with a script kiddie
From: Dave Dittrich <dittrich () u washington edu>
Date: Sun, 5 Jun 2005 16:18:33 -0700 (PDT)
(I'm going to weigh in on this quickly, while the discussion is still fresh.)
Lance Spitzner wrote:On Jun 4, 2005, at 11:05, Stejerean, Cosmin wrote:You should join his IRC channels and try to have a conversation with the guy, see where it goes.
First off, in my opinion, no, you shouldn't!
<snip>- Ethical: The second issue is one of ethics. The Honeynet Research Alliance is in the process of reviewing and better documenting these issues in their charter, which you can find online now at http://www.honeynet.org/alliance/charter.txt. The suggestion above would most likely violate current ethical guidelines.Hmmm. It's by no means obvious to me why it might be considered "unethical" to engage a wrong-doer in discourse, or to join an IRC channel that he had set up. There's no intrinsic harm to anyone in doing either.
You can't say there is no harm in engaging in coversation with someone who obviously doesn't care about breaking the law through computer intrusion. They may try to retaliate against you, in any of a number of ways (DDoS comes to mind, for some strange reason... ;) They may chose to destroy evidence on all systems they control by deleting everything, causing significantly more damage than they otherwise would consider if they didn't know they had been discovered. There are many reasons why it is a Bad Idea to engage with an attacker, to try to take over their systems, disable them, etc. This is a complex area of ethics and the law that is not well understood by the general public, and can cause great harm if not done by people who are well versed in the risks and perceived benefits. The default should be "don't do anything that lets the attacker know about the fact you have discovered their actions," and "don't do anything that affects (alters, disables, etc.) other computers you do not own."
Perhaps "ethics" is the wrong term; aren't we really talking about how to snoop on snoopers without putting onself in peril of legal action?
Snooping on snoopers *itself* puts one in peril of legal action.
From a truly ethical POV, it seems to me that passive observation of potentially criminal acts is more unethical than intervention.
This is a matter of both laws and ethics. Those are not exclusive (regardless of lawyer jokes to the contrary. ;) "Passive observation" for no purpose other than watching someone commit crimes can be a violation of electronic communication privacy laws (i.e., "wiretapping"). Laws like the Wiretap Act (in the U.S. - its not clear to me what jurisdictions apply here) have exceptions for things like protection, fraud investigation, and for law enforcement purposes with warrants and court orders, but otherwise make a private citizen just monitoring for the fun of it a crime. There was a case in Washington State (which has one of the most restictive communication privacy laws in the country) where evidence of drug dealing obtained by a neighbor overhearing a conversation on a cordless phone was excluded by the court because the interception by the neighbor was deemed illegal. In the case of the cell phone interception of Newt Gingrich discussing questionable political issues, I believe the House Rep who *received* the tape (coincidentally also from Washington State) was being investigated for violations of the Wiretap Act. -- Dave Dittrich Information Assurance Researcher, dittrich () u washington edu The iSchool http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE97 0C57 0843 F3EB 49A1 0CD0 8E0C D0BE C838 CCB5
Current thread:
- what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Sebastian Garcia (Jun 06)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Damian Menscher (Jun 04)
- <Possible follow-ups>
- RE: what to do with a script kiddie Stejerean, Cosmin (Jun 04)
- Re: what to do with a script kiddie ilaiy (Jun 04)
- Re: what to do with a script kiddie Lance Spitzner (Jun 04)
- Re: what to do with a script kiddie MrDemeanour (Jun 05)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie MrDemeanour (Jun 06)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie Andre Ludwig (Jun 06)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 06)
- Re: what to do with a script kiddie Valdis . Kletnieks (Jun 06)
- RE: what to do with a script kiddie Hamish Stanaway (Jun 07)