Honeypots mailing list archives
Re: what to do with a script kiddie
From: Dave Dittrich <dittrich () u washington edu>
Date: Mon, 6 Jun 2005 11:56:48 -0700 (PDT)
On Mon, 6 Jun 2005, MrDemeanour wrote:
Dave Dittrich wrote:You can't say there is no harm in engaging in coversation with someone who obviously doesn't care about breaking the law through computer intrusion. They may try to retaliate against you, in any of a number of ways (DDoS comes to mind, for some strange reason... ;)I appreciate that; but that is a matter of self-protection, not of ethics.
You are correct, and the main reason I brought it up was to point out to people that there are risks associated with contacting someone who broke into your systems, and that the safe default is "don't contact them."
There are many reasons why it is a Bad Idea to engage with an attacker, to try to take over their systems, disable them, etc. This is a complex area of ethics and the law that is not well understood by the general public, and can cause great harm if not done by people who are well versed in the risks and perceived benefits.But we were discussing the legitimacy or otherwise of just joining an IRC channel. Do I understand that US wiretap legislation could render joining an IRC channel unlawful?
No, the Wiretap Act doesn't render joining a channel illegal. That said, just because joining a channel is not illegal, it doesn't follow that the act of learning the channel and password is also not illegal, nor does (as someone else pointed out) the unlikelihood of the attacker bringing civil charges for violation of their electronic communication privacy make it not illegal to monitor IRC.
Perhaps "ethics" is the wrong term; aren't we really talking about how to snoop on snoopers without putting onself in peril of legal action?Snooping on snoopers *itself* puts one in peril of legal action.I don't live in the USA; here in the UK, the only laws about wiretapping apply to tapping phone lines - not to snooping around on the internet. There are laws against hacking here, but they are couched in terms that refer to unauthorised access to computers; using an IRC server doesn't seem to be an example of hacking.
This brings up an interesting point. I haven't looked at the UK laws on wiretapping (since they don't apply to me ;) but I'll assume you are correct. An interesting bit of research that could be done would be for people to study the electronic communication privacy laws in their jurisdictions and we all produce a report on the state of electronic communication privacy laws world-wide. But the letter of the law is not the final word. It is how a particular case is presented in court, and how the court rules on the specifics. There are many cases where laws are behind the curve of technology. In Washington State (where I live) the communication privacy laws were also written for telephone lines, and talk about "telecommuniction providers." They say nothing about the Internet, 802.11, etc. In talking with a county prosecutor, however, I learned that the real issue is, "would a prosecutor argue to a court that sniffing wireless traffic in a cafe violated the communication privacy statute?" and more importantly, "would the court accept that argument?" The answers were, "quite likely", depending on the situation. Legislatures have been known to write harsh laws to stem what they perceive to be widespread problems or abuse, and prosecutors and courts have been known to decide harshly in a case to set a precedent and/or make an example for others when there is no existing case law (which is the situation in many countries that *do* have electronic communication privacy laws.) I want to try to avoid having a honeynet researcher end up in court and lose the argument above, which may set back honeynet research significantly. What I'm cautioning here is for everyone to think through what you are considering doing and be able to justify it as if you were called to the stand to testify in your own behalf, and to be reasonably certain you will not bring more harm than good from your actions (to yourself, to other victims, and to the general public.) Ethics, in this sense, is about showing you are doing things because you truly believe, by way of reasoning and evidence (not just "because I think so") that the actions you take obtain a higher moral good for society, even if you may possibly infringe on someone's rights, may be breaking a law, etc. -- Dave Dittrich Information Assurance Researcher, dittrich () u washington edu The iSchool http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE97 0C57 0843 F3EB 49A1 0CD0 8E0C D0BE C838 CCB5
Current thread:
- Re: what to do with a script kiddie, (continued)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Sebastian Garcia (Jun 06)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Damian Menscher (Jun 04)
- RE: what to do with a script kiddie Stejerean, Cosmin (Jun 04)
- Re: what to do with a script kiddie ilaiy (Jun 04)
- Re: what to do with a script kiddie Lance Spitzner (Jun 04)
- Re: what to do with a script kiddie MrDemeanour (Jun 05)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie MrDemeanour (Jun 06)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie Andre Ludwig (Jun 06)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 06)
- Re: what to do with a script kiddie Valdis . Kletnieks (Jun 06)
- RE: what to do with a script kiddie Hamish Stanaway (Jun 07)