, 2002-07-29
Is it criminal to reach out and hack an infected machine that's attacking your network?
Expand all |
Post comment
The Right to Defend
2002-07-29
Anonymous (10 replies)
Anonymous (10 replies)
The Right to Defend
2002-07-29
Anonymous (1 replies)
Anonymous (1 replies)
The Right to Defend
2002-07-29
Matthew Waddell (3 replies)
Matthew Waddell (3 replies)
What about the the rights of the entertainment industry?
2002-07-31
Brian Erdelyi (1 replies)
Brian Erdelyi (1 replies)
1) Outside cyberspace the "Right to Defend" is constrained to very specific situations. In general you can only use it while in danger of imminent physical harm. To use deadly force your life has to be in jeopardy. Under those limited constraints I adamantly support it (and all you NRA bashers can go take a flying leap).
It doesn't give you the right to shoot some-one because they ran over your mailbox with thier car. It also doesn't
give you the right to go over to thier driveway and disconnect thier distributor cap.
2) While your proposal sounds perfectly reasonable in theory, in practice it's a nightmare waiting to happen.
Firstly, how do you KNOW you are "hacking-back" the right person? Spoofing does happen. In the real world, there is a presumption of innocence for a person until they are proven
to have done wrong. It sounds to me like you want to be judge, jury and executioner... which is the big problem with vigilantism, far too often innocent people often get hurt.
Now I personaly believe that Tim has the skills to determine who is actualy trying to hack him and who is not.
However, it won't be too long till some well intentioned proffesional starts writing "hack-back" kits... and then every yahoo who so much as gets pinged is going to be firing off packets at anything that moves. I think you can see the problems inherent with that.
Secondly, how do I really know that you are "hacking back" as opposed to just hacking? You might just be using "hack-back" as an excuse. Do I start "hacking back" your "hacking back" because I believe it is just plain old hacking? You get the point.
Thirdly this is a very slipperly slope, that I'm particulary uncomfortable seeing people start troding out onto. What activity actualy justifies a "hack-back" and who gets to define it? Is it accessing a part of your web application that is supposed to be private but isn't because you forgot to set the right permissions for it?
Is it sending you an unsolicited e-mail? What about having what I believe is pirated/copyrighted material on your hard drive? (a very scary law was just put before congress on that one). Really, how far away is that from hacking some-one because you object to the content on thier website? or because they are using up more then thier "fair share" of the Internet Backbone.
It's true that there are not alot of viable alternitives out there right now. However that doesn't mean that vigilantism is the only option. Personaly I'd like to see the major ISP's lobbied to put together some sort of cooperative council which could accept abuse reports, investigate them and start temporarly blacklisting IP's that were guilty of abuse. Once an admins system can no longer reach the internet he'll take notice.
The key is that it would be done by a "Governing Body", one that (in theory at least) had no personal bias, the skills to accurately investigate complaints, accountabilty for thier actions and procedures in place to lodge and redress greivences.
Otherwise you are leaving it upto private individuals and who knows what thier motivations and qualifications really are.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/98/15944#15944