List, Assuming you can positively identify the origin of a successful crack (and that's a big assumption considering drones, spoofing, etc.) what does the community of sysadmins think about vigilante justice? Should we just counter-strike if there is no legal recourse? As a young sysadmin, I am looking for a moral principle. Responding in a legal manner is what distinguishes us from the cracker, right? Still, I get very angry just thinking about the possibility of a successful attack on one of my systems. Any thoughts? Apologies if this seems off topic - but I am studying many of the popular attacks and as a result I am in the difficult position of knowing how to use them (as well as defend against them). Matt Hubbard
Hi, On Thursday 24 January 2002 14:30, Matt Hubbard wrote:
Bad Thing.
Should we just counter-strike if there is no legal recourse?
No. That's a criminal offence. There's not even a grey area here, it's either black or white.
Though it may sound boring, yes.
If you have waterproof evidence (i.e. you did not tamper with it during your investigations), contact law enforcement authorities. Otherwise, get over it.
Good for you, as long as you obey (and don't place your own home-brewn "moral principles" above) the law. The Wild West is history, at least in modern western civilizations (<digress> or one should think so ... mumblemumble ... Guantanamo ... Woomera ....</digress>).
Matt Hubbard
Regards, Martin Leweling -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
[Martin Leweling]
If you have waterproof evidence, contact law enforcement authorities.
Not that simple, at least where I live. You have to prove damages as well, and it is easier when you are a bank or a big industry. Small sites have little chance, and personal sites almost none. In any case, the small investigation team is so overwhelmed that you might have a hard time just getting their attention. And then, unless the attacker is an adult (which is usually not the case), youth protection comes into play, and the most you will get is that they will confiscate the pee-cee for a little while, as a vain attempt to frighten the kid, or probably less than his parents. -- François Pinard http://www.iro.umontreal.ca/~pinard
Matt, On 24-Jan-02 Matt Hubbard wrote:
this has been discussed before, and it all boiled down to the conclusion that active retaliation is not a very clever idea. For an admin, it's first and foremost a question of legality vs. illegality. If you whack a box or boxes of attackers, you basically descend to the same level as your opponent. This makes you sueable like the next 3l33t hAxx0r d00d, which may be a problem if you're the admin of a commercial organisation/company. Chances are good that you may disrupt your organisation's integrity, thus damaging your public standing, which is always a reason to get burned. What's more, you may be accused for the very same evil deeds than the guy you counterstriked against, and may loose your credibility, and finally your job. But this is a theoretical discussion only, since cases are rare where crackers can be fully identified. Going the legal way against crackers may be a dreadful, time consuming process, and often leads to nothing, except for loss of money and time. The hardest thing I had to learn was not to rate attacks against networks administered by me as attacks against myself. It's hard to keep cool, but it's essential, since rage and aggression only lead to actions which you may regret later on. Tightly securing your system, building up and keeping a good relationship between you and your upstream providers, and a constantly revised security plan is pretty much all you can do to prevent loss of data/fraud/cracks. It's also a good idea to talk with your legal department/company lawyer about this topic, in order to setup legal strategies. You may want to take a look at the book "Computer Crime - A Crimefighter's Handbook" (O'Reilly, ISBN 1-56592-086-4, about $25), which covers many topics discussed here, like security policies and plans, prosecuting computer crime, types of attacks, legal backgrounds, etc. Boris Lorenz <bolo@lupa.de> ---
Matt Hubbard
Hi, On Thursday 24 January 2002 14:30, Matt Hubbard wrote:
Bad Thing.
Should we just counter-strike if there is no legal recourse?
No. That's a criminal offence. There's not even a grey area here, it's either black or white.
Though it may sound boring, yes.
If you have waterproof evidence (i.e. you did not tamper with it during your investigations), contact law enforcement authorities. Otherwise, get over it.
Good for you, as long as you obey (and don't place your own home-brewn "moral principles" above) the law. The Wild West is history, at least in modern western civilizations (<digress> or one should think so ... mumblemumble ... Guantanamo ... Woomera ....</digress>).
Matt Hubbard
Regards, Martin Leweling -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
[Martin Leweling]
If you have waterproof evidence, contact law enforcement authorities.
Not that simple, at least where I live. You have to prove damages as well, and it is easier when you are a bank or a big industry. Small sites have little chance, and personal sites almost none. In any case, the small investigation team is so overwhelmed that you might have a hard time just getting their attention. And then, unless the attacker is an adult (which is usually not the case), youth protection comes into play, and the most you will get is that they will confiscate the pee-cee for a little while, as a vain attempt to frighten the kid, or probably less than his parents. -- François Pinard http://www.iro.umontreal.ca/~pinard
Matt, On 24-Jan-02 Matt Hubbard wrote:
this has been discussed before, and it all boiled down to the conclusion that active retaliation is not a very clever idea. For an admin, it's first and foremost a question of legality vs. illegality. If you whack a box or boxes of attackers, you basically descend to the same level as your opponent. This makes you sueable like the next 3l33t hAxx0r d00d, which may be a problem if you're the admin of a commercial organisation/company. Chances are good that you may disrupt your organisation's integrity, thus damaging your public standing, which is always a reason to get burned. What's more, you may be accused for the very same evil deeds than the guy you counterstriked against, and may loose your credibility, and finally your job. But this is a theoretical discussion only, since cases are rare where crackers can be fully identified. Going the legal way against crackers may be a dreadful, time consuming process, and often leads to nothing, except for loss of money and time. The hardest thing I had to learn was not to rate attacks against networks administered by me as attacks against myself. It's hard to keep cool, but it's essential, since rage and aggression only lead to actions which you may regret later on. Tightly securing your system, building up and keeping a good relationship between you and your upstream providers, and a constantly revised security plan is pretty much all you can do to prevent loss of data/fraud/cracks. It's also a good idea to talk with your legal department/company lawyer about this topic, in order to setup legal strategies. You may want to take a look at the book "Computer Crime - A Crimefighter's Handbook" (O'Reilly, ISBN 1-56592-086-4, about $25), which covers many topics discussed here, like security policies and plans, prosecuting computer crime, types of attacks, legal backgrounds, etc. Boris Lorenz <bolo@lupa.de> ---
Matt Hubbard
participants (4)
-
Boris Lorenz -
Martin Leweling -
Matt Hubbard -
pinard@iro.umontreal.ca