List, Assuming you can positively identify the origin of a successful crack (and that's a big assumption considering drones, spoofing, etc.) what does the community of sysadmins think about vigilante justice? Should we just counter-strike if there is no legal recourse? As a young sysadmin, I am looking for a moral principle. Responding in a legal manner is what distinguishes us from the cracker, right? Still, I get very angry just thinking about the possibility of a successful attack on one of my systems. Any thoughts? Apologies if this seems off topic - but I am studying many of the popular attacks and as a result I am in the difficult position of knowing how to use them (as well as defend against them). Matt Hubbard
Hi, On Thursday 24 January 2002 14:30, Matt Hubbard wrote:
List,
Assuming you can positively identify the origin of a successful crack (and that's a big assumption considering drones, spoofing, etc.) what does the community of sysadmins think about vigilante justice?
Bad Thing.
Should we just counter-strike if there is no legal recourse?
No. That's a criminal offence. There's not even a grey area here, it's either black or white.
As a young sysadmin, I am looking for a moral principle. Responding in a legal manner is what distinguishes us from the cracker, right?
Though it may sound boring, yes.
Still, I get very angry just thinking about the possibility of a successful attack on one of my systems. Any thoughts?
If you have waterproof evidence (i.e. you did not tamper with it during your investigations), contact law enforcement authorities. Otherwise, get over it.
Apologies if this seems off topic - but I am studying many of the popular attacks and as a result I am in the difficult position of knowing how to use them (as well as defend against them).
Good for you, as long as you obey (and don't place your own home-brewn "moral principles" above) the law. The Wild West is history, at least in modern western civilizations (<digress> or one should think so ... mumblemumble ... Guantanamo ... Woomera ....</digress>).
Matt Hubbard
Regards, Martin Leweling -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de
[Martin Leweling]
If you have waterproof evidence, contact law enforcement authorities.
Not that simple, at least where I live. You have to prove damages as well, and it is easier when you are a bank or a big industry. Small sites have little chance, and personal sites almost none. In any case, the small investigation team is so overwhelmed that you might have a hard time just getting their attention. And then, unless the attacker is an adult (which is usually not the case), youth protection comes into play, and the most you will get is that they will confiscate the pee-cee for a little while, as a vain attempt to frighten the kid, or probably less than his parents. -- François Pinard http://www.iro.umontreal.ca/~pinard
Matt, On 24-Jan-02 Matt Hubbard wrote:
List,
Assuming you can positively identify the origin of a successful crack (and that's a big assumption considering drones, spoofing, etc.) what does the community of sysadmins think about vigilante justice? Should we just counter-strike if there is no legal recourse? As a young sysadmin, I am looking for a moral principle. Responding in a legal manner is what distinguishes us from the cracker, right? Still, I get very angry just thinking about the possibility of a successful attack on one of my systems. Any thoughts? Apologies if this seems off topic - but I am studying many of the popular attacks and as a result I am in the difficult position of knowing how to use them (as well as defend against them).
this has been discussed before, and it all boiled down to the conclusion that
active retaliation is not a very clever idea.
For an admin, it's first and foremost a question of legality vs. illegality. If
you whack a box or boxes of attackers, you basically descend to the same level
as your opponent. This makes you sueable like the next 3l33t hAxx0r d00d, which
may be a problem if you're the admin of a commercial organisation/company.
Chances are good that you may disrupt your organisation's integrity, thus
damaging your public standing, which is always a reason to get burned. What's
more, you may be accused for the very same evil deeds than the guy you
counterstriked against, and may loose your credibility, and finally your job.
But this is a theoretical discussion only, since cases are rare where crackers
can be fully identified. Going the legal way against crackers may be a
dreadful, time consuming process, and often leads to nothing, except for loss
of money and time.
The hardest thing I had to learn was not to rate attacks against networks
administered by me as attacks against myself. It's hard to keep cool, but it's
essential, since rage and aggression only lead to actions which you may regret
later on.
Tightly securing your system, building up and keeping a good relationship
between you and your upstream providers, and a constantly revised security
plan is pretty much all you can do to prevent loss of data/fraud/cracks. It's
also a good idea to talk with your legal department/company lawyer about this
topic, in order to setup legal strategies.
You may want to take a look at the book "Computer Crime - A Crimefighter's
Handbook" (O'Reilly, ISBN 1-56592-086-4, about $25), which covers many topics
discussed here, like security policies and plans, prosecuting computer crime,
types of attacks, legal backgrounds, etc.
Boris Lorenz
Matt Hubbard
participants (4)
-
Boris Lorenz -
Martin Leweling -
Matt Hubbard -
pinard@iro.umontreal.ca