"The price of liberty is eternal Vigilantism"
profrv at nex.net.au
Sat Apr 24 09:47:35 PDT 1999
LAS VEGAS--Can vigilantism save computers from the next big virus threat?
Striking back against a computer that is attacking you may be illegal under
U.S. law, but a security researcher says people should be allowed to
neutralize one that is unwittingly spreading destructive Internet worms
such as Nimda.
"Arguably the biggest threat the Internet faces today is the propagation of
a big worm," said Timothy Mullen, chief information officer of AnchorIS, at
the Defcon hacker conference here.
Worms are a form of self-propagating virus that, once set in motion, can
wreak havoc by taking control of other machines. Once the virus has claimed
a PC, it can then use the machine to launch attacks on the wider Internet.
"The next worm is going to happen, and it's going to be worse," Mullen said.
The defensive strategy of "strike back" is gaining some support among
politicians, who will be voting on a bill backed by movie and music studios
that would allow retaliation to help thwart Internet piracy.
The bill, proposed by Congressman Howard Berman, D-Calif., would protect
copyright holders from liability if they place destructive decoy digital
files into peer-to-peer networks to penalize users.
Mullen said his hack-back idea is different because it is designed to
improve the security of cyberspace and would not harm any computer systems.
The Code Red and Nimda worms that hit last year shut down corporate
computer systems and gobbled up bandwidth. Nimda was the most widespread
and one of the most destructive worms of 2001.
To counter this, Mullen has come up with a way for machines that have been
attacked--but not infected--to trace the worm back to the attacking machine
and prevent it from spreading the worm to other computers.
Using his technique, the computer that launches an attack is paralyzed and
requires an administrator to restart it, but it stays online and is not
otherwise harmed, said Mullen, who is a columnist for SecurityFocus.com.
"What we're doing, (according) to the letter of the law, is illegal," he
said. "I would like to see the law changed...We've illustrated not just a
reasonable recourse, but a minimal responsibility."
Contacting the administrators of infected and attacking computers is not
adequate, Mullen said. "This after-the-fact stuff clearly doesn't work. I'm
still getting Nimda attacks," often from the same person, he said.
However, several U.S. officials questioned the ethics of the idea.
"You have trespassed on their system," said Mark Eckenwiler, senior counsel
at the U.S. Justice Department's computer crime division. "There are more
legally acceptable ways to deal with the problem than what is essentially
hacking into their system."
There also is also the possibility of hacking back at the wrong computer,
said C.H. "Chuck" Chassot of the Department of Defense's Command, Control,
Communications & Intelligence office.
"It is the DoD's policy not to take active measures against anybody because
of the lack of certainty of getting the right person," Chassot said.
Jennifer Stisa Grannick, litigation director at the Center for Internet and
Society at Stanford Law School, said she felt Mullen's idea may be
protected under a self-defense provision.
"This is a type of defense of property," she said. "There is a lot of
sympathy for that (kind of action) from law enforcement and vendors because
we do have such a big problem with viruses."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 3943 bytes
Desc: not available
More information about the cypherpunks-legacy