Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Nov 2002
Posts: 1,146
Likes: 1
Ice Offline OP
UGN News Staff
OP Offline
UGN News Staff
Joined: Nov 2002
Posts: 1,146
Likes: 1
I posted this on the news section on UGN and thought it was really intresting so i am gonna post it in the news forum

What u guys think about the story ?
======================
Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, a Justice Department attorney warned Wednesday.

"There are some legal issues here, and they are not necessarily trivial, and they're not necessarily easy," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, speaking at the RSA Conference here Wednesday.

An increasingly popular technique for detecting would-be intruders, a honeypot is a type of hacker flypaper: a system that sits on an organization's network for no other purpose than to be hacked, in theory diverting attackers away from genuinely valuable targets and putting them in an closely monitored environment where every keystroke can be analyzed.

But that monitoring is what federal criminal law calls "interception of communications," said Salgado, a felony that carries up to five years in prison. Fortunately for honeypot operators, there are exemptions to the Federal Wiretap Act that could be applied to some honeypot configurations, but they still leave many hacker traps in a legal danger zone.

One exemption permits interception of a communication if one of the parties consents to it the monitoring. To that end, Salgado suggested that honeypots display a banner message warning that use of the computer is monitored. "You can banner your honeypot... and you've got the argument that they saw the banner, continued using the system, and consented to monitoring," he said. But most hackers don't penetrate a system through the front door -- telneting in or surfing to a web page -- and if they never see the banner, they haven't consented to monitoring. "It's not the silver bullet."

The consent exemption might apply without a banner if a court determines that the honeypot itself is one of the "parties" to the communication, Salgado said. But that goes out the window -- or at least becomes more legally complicated -- the moment the hacker uses the honeypot to connect to another machine, or sets up a chat system on the box. Now the honeypot operator is intercepting communications between two or more parties. "Those kinds of situation become problematic."

Another relevant exemption passed in the USA-PATRIOT Act in October 2001, but only applies to cases where the government steps in to do the spying. The so-called "computer trespasser exemption" allows the government to intercept the communications of a computer intruder at the invitation of the victim. "Everyone coming into that honeypot is a trespasser... So this exception may work very nicely with honeypots when the government is coming in to do the monitoring," said Salgado. "But it has to be relevant to an ongoing investigation."

Can a Hacker Sue You?
That leaves a third "provider exemption" as the most promising for honeypot fans. This allows the operator of a system to eavesdrop for the purpose of protecting their property or services from attack. But even that exemption probably wouldn't apply to a system that's designed to be hacked, Salgado said. "The very purpose of your honeypot is to be attacked... so it's a little odd to say we're doing our monitoring of this computer to prevent it from being attacked."

Instead, Salgado favors configurations where a hacker is invisibly rerouted to a honeypot after beginning an attack on a production machine. "The closer the honeypot is to the production server, the less likely that it's going to have some of the legal issues that we're talking about," he said, because the monitoring becomes part of the normal process of protecting the production machine.

Despite the legal issues, Salgado praised honeypots as a valuable tool. But he cautioned attendees to consult with their company's legal department before deploying them. In addition to the danger of criminal liability, and myriad state laws that may be more restrictive than the federal statutes, Salgado warned that honeypot operators might get sued if they become an unwitting conduit to an attack on another victim.

And because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row.

That's not as incredible as it sounds, the lawyer said, in an interview after the presentation. "It would take chutzpah," said Salgado. "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won."

In contrast, he said he's not aware of anyone being prosecuted for hacking a honeypot, which, after all, is meant to be hacked. "What I can tell you is that under the federal hacking laws, an attempt to hack can constitute a felony... The fact that it turned out to be a honeypot may not change the legality, but I haven't seen a court case yet."


Good artists copy, great artists
steal.

-Picasso
Joined: Oct 2002
Posts: 955
UGN Super Poster
Offline
UGN Super Poster
Joined: Oct 2002
Posts: 955
I would tend to think you can argue that the honeypot is a detection. Sure it is setup to be hacked, but its more buying time too. If someone penetrates your system it provides protection in the fact it is often attacked/penetrated before your actual system is. Granted, you can sue for anything today, but with how the judicial system seems to hate hackers, I don't see much luck.


Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5