[Gllug] Code Red Strikeback
Alex Hudson
home at alexhudson.com
Sat Aug 11 13:00:18 UTC 2001
On Sat, Aug 11, 2001 at 01:21:20PM +0200, Stig Brautaset wrote:
> There was a big argument on the debian-user-list about this; many people
> argued that even just popping a message to the user saying that his/hers
> machine was infected would be illegal -- but then again, I guess the
> majority of the people on that list is from the US...
Doing anything to another's machine is illegal - comes under such terms as
theft of service, etc. So even Tom's script to shutdown IIS is illegal.
There have also been arguments that the act of CodeRed trying to gain access
could be construed as illegal; but not on the part of the sysadmin - intent
cannot be proven (three ingredients needed: you intend to gain access, you
are not authorised to have access, you know you're not authorised - Computer
Misuse Act).
It's also important to note that this is a criminal act, and hence carries a
potential jail term. However, the other obvious factor is damages - shutting
down someone else's IIS is unlikely to incur major damages (one would hope
an ecommerce site is less likely to be infected), although formatting their
hard drive might incur substantial damages. Hence, shutting someone else's
server down is not going to land you in court, whereas destruction of data /
removal of CCs / etc. probably will if they trace you.
Case law would also look favourable on those prosecuting - recently, the
only way people have gotton off hacking someone else's web server is a
defence of authorisation status unknown (i.e., doing things to a public
service to which you are implicitly authorised). However, given the access
mechanism (a virus) it would be fairly easy to prove beyond reasonable doubt
that the sysadmin hadn't authorised that particular access mechanism, and
hence all access via the backdoor would be unauthorised. Intent would also
be easy to show, so it would come down to whether or not you had done enough
damage to provoke someone to take you to court.
Cheers,
Alex.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list