Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use a Honeypot, Go to Prison?

Posted by CmdrTaco on from the sticky-situations dept.

scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""

10 of 298 comments (clear)

  1. FUD in summary by Kaz+Riprock · · Score: 4, Informative


    RTFA. The use of a honeypot won't get you in trouble. The prosecution of someone hacking your honeypot won't get you in trouble. The prosecution of someone hacking your fileserver based solely on the honeypot's logs has the *potential* to get you in trouble.

    --
    Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
  2. a translation by Anonymous Coward · · Score: 2, Informative

    Sorry, he was too fast, hence the finnish language. What he ment to say is that he has a 30 years of experience in similar cases and none of them have led to any actual results, so it's just a waste of time talkin' about this issue, he thinks.

  3. Local issues involved by jd · · Score: 3, Informative
    Some States explicitly authorize wiretapping, where the other party is NOT informed. South Carolina is one such State.


    Now, normally Federal law usurps State law, so this wouldn't matter. However, in a case where it is dubious as to whether the Federal law applies, it's perfectly possible that it could be ruled that State law takes precedence in this case.


    The second thing to consider is that you can't profit by someone's crime. Thus, it would be illegal for a cracker to attack a honeypot for the purpose of making money via the Federal law. The cracker would then be placed in the position of needing to prove that their attack was for unprofitably malicious purposes.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Re:USA? How about other countries? by Anonymous Coward · · Score: 1, Informative

    Probably not. Know that a US city had a law that enforced criminals to warn the local police that they were imigrating to the city before commiting any crimes.

  5. Re:Heh. by frankie · · Score: 4, Informative
    fear of getting sued or suing someone else. McDonalds coffee anyone?

    Obligatory Coffee Lawsuit Facts link. I wish people would stop bringing up this example incorrectly.

  6. Re:Prove it. by Fishstick · · Score: 5, Informative

    You might be thinking of this...

    Second Story Burglar Sues Homeowner

    Danbury, CT - An admitted second story burglar is suing a homeowner. Michael Malone attempted to enter a three-story residence by climbing a tree to gain admittance through an open third floor window. Unfortunately for Malone, the tree limb broke and the 275 pound burglar crashed to the ground. When the homeowner heard the commotion, he went outside to investigate. In the dark, he spied a figure moving toward the rear of his five acre lot and fired one round from a .22 caliber revolver. When the homeowner attempted to locate the intruder, Malone hid in the brush then collapsed from a bullet wound to his buttocks. Malone's lawsuit alleges that he almost bled to death due to the homeowner's negligence in not notifying the police in a timely manner. The homeowner did not notify the police until one hour after the attempted break-in. Two hours after the incident, the police found Malone in a pool of blood.

    I thought I had seen a story more along the lines you suggest, but I think I'm remembering the scene from Liar Liar. I googled for a bit and didn't find any "real" stories (snopes didn't have anything either).

    I did find this -- Check this out:

    New Twists on Occupiers Liability

    Can a Burglar Sue a Homeowner for Injuries Sustained During a Break-in?
    Anyone who trespasses on land to commit a criminal act is deemed to have willingly accepted all risks of injury while on the land. For example, if a burglar slips and falls down a dimly lit staircase while breaking and entering into your home, there is no liability imposed on the homeowner.
    Even a criminal trespasser, however, has some rights. A homeowner will be liable for creating "a danger with intent to do harm" or for acting "with reckless disregard for the safety" of a trespasser. If you have seen the movie "Home Alone" then I am sure that you can think of several examples which would fall into this category. A trip wire attached to the trigger of a shotgun clearly creates danger intended to harm the trespasser. In British Columbia, the Occupiers Liability Act tries to differentiate between accidental injuries to trespassers and deliberate attempts to cause harm or injury to trespassers. Generally speaking, there will be no liability for the accidental injury to a trespasser but there will be liability for the deliberately caused injury.

    I think it's an urban legend. I don't think you can be sued unless you do something like set up a booby-trap or shoot him or something.

    --

    There is much cruelty in the universe, John.
    Yeah, we seem to have the tour map.

  7. Re:A Modest Proposal by Boiling_point_ · · Score: 2, Informative

    What, you mean like these guys? Interest/lobby groups existing aren't enough. They also need to be able to raise heaps of money so they can redirect those funds over to elected representatives at appropriate moments of their choosing. Perhaps if all that .com money didn't get spent as quickly as it did...

    --
    "If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
  8. Sigh... nothing to see here by darf · · Score: 4, Informative

    Ok, so I can sound like the last 50 people that said this: I am not a lawyer. Fine, done.

    Here is how I have been trained in regards to wire tap (I am a security analyst):

    The wiretap act is broad and prohibits intentional interception (use, etc) of someone else's electronic communications. This Act (see 18 U.S.C. p2511(1)) has a bunch of exceptions two of which are relevant to this discussion:

    1. The provider exception may apply if the communications were intercepted during active monitoring for the purposes of system defense,

    2. The consent of party exception may apply if you have banners declaring that you monitor all traffic.

    From what I have been instructed, I only need to really take care with #1 which is what I'm exactly doing when I fire up a honey pot. (#2 is a part of company policy so it is not optional.)

    If I deploy a honey pot for the purpose of monitoring and protecting my network, then I should be able to claim exemption from the Wiretap Act via #1 above. Of course the honeypot damn well better be deployed for the purposes of defense and not something I just threw on the corporate network without authorization.

    That's the theory anyway; as far as I know, this has not been tested in the courts yet.

  9. Another question: Is spam a "communication"? by minas-beede · · Score: 3, Informative

    A question important to those who run open relay honeypots and open proxy honeypots (proxypots.)

    These are 100% accurate aginst spam - filters and blacklists are not. Will they be outlawed?

    Check out the bubblegum proxypot. It's a neat way to hurt spammers:

    http://world.std.com/~pacman/proxypot.html

    Don't forget the relay spam honeypot (Jackpot):

    http://jackpot.uk.net

  10. See Wiretap Act, 18 U.S.C Sec. 2511 by bourne · · Score: 4, Informative

    First of all, Richard Salgado has got to tell people to be very careful. He's a prosecutor for the government. He's got to say things that err on the side of safety, and of never condoning possible violations of the law. (He's a nice guy, and a good speaker. He's just very obviously in one corner, and has the party line to hew to).

    Secondly, read 18 U.S.C. Section 2511. That lays out the _exceptions_ to the Wiretap Act, which includes the Provider exception, which boils down to: if you own the machine, and have appropriate banners, and the wiretap is done "while engaged in any activity which is a necessary incident to the rendition of [the rightful adminstrator's] service or to the protection of the rights or property of the provider of that service...". The reason the gov't is goosey about honeypots is, if it is a property laid out to be broken into, then is the wiretapping justfied? If you're doing it as part of the defense of your network, consensus tends to be yes. If you're doing it for shits and giggles, there tends to be less consensus. The gov't needs to be able to prosecute anyone, so without court cases telling them otherwise they're leaning to the stricter interpretation.

    Thirdly, if you're interested, read the posted practical assignments for the SANS GCFA (Forensics) course/certification. The original assignment (the only one posted currently) has three parts, the third of which is Describe in detail your authority as a system administrator with regards to this statute. Keep in mind that none of those people are lawyers, but most of them sat through a course including Richard Salgado talking on this issue, and all of them worked their butt off to write the paper and pass the course. More work than goes into, say, a /. post 8).