Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use a Honeypot, Go to Prison?

Posted by CmdrTaco on from the sticky-situations dept.

scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""

22 of 298 comments (clear)

  1. Err... by .com+b4+.storm · · Score: 5, Insightful

    If it's YOUR system, then how are you "intercepting" anything? If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not? This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

    --
    "Wow, you're like some kind of superhero able to ward off happiness and success at every turn."
    -- Ryan Stiles
    1. Re:Err... by fjordboy · · Score: 3, Insightful

      He won't win though. He can sue all he wants..the results won't be in his favor.

      I can *sue* you for making this post if I have the money and a lawyer...I might be the laughingstock of the courtroom, but I have the right to sue you.

      --
      The anti-salmon
    2. Re:Err... by antis0c · · Score: 4, Insightful

      Lets not forget the man who successfully sued a car owner for driving over his hand as he was trying to steal his hub caps.

      I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.

      Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.

      --

      ..There's a-dooin's a-transpirin'
  2. loopholes by Anonymous Coward · · Score: 3, Insightful

    What does it say about a society that allows a person *caught in the act* of committing a crime to sue because he wasn't caught "legally"?

    I mean, I know there's always the opportunity for abuse, etc., but... come on! I mean, a lawbreaker sues because something bad happened *while breaking the law*.

    That's just sad. And not sad as in: 'that criminal is an idiot'... sad as in: 'that justice system needs some work'.

    1. Re:loopholes by FroMan · · Score: 2, Insightful

      Hmmm, I almost agree with you here. Problem is, then we have the government rooting around your home looking for a crime without evidence. We do need protection from the government.

      However, when a crime is occuring on personal property I do not think that the same rules that apply to law enforcement should apply to the property owner.

      Consider: In some states both parties must be aware that they are being recorded on the telephone. However, say some weirdo calls me in middle of the night and makes a death threat. Should I have to tell him, hold on, I have to tell you I am recording before you attempt to threaten my life? No, that is absurd.

      One note on the honey pot idea though. If someone is using a honey pot as a jump off point to launch an attack from, the honey pot might be considered aiding a criminal in the act of commmiting a crime. Since the honey pot is intentionally put out there with security holes to act as a catch spot.

      Just an idea. Sort of like vigilante justice, let the law enforment enforce the law.

      --
      Norris/Palin 2012
      Fact: We deserve leaders who can kick your ass and field dress your carcass.
    2. Re:loopholes by WaxParadigm · · Score: 2, Insightful

      Problem is that without rules about "proper" ways of obtaining evidence you'd revert back to a society where police just let themselves into your home, w/o probable cause, etc. I don't want the police to smash and grab - let's leave that for the criminals.

  3. It's all about selective enforcement. by Anonymous Coward · · Score: 1, Insightful

    If the FBI wants to nail you for cybercrime, there are a lot of other far more ambiguous statutes to nail somebody under. The real question is: Have you attracted the ire of the FBI?

    Consider the $5,000 damage threshold. The FBI won't even prosecute you unless there is an upstanding member of the community (usually corporate) who will attest that you have damaged them to the tune of $5,000 or more. Who would claim that a honeypot did them 5 grand in damages? That is the real question.

    Keep in mind that nmap creator Fyodor managed to hack some jerk of a Slashdot user and brag about it on his website without getting prosecuted. This is because he knew the rule of selective enforcement.

  4. It looks to me... by zutroy · · Score: 4, Insightful

    ...like the article is actually saying that you could be sued if a hacker used your honeypot machine to hack into another machine that's not on your network. The argument is that you set up a machine to be hacked, and it got hacked, and was then used to hack others...kind of like saying that you've become an accomplice in hacking. So the lesson is to secure your honeypot machine, so it can't be used for evil.

  5. Re:oh no! by I8TheWorm · · Score: 5, Insightful

    Does this mean I'll have to turn off my server logging, since it could quite possibly "monitor" an intruder?

    --
    Saying Android is a family of phones is akin to saying Linux is a family of PCs.
  6. hmmm by Tumbleweed · · Score: 2, Insightful

    Is there any way to mark an entire Slashdot story as a Troll? This is ridiculous.

    ( Go ahead, mod me down - I can take the hit. )

  7. Honey pots by Nonillion · · Score: 4, Insightful

    This just goes to show just how low spamers are willing to sink. I have been hosting my own mail server for several years now because it's the ONLY way for me to combat unwanted e-mail. If some worthless spamer is going to wine about a honey pot or my server rejecting his/her e-mail I say TOUGH FUCKING SHIT! It's MY machine, MY bandwidth, MY rules... period. If I want viagra, penis/breast enlargements, debt consolidation, loans re-financed or hot asian chicks I'll seek you out myself..

    >SELECT * FROM spamers WHERE clue > 0
    >0 rows returned

    --
    "I bow to no man" - Riddick
  8. A Modest Proposal by dolbywan_kenobi · · Score: 5, Insightful

    Perhaps this is a wake-up call for us computer users here in the USA. Who really speaks for computer users here? What we need IMO is an NRA equivalent to represent the interests of computer users, of people who are interested in fair-use issues, reasonable intellectual property laws and accountability of elected representatives. Interest groups like the NRA and AARP have shown that Congress-people do listen when people organize.

  9. Bullshit double fucking standards! by phillymjs · · Score: 3, Insightful

    According to the law, I, as an authorized user of a computer that belongs to my employer, have no legal right to privacy concerning files I store on that computer, or e-mail sent from/received by that computer-- the employer, as owner, can monitor it at will.

    And now, the law says that I, the owner of a computer system, have no right to monitor or intercept the comings and goings of an UNauthorized user on said system? In fact, I can be sued for doing so?

    How is this not a ridiculous double standard? Not counting any "I understand my computer system is subject to monitoring" policy form you may sign at work. Doesn't UNAUTHORIZED computer access trump any kind of claim to privacy that the unauthorized user may make?

    Furthermore, would you be covered by putting a disclaimer somewhere on that system? I would imagine that something like "ALL users of this system are subject to monitoring. By continuing to access this system you signal your willingness to be monitored. If you do not agree, disconnect now." would do the trick.

    ~Philly

  10. Please calm down... by zutroy · · Score: 3, Insightful

    Now is NOT the time to write your congresspeople! The article was saying that this COULD be considered illegal under a ridiculous interpretation of existing law. Not exactly something to get angry about.

    Playing Chicken Little in these forums somehow means that you rack up incredible karma.

    If everyone lived this cautiously, we'd never leave our houses for fear of getting sued.

  11. Re:Prove it. by flyneye · · Score: 3, Insightful

    As far as Malone goes,the homeowner shouldn't have fired without aquiring a target,nor should he
    have used a .22.
    Never use anything less than a .45 (a hollowpoint .40 would've definitly bled the bastard to his just reward.)Never shoot to wound.
    an injured animal is more dangerous than before.(hope i dont need to explain that one)Using a .45 is probably best because its a slower heavier round and will give you time to position the culprit before he bleeds in the wrong place or position and mucks up your story.Lastly,kill the fucker so he doesn't continue to come back,hit your neighbors or kill someone in the commission of another crime.f**k em and those who would defend em as well.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  12. Re:Heh. by intermodal · · Score: 1, Insightful

    thats what the slash was there for, fucknut. http SLASH gaming. that way people can visit web pages and/or game. The real users, i.e. people who know how to run servers (with all that entails, including all the services of the other network) would be on the network with full services. You, I suspect would be on the HTTP/(thats a slash)gaming network judging from your ability to comprehend simple concepts.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  13. Is Gator Advertising illegal then?? by Anonymous Coward · · Score: 1, Insightful

    Wouldn't Gator's software be intercepting messages for a conversation (between you and the website you are visiting), that it is not a part of?

    I would think any ISP tracking/monitoring, web-tracking monitoring by a third-party (not you, and not the internet site) would be illegal by FCC regulations?

    I'm not a lawyer, obviously, so what do the rest of you, more educated folks think?

  14. This is silly... by anubis · · Score: 4, Insightful

    This is just silly. An illegal wiretap is intercepting a communication between two computer/people/objects without either 1.) the permission of one party, 2.) a court order. If you are a party to the communication (i.e. the honeypot) you are intercepting communications to and from your own machine. Seems like there are bigger things to be worried about.

  15. Can't do it in Oz either... by Goonie · · Score: 1, Insightful
    In Australia, the mere presence of an intruder in your house or on your property is not sufficient grounds to blaze away.

    The more out-there states of the US have rules on self-defence that are a lot more unrestrictive than just about anywhere else in the Western world.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  16. Re:Back under the bridge, by intermodal · · Score: 2, Insightful

    fuck yourself.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  17. Sorry to say it but... by whereiswaldo · · Score: 2, Insightful

    Welcome to the USA, where common sense is absolutely irrelevant. Got a sensational case? There's a lawyer and a judge out there somewhere who'll see to it that you win.
    Disgusting.

  18. Re:Moral issue by The+Cisco+Kid · · Score: 2, Insightful

    Properly setup honeypots do not allow themselves to be used to break into other live systems.