Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use a Honeypot, Go to Prison?

Posted by CmdrTaco on from the sticky-situations dept.

scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""

12 of 298 comments (clear)

  1. Err... by .com+b4+.storm · · Score: 5, Insightful

    If it's YOUR system, then how are you "intercepting" anything? If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not? This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

    --
    "Wow, you're like some kind of superhero able to ward off happiness and success at every turn."
    -- Ryan Stiles
    1. Re:Err... by fjordboy · · Score: 3, Insightful

      He won't win though. He can sue all he wants..the results won't be in his favor.

      I can *sue* you for making this post if I have the money and a lawyer...I might be the laughingstock of the courtroom, but I have the right to sue you.

      --
      The anti-salmon
    2. Re:Err... by antis0c · · Score: 4, Insightful

      Lets not forget the man who successfully sued a car owner for driving over his hand as he was trying to steal his hub caps.

      I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.

      Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.

      --

      ..There's a-dooin's a-transpirin'
  2. loopholes by Anonymous Coward · · Score: 3, Insightful

    What does it say about a society that allows a person *caught in the act* of committing a crime to sue because he wasn't caught "legally"?

    I mean, I know there's always the opportunity for abuse, etc., but... come on! I mean, a lawbreaker sues because something bad happened *while breaking the law*.

    That's just sad. And not sad as in: 'that criminal is an idiot'... sad as in: 'that justice system needs some work'.

  3. It looks to me... by zutroy · · Score: 4, Insightful

    ...like the article is actually saying that you could be sued if a hacker used your honeypot machine to hack into another machine that's not on your network. The argument is that you set up a machine to be hacked, and it got hacked, and was then used to hack others...kind of like saying that you've become an accomplice in hacking. So the lesson is to secure your honeypot machine, so it can't be used for evil.

  4. Re:oh no! by I8TheWorm · · Score: 5, Insightful

    Does this mean I'll have to turn off my server logging, since it could quite possibly "monitor" an intruder?

    --
    Saying Android is a family of phones is akin to saying Linux is a family of PCs.
  5. Honey pots by Nonillion · · Score: 4, Insightful

    This just goes to show just how low spamers are willing to sink. I have been hosting my own mail server for several years now because it's the ONLY way for me to combat unwanted e-mail. If some worthless spamer is going to wine about a honey pot or my server rejecting his/her e-mail I say TOUGH FUCKING SHIT! It's MY machine, MY bandwidth, MY rules... period. If I want viagra, penis/breast enlargements, debt consolidation, loans re-financed or hot asian chicks I'll seek you out myself..

    >SELECT * FROM spamers WHERE clue > 0
    >0 rows returned

    --
    "I bow to no man" - Riddick
  6. A Modest Proposal by dolbywan_kenobi · · Score: 5, Insightful

    Perhaps this is a wake-up call for us computer users here in the USA. Who really speaks for computer users here? What we need IMO is an NRA equivalent to represent the interests of computer users, of people who are interested in fair-use issues, reasonable intellectual property laws and accountability of elected representatives. Interest groups like the NRA and AARP have shown that Congress-people do listen when people organize.

  7. Bullshit double fucking standards! by phillymjs · · Score: 3, Insightful

    According to the law, I, as an authorized user of a computer that belongs to my employer, have no legal right to privacy concerning files I store on that computer, or e-mail sent from/received by that computer-- the employer, as owner, can monitor it at will.

    And now, the law says that I, the owner of a computer system, have no right to monitor or intercept the comings and goings of an UNauthorized user on said system? In fact, I can be sued for doing so?

    How is this not a ridiculous double standard? Not counting any "I understand my computer system is subject to monitoring" policy form you may sign at work. Doesn't UNAUTHORIZED computer access trump any kind of claim to privacy that the unauthorized user may make?

    Furthermore, would you be covered by putting a disclaimer somewhere on that system? I would imagine that something like "ALL users of this system are subject to monitoring. By continuing to access this system you signal your willingness to be monitored. If you do not agree, disconnect now." would do the trick.

    ~Philly

  8. Please calm down... by zutroy · · Score: 3, Insightful

    Now is NOT the time to write your congresspeople! The article was saying that this COULD be considered illegal under a ridiculous interpretation of existing law. Not exactly something to get angry about.

    Playing Chicken Little in these forums somehow means that you rack up incredible karma.

    If everyone lived this cautiously, we'd never leave our houses for fear of getting sued.

  9. Re:Prove it. by flyneye · · Score: 3, Insightful

    As far as Malone goes,the homeowner shouldn't have fired without aquiring a target,nor should he
    have used a .22.
    Never use anything less than a .45 (a hollowpoint .40 would've definitly bled the bastard to his just reward.)Never shoot to wound.
    an injured animal is more dangerous than before.(hope i dont need to explain that one)Using a .45 is probably best because its a slower heavier round and will give you time to position the culprit before he bleeds in the wrong place or position and mucks up your story.Lastly,kill the fucker so he doesn't continue to come back,hit your neighbors or kill someone in the commission of another crime.f**k em and those who would defend em as well.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  10. This is silly... by anubis · · Score: 4, Insightful

    This is just silly. An illegal wiretap is intercepting a communication between two computer/people/objects without either 1.) the permission of one party, 2.) a court order. If you are a party to the communication (i.e. the honeypot) you are intercepting communications to and from your own machine. Seems like there are bigger things to be worried about.