Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use a Honeypot, Go to Prison?

Posted by CmdrTaco on from the sticky-situations dept.

scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""

13 of 298 comments (clear)

  1. oh no! by fjordboy · · Score: 5, Funny

    I always knew that something bad would come of Pooh and his addiction...

    Who knew that honeypots would lead to jail? I bet even Owl and Rabbit didn't know that!

    --
    The anti-salmon
    1. Re:oh no! by I8TheWorm · · Score: 5, Insightful

      Does this mean I'll have to turn off my server logging, since it could quite possibly "monitor" an intruder?

      --
      Saying Android is a family of phones is akin to saying Linux is a family of PCs.
    2. Re:oh no! by Just+Some+Guy · · Score: 5, Funny

      I am screwed. So screwed. My main server is kanga.honeypot.net, and my workstation is pooh. My wife's iMac is piglet, and my FreeBSD firewall is gopher. Save me a soft bunk in prison.

      --
      Dewey, what part of this looks like authorities should be involved?
  2. Err... by .com+b4+.storm · · Score: 5, Insightful

    If it's YOUR system, then how are you "intercepting" anything? If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not? This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

    --
    "Wow, you're like some kind of superhero able to ward off happiness and success at every turn."
    -- Ryan Stiles
    1. Re:Err... by outsider007 · · Score: 5, Funny

      next we'll see handicapped burglars suing homeowners for not providing wheelchair access to their valuables.

      --
      If you mod me down the terrorists will have won
  3. Heh. by k03+kalle · · Score: 5, Funny

    The computers you own are not actually yours. They are owned by the United States govt. Everyone go download their new distributed CPU project called "Count The Votes". Oh, wait, they installed it for me. Thank you govt. :D On a serious note though. Its getting to be that regular Americans can't do anything without fear of getting sued or suing someone else. McDonalds coffee anyone?

  4. Exploit by DJ+Rubbie · · Score: 5, Funny

    I can see this might happen:

    1) Find Open Windoze SMB share (or any open, insecure systems)
    2) "Hack" into it
    3) Try to get caught (log files, whatever)
    4) Claim that was a honeypot
    5) Sue for profit

    It does seem this easy.

    --
    Please direct all bug reports to /dev/null
  5. Just changed my MOTD by deadfishhotmail.com · · Score: 5, Funny
    We trust you have received the usual lecture from the local System Administrator. It usually boils down to these four things: #1) Respect the privacy of others. #2) Think before you type. #3) Everything is being recorded #4) You've just rooted my server, before continuing your hacking please read the complete TOS in /usr/share/tos. If you do not agree to the TOS you must stop hacking my server immediately. root#
    That outta do it!
    --


    Who is this "Poster" guy and why does he own all of my comments?!?
  6. Something doesn't add up here by Hamstaus · · Score: 5, Funny

    Wait a minute!

    No anti-MS sentiment... posted by Taco... not a dupe...

    This story is a honeypot! Whatever you do, don't post any comments! It's a trick! It's a tri^&T3ATZ
    NO CARRIER

    --
    I moderate "-1, Fool"
  7. A Modest Proposal by dolbywan_kenobi · · Score: 5, Insightful

    Perhaps this is a wake-up call for us computer users here in the USA. Who really speaks for computer users here? What we need IMO is an NRA equivalent to represent the interests of computer users, of people who are interested in fair-use issues, reasonable intellectual property laws and accountability of elected representatives. Interest groups like the NRA and AARP have shown that Congress-people do listen when people organize.

  8. Re:Prove it. by Fishstick · · Score: 5, Informative

    You might be thinking of this...

    Second Story Burglar Sues Homeowner

    Danbury, CT - An admitted second story burglar is suing a homeowner. Michael Malone attempted to enter a three-story residence by climbing a tree to gain admittance through an open third floor window. Unfortunately for Malone, the tree limb broke and the 275 pound burglar crashed to the ground. When the homeowner heard the commotion, he went outside to investigate. In the dark, he spied a figure moving toward the rear of his five acre lot and fired one round from a .22 caliber revolver. When the homeowner attempted to locate the intruder, Malone hid in the brush then collapsed from a bullet wound to his buttocks. Malone's lawsuit alleges that he almost bled to death due to the homeowner's negligence in not notifying the police in a timely manner. The homeowner did not notify the police until one hour after the attempted break-in. Two hours after the incident, the police found Malone in a pool of blood.

    I thought I had seen a story more along the lines you suggest, but I think I'm remembering the scene from Liar Liar. I googled for a bit and didn't find any "real" stories (snopes didn't have anything either).

    I did find this -- Check this out:

    New Twists on Occupiers Liability

    Can a Burglar Sue a Homeowner for Injuries Sustained During a Break-in?
    Anyone who trespasses on land to commit a criminal act is deemed to have willingly accepted all risks of injury while on the land. For example, if a burglar slips and falls down a dimly lit staircase while breaking and entering into your home, there is no liability imposed on the homeowner.
    Even a criminal trespasser, however, has some rights. A homeowner will be liable for creating "a danger with intent to do harm" or for acting "with reckless disregard for the safety" of a trespasser. If you have seen the movie "Home Alone" then I am sure that you can think of several examples which would fall into this category. A trip wire attached to the trigger of a shotgun clearly creates danger intended to harm the trespasser. In British Columbia, the Occupiers Liability Act tries to differentiate between accidental injuries to trespassers and deliberate attempts to cause harm or injury to trespassers. Generally speaking, there will be no liability for the accidental injury to a trespasser but there will be liability for the deliberately caused injury.

    I think it's an urban legend. I don't think you can be sued unless you do something like set up a booby-trap or shoot him or something.

    --

    There is much cruelty in the universe, John.
    Yeah, we seem to have the tour map.

  9. Anybody notice? by cmburns69 · · Score: 5, Funny

    Anybody notice how "Honey pots" backwards is "Stop yenoh!". A quick google of the word reveals it to have to do with food, so "honey pots" is code for "Stop food!". This madness must be ended!

    An online Starcraft RPG? Free, only at
    In soviet russia, all your us are belong to base!
    Karma: Redundant!

    --
    Online Starcraft RPG? At
    Dietary fiber is like asynchronous IO-- Non-blocking!
  10. Bogus Article by Poulson by radulovich · · Score: 5, Interesting

    Poulsen is showing an incredible lack of thought in writing this article.

    First, if a person runs a honeypot on their network, a network they control, or a device that they control, then it is not interception of communications. It is _logging_ responses and action taking place _within_ that device, not _intercepting_ communications. There have to be three parties to intercept - the sender, the receiver, and the interceptor.

    Second, even if it were interception of communications (which it is not), then not only would all of the system logs in Unix/Windows be illegal, but so would every web server log in the US. Even worse, that caller ID display that you have would also be illegal - it intercepts information to display on your phone.

    Finally, if monitoring a honeypot is illegal, then monitoring a hacked server would be as well. So, if your machine were infected by a virus that talked to an IRC channel, the you would be guilty of an illegal interception of communication.

    If anyone ever loses a lawsuit because of this, appeal, and also sue your own lawyer for incompetence!!!

    Read the source email (http://www.securityfocus.com/archive/119/293431/2 002-09-23/2002-09-29/0), and remember that even though Salgado (author of the email) is a legal professional, that half of all lawyers still lose in court (by definition). (in other words, get another opinion - or maybe two or three.

    Salgado does not have a good grasp of this. This can be shown simply. If he were correct, then the phone companies would require a wirtetap order to even _view_ their phone logs for any suspected phreaking on their network. Somehow, I doubt that Ma Bell gets a wiretap order for to look at their phone logs.

    Mark Radulovich, CISSP