Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io)

Posted by BeauHD on from the active-defense dept.

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.

69 comments

  1. Sure...no pandora's box here.... by cayenne8 · · Score: 5, Interesting
    While I understand fully the thoughts behind doing something like this....I just think "Wow...what could possibly go wrong here...?"

    I'm guessing that large businesses could get in on this too? If not now, just wait....

    And, we've seen how well just take down notices work....often not even justified, but still...the party acted upon is now guilty till proven innocent.

    What constitutes a valid victimization? Telling someone you don't like them? They small bad? That allows them to infiltrate your computer, destroy information...etc?

    This sounds like a real pandora's box being opened here.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:Sure...no pandora's box here.... by Anonymous Coward · · Score: 4, Insightful

      "What constitutes a valid victimization?" ICMP the wrong port and they can say you're trying to penetrate their services? Mmmm, Beacon.

    2. Re:Sure...no pandora's box here.... by LifesABeach · · Score: 3, Insightful

      Given Toms "a child of 8 year old heat of the moment mentality" what could possibly go wrong? And is the DOJ so fucking bloated that going after the bad guys to much for them?

    3. Re:Sure...no pandora's box here.... by AHuxley · · Score: 3, Insightful

      A group moving data around the world would use a series of unexpected holding or staging servers with fast networks to mask their final ip.
      This will not be a move of data from a company direct to a "home" "desktop" computer with some dial up modem.
      Once the "owner" detects their data and sends the code?
      That data could be sitting on any random fast network around the world without been noticed. Strange computers sending to code to and altering a computer to do something to data on that network?
      The resulting intrusion and clean up will be very expensive and disruptive to any third party.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Sure...no pandora's box here.... by Anonymous Coward · · Score: 0

      Not Pandora's box, THE WILD FUCKING WEST!

      How to turn the Internet into a variable digital battlefield? Easy. Get the civilians involved!

      My spidey sense says this is to muddle up the waters for those wanting to police, do some security network analysis, of those 'groups' who want to blend into the background for the REAL damning 'warfare' that will be coming.

      Holy hell. What are these people thinking?!?!?

    5. Re:Sure...no pandora's box here.... by currently_awake · · Score: 4, Insightful

      1-Evil Hacker hacks into Facebook network. 2-Use to launch attack against Microsoft. 3-Microsoft detects attack, traces to Facebook, launches counter attack and searches for their data. 4-Facebook detects intrusion, traces to Microsoft, launches counter attack and searches for their data. 5-Evil Hacker finishes downloading data, sits back and eats popcorn while Cyber WW3 erupts.

    6. Re:Sure...no pandora's box here.... by AHuxley · · Score: 2

      Think of the fun a well funded third party clandestine service could induce the USA to do.
      They find a US beacon effort in the wild and alter its mission just a bit.
      Place it in nations they don't get along with and watch as the US reports "hacking" from a list of other nations flood in.
      The US has 100% evidence and proof that "other nations" are evil and the special secure beacon code was running in their networks and ip ranges.
      Special citations and commendations for that clandestine service as the USA so trusts its beacons results and code.

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Sure...no pandora's box here.... by AmiMoJo · · Score: 1

      Large companies like Facebook and Microsoft will just call each other's security departments. The danger will be when foreign companies get involved.

      Imagine Facebook incorrectly traces the attack back to some company in China, and starts hacking them. Chinese government notices and decides to destroy Facebook, deploying state level hacking and zero day exploits to wipe them out.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Sure...no pandora's box here.... by butzwonker · · Score: 2

      I agree with you but your example is a bit unfortunate. The problem with this bill seems to me that the counter-attack will be completely illegal in almost every other country in the world. This creates all kinds of legal problems for US companies and also many practical problems for police forces, prosecutors and security companies in other countries. In any case developers of 'counter-attack' software ought not be surprised if they are arrested once they leave the US.

    9. Re:Sure...no pandora's box here.... by Anonymous Coward · · Score: 0

      North Korea - Yeah Active Defence my ass.

      Once it crosses over international borders - it is an invasion, sweep mission, scorched earth, and also scoffing at international treaties . Computer trespass is costly - the other side must restore - lots of downtime .
      Now if the act was scoped to just blackmail and ransomware, and licensed named security persons, maybe.

      I can See NK and Iran saying - they attacked first, all bets off, and start building mega revenge porn archives for profit.

    10. Re:Sure...no pandora's box here.... by Marillion · · Score: 1

      It's "Stand Your Ground" for nerds. Because that always works well ...

      --
      This is a boring sig
  2. Black ICE by painandgreed · · Score: 1

    Time to hire some in house hackers and install the black ICE on the servers.

    1. Re: Black ICE by Anonymous Coward · · Score: 0

      Netrunners and CyberPunk here we come!

  3. Mr. FBI Agent sir, by WolfgangVL · · Score: 5, Funny

    I was just "destroying my hacked data"

    Facebook had hacked my browsing data...
    The FCC was hosting my stolen data...
    The "agencies" had hacked my communication devices....
    Linkedin...
    Tumbler...
    Myspace...
    IRS...

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
    1. Re:Mr. FBI Agent sir, by Cyberpunk+Reality · · Score: 4, Insightful

      People are modding it funny, but that's because it's half true.

      Sony or the FBI will be allowed to compromise your hardware at will. But if you so much as peep back, they'll drop the legal equivalent of a 10 ton weight on you.

      --
      Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
    2. Re: Mr. FBI Agent sir, by TheOuterLinux · · Score: 1

      They don't have to hack your data. They don't even need a warrant. All they have to do is buy it off of your ISP like any other company. Trust me, you let loose enough unencrypted metadata for them to connect the dots if they wanted to.

    3. Re: Mr. FBI Agent sir, by Anonymous Coward · · Score: 0

      Quite a number of ISPs are engaging in activity that could be considered malicious. I'm particularly thinking of replacing NXDOMAIN results with advertising server addresses, which is DNS spoofing.

      If that makes the personally identifiable information the ISP collected, including every copy they've sold, subject to "active defense", things could get interesting.

  4. Attack Google and Microsoft? by Bing+Tsher+E · · Score: 2, Interesting

    So this bill empowers me to attack Microsofts and Googles servers to destroy my data that they have taken?

    1. Re:Attack Google and Microsoft? by Anonymous Coward · · Score: 0

      yes it does. all win10 users can now legally hack and destroy MS.
      all verizon customers can now destroy their info that verizon has collected by any digital means necessary.
      that should fix things bigly

    2. Re: Attack Google and Microsoft? by Anonymous Coward · · Score: 0

      No. Dude are freaking smoking crack? Jesus any kid with half a brain knows US laws only applies to those rich enough to afford the millions in political donations needed to pass them. Now get back to bending over as Comcast, Exxon, etc. need to drain the swamp a little more.

    3. Re:Attack Google and Microsoft? by mrclevesque · · Score: 1

      No. Because EULA.

  5. Hmmmm by JThundley · · Score: 4, Funny

    So I have to tell the FBI that I'm going to hack the NSA to destroy my data?

    1. Re:Hmmmm by zlives · · Score: 1

      i am sure if you don't the NSA will anyway, so in this particular instance it would be necessary.

  6. AC/DC Act by PopeRatzo · · Score: 4, Insightful

    The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March

    Republicans have seen too many Hollywood hacker movies. They want people to believe that after someone steals their personal information, they'll be able to click a big red EXECUTE button on the screen and it will launch a counterattack and steal back their data.

    In reality, the people who are victims of this type of data theft aren't going to have access to these "Beacon" tools. But copyright trolls and malware thugs almost certainly will. In the end, this will be just another corporate giveaway.

    The cyber is hard.

    --
    You are welcome on my lawn.
    1. Re:AC/DC Act by zlives · · Score: 1

      the lobbyist that wrote this bill for him probably showed him that movie, however its probably for content providers to destroy computers of people pirating rather than try to bring them to court, since that takes forever and costs money and maynot result in any profits. just wait till they update the TOS to include a missile strike if not in compliance.

    2. Re:AC/DC Act by rtb61 · · Score: 2

      Meh, who cares, mountain out of a mole hill. News at eleven corrupt lobbyists and corrupt politician attempt to write constitutional challenged laws that would empower corporations to enslave and attack citizens, the flaw, something to do with search warrants and how they are carried out, you know, no search warrant, no search, no removal, no nothing. Also affects possession laws, with no proof required of right of possession to denies others the active possession. What could possibly go wrong with writing stupid laws, that enable corporations to act as, judge, jury and executioner, with no right of defence for the victim.

      People are talking about returning hacks, how about stand your ground laws. A corporate tech expert attacks your network, to defend it, you enter his office and shoot them in the face, it's the law, it's defence of property and there is no denial of the attack and it's intent, so how does it balance out with stand your ground laws and defence of your property.

      Stupid bought of politician, puts their name to stupid paper that a stupid lobbyists wrote, paid of by corporations seeking more power over citizens to own and control them and it all ends up in the bin but the lobbyists walks away with tons of money.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:AC/DC Act by zlives · · Score: 1

      i would only say that this would go hand in hand with the licensing law as in you don't own any property its all just a license. so no stand your ground... also probably not work with stand your ground as this reprisal would require walking to the said office...

  7. Foolishness. by Gravis+Zero · · Score: 4, Interesting

    What this is going to enable people to do is destroy zombie computers and devices under the guise of retribution. While this may seem good at first, it's just going to be the moms and pops of the world losing all their data because they got infected with a virus and somebody unleashed hell on their machine. It seems like it would be far more helpful to require ISPs to detect a DoS in progress and cut off the infected customer. A scorched Earth campaign will do little to change the world.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Foolishness. by Anonymous Coward · · Score: 0

      Except that the zombie computers are not owned by the attackers but by victims. We know how BrickerBot works and how bad that can be. This would be much, much worse.

    2. Re:Foolishness. by jbmartin6 · · Score: 1

      This case ("infected by a virus"..."unleash hell") isn't covered by the proposed bill.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  8. Blinking Midnight by sdinfoserv · · Score: 1

    So just exactly which tools will John Q Public be using to track and delete their data?
    The "easy" tools, meant for the people who still have VCR's blinking midnight?
    "Alexa, find and destroy all my hacked data!". thank you.

    1. Re:Blinking Midnight by zlives · · Score: 2

      i think the idea is for you to hire some shadow runners to get your data blocks back by using some ICE.

    2. Re:Blinking Midnight by bobbied · · Score: 3, Funny

      "Siri, find and destroy all my hacked data!". thank you.

      FIFY

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    3. Re:Blinking Midnight by Anonymous Coward · · Score: 0

      I think this law is intended to give rights to real people, not to mere plebs.

    4. Re:Blinking Midnight by Anonymous Coward · · Score: 0

      "Siri, find and destroy all my hacked data!". thank you.

      I'm afraid I can't do that Dave. Your data is permanently stored in the Apple Cloud.

    5. Re:Blinking Midnight by dpilot · · Score: 1

      I have this ugly feeling that by "people" this bill means "corporations", not us ugly-bags-of-mostly-water.

      --
      The living have better things to do than to continue hating the dead.
  9. Professionalism by Anonymous Coward · · Score: 0

    Since most people don't know how to implement such counter-measures, hackers will finally fill a niche of their own in the market.

    Captcha: commence

  10. What's the catch here? by Anonymous Coward · · Score: 0

    I'm honestly asking. Something smells about it, but that's only from my experience seeing whatever gets penned by R- hands that even remotely touches technology.

    The idea of getting back at whoever hacked you is tempting, but, how do you even tell? What's the timeframe? And I guess what are the restrictions, really?

    Is this one of those things where the average joe will be completely unprotected and unsupported, but various large companies will be able to use the letter of the law to completely screw over journalists or complaints or something of the sort?

    1. Re: What's the catch here? by Anonymous Coward · · Score: 0

      The purpose of this law is to allow wealthy corporate donors to commit computer crimes against easily demonized subgroups/ minorities. Not just brown minorities, but political minorities. Like the old, the young, the rural, the urban... Anyone they choose to set up a us vs them context with.

      On Slashdot, it means anyone who uses a torrent server can be targeted, ala DMCA takedowns, and have their server nuked to remove the corporate data. So movies, music, police abuse, proof corporate health/safety violations, etc can all be attacked and destroyed under the guise of protecting their property. The design of the police badge ir corporate logo in the footage of the beating /murder/destruction of evidence being filmed.

  11. The Physical Analogy by Josuah · · Score: 4, Insightful

    The analogy is if you suspect someone of stealing your wallet, you are allowed to break into their house, search through it to find and take back your wallet, destroy a few things here and there to prevent them from pickpocketing in the future, and then call in the police to arrest the guy.

    Oh, but if you made a mistake and destroyed some random person's stuff, well, you were still acting within the law.

    1. Re:The Physical Analogy by Baron_Yam · · Score: 1

      For an attack in progress, I'd say it's more like you're being mugged and the attacker has managed to grab your wallet by the time you start fighting back.

      You have a right to self-defence in the physical world, usually with a limit of 'reasonable force' (Texas excluded). To extend that to the digital world, if your system is attacked you should have the right to damage the attacking system to the point it can no longer continue its assault... and you should be able to take back your data if you can do so.

      And of course, if you attack the wrong entity, you should be liable - just as you would if you were fighting a mugger and somehow knocked out an uninvolved bystander.

    2. Re:The Physical Analogy by Anonymous Coward · · Score: 1

      Except, a more effective self defense is just telling your network to stop accepting the guy's packets.

      Anything else is unnecessary use of force.

      Kind of like rendering the mugger harmless and then kicking him and maybe his family and friends while he's down.
      And the mugger you are going after may be some harmless smuck who got his computer hacked.

    3. Re:The Physical Analogy by DarkOx · · Score: 1

      Alright, lets play pretend.

      1) You have webserver with say a JBoss deserialization vulnerability.

      2) I get remote code execution and set myself up some persistence but otherwise leave your site alone, you don't know anything is wrong.

      3) I use your system as pivot to attack Bob's network. I break into Bob's systems and start dumping data.

      4) Bob spots the attack and sees its coming from you. Oh did I mention outbound connections from the server I compromised don't leave from the same IP that servers inbound ones to the site, they go out thru your NAT pool. So Bob sees this coming from your main corporate firewall.

      5) Bob decides he is going to pop your network and look for his data. He phishs some of your employees to get a internal host compromised and a reverse shell out. He proceededs to paw thru your entire internal network looking for his data.... Maybe he eventually discovers me, maybe not.

      Is this okay?

      Ethical issues aside, law enforcement and jurisdiction challenges aside, I see this as increasing the incentive the total number of threat actors.

      Going back to my example above, lets say you really were my target. Lets say after compromising your web server I never got any privilege escalation, was stuck with a process running as www-data on your system, could not move laterally into your network or get out of the DMZ. I know though that Bob has a capable response team. So now all I have to do is execute a sloppy attack on Bob and suddenly he is helping me to destroy you!

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:The Physical Analogy by coofercat · · Score: 1

      It's probably more akin to breaking in to a bank to get your wallet though. Kicking someone's door in to gain entry isn't that hard, and I'll bet about 80% of the population could do it if they really needed to. But breaking into a computer is well beyond 95+% of the population - I know technically what's required, but it would still take me an awful lot of dedicated time and effort to do. Thus, I'd need to hire a pro - and they don't come cheap (unless you're a big company, in which case you already hired a few of them).

      So aside from collateral damage, which seems like it's almost a desired outcome, you've also got the problem of "justice for the rich" (or rather, corporations throwing their weight about).

    5. Re:The Physical Analogy by Anonymous Coward · · Score: 0

      Read the bill, its not fighting back while getting attacked as you imply. Given the requirements for notification,evidence collection, etc its not self-defense its purely offensive/retribution after the fact.

  12. Beacon? Can someone give the executive summary? by Anonymous Coward · · Score: 0

    Can someone point to definitive mainstream tech media explanation of what this 'beacon' tech/nique is about? Certainly it has nothing to do with the 802.11* beacon frames, or does it?

    Is it just the decriminalization of ping and traceroute?

    I get the distinct feeling that the spooks are playing word redefinition games here.

  13. Speaking of movies by DrYak · · Score: 1

    Republicans have seen too many Hollywood hacker movies.

    speaking of movies...

    In reality, the people who are victims of this type of data theft aren't going to have access to these "Beacon" tools. But copyright trolls and malware thugs almost certainly will.

    Yup, the movies are definitely going to be the thing best protected by this act.

    Movie shown in theater tends to be fingerprinted. (the purpose being to try to trace back where a copy was first leaked).
    This act basically gives authorization to the industry to install a backdoor (either forced through legislation, or unknowingly deploy in the style of Sony root-kit), that will nuke an user computer if it ever detects such type of fingerprints.
    (and make it also report back to the MPAA mothership in preparation of subsequent copyright lawsuits - of course claiming bazillions of revenue loss due to piracy)

    This is definitely the evil twin of Digital Restrictrion Management (as if the original DRM wasn't evil already enough).

    Copyright trolls are going to have a great day.
    The people affected by false positives that wrongfully b0rked their computer : not such a great day.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  14. Active Bacon by chuckugly · · Score: 1

    Well, one good thing, I love bacon of any kind so far.

  15. What could go wrong by DrYak · · Score: 1

    We know how BrickerBot works and how bad that can be. This would be much, much worse.

    Yup. Indeed.

    this time instead of Smart LED bulbs staying dark or showing the wrong color, you're going to have the database server holding the important financial information getting broken.

    But hey, at least the infected zombie bot won't disturb *you* anymore.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  16. The Fog Of Cyber Competence by Anonymous Coward · · Score: 0

    "Beacon" tools? WTF? Is that like honeypotting your own executables in order to catch the subset of thieves that are stupid enough to run those programs from their own internet connected networks?

    In reality I imagine this is dual-crap. Half of the crap is that it is trying to attract political support with as you mentioned, a fantasy for ordinary users to somehow fight back against the cyber criminals (which is only necessary because the law enforcement authorities are some combination of too corrupt, too incompetent, too underfunded, and too lazy to police the new frontier that their slow evolution culture will need another couple centuries to catch up with). The other half of the crap is that what this is really for is to allow the billionaire cyber corp club to basically do as they please, and not be liable when they happen to accidentally hack into 100 innocent people's computers for every guilty party's computer they hack into.

  17. Create a fake beacon? by AHuxley · · Score: 1

    Is the beacon path back to the US the ip range of interest?
    Automated or will some US gov worker have to click a gui everytime to allow a beacon to be respond to?
    Hope that the user is on a desktop computer, has one hard drive that has the OS, has the data, is connected to the net, has the same ip for a while?
    How perfect is the "techniques to trace the attack and identify the attacker" going to work in every computer network before someone with skills finds something in the wild?
    Or does the beacon encrypt ip changes it gathers deep in the "computer of the attacker"?
    Create a fake beacon and place it deep into some other interesting network.
    Watch as the US reaches out and injects code deep into some other network.
    The owner of that network then states that the US is attempting to alter their vital computer system...
    The fake beacon is then found and the US has to do paperwork about the event.
    A new beacon is detected deep in another network ...
    How will the US ensure each and every beacon is a real event? Advanced crypto per beacon and code per event that nobody will ever see in the wild?
    Once discovered in the wild and reverse engineered all the altered IoT could send out the same beacon like messages?
    The US would be induced to swamping the internet trying to push code down random networks globally.
    How is the US going to detect the "computer of the attacker" if the beacon code reports an altered, compromized or faked ip range?
    The US will be back to reporting on code litter, ip ranges, time zones and finding language fragments.
    The "beacon" reported an evil ip range so it must be that evil nations clandestine services. ...

    --
    Domestic spying is now "Benign Information Gathering"
  18. Re:Beacon? Can someone give the executive summary? by AHuxley · · Score: 1

    A person with their own home computer using a modem downloads beacon ready US data to that desktop computer.
    That special US data sends out a secure fully encrypted beacon message about the ip and type of computer its has been downloaded to.
    The US tracks down that home computer with one hard drive, a consumer OS and a connected modem.
    The data then has no value after the US has fully "disrupted" that computer.
    The once rare and advanced 1980's dial up network and expensive desktop computer is now a global consumer product in 2017.
    Everyone interesting has one desktop computer, a common US brand consumer OS, a modem and one hard drive on that computer in 2017...

    --
    Domestic spying is now "Benign Information Gathering"
  19. Copyright trolls by Anonymous Coward · · Score: 0

    ... accessing ... the computer of the attacker ...

    What constitutes an attack? Is Facebook an "attacker" because they hold data I didn't authorize?

    ... disrupt continued unauthorized activity ...

    What, besides deleting the offending data, counts as disruption? This is a loophole giving all copyright trolls a licence to delete everything, or install adware, on a suspect's computer: IOW, vigilante justice.

    Will this create an arms race with AV software blocking beaconing technology? Most AV publishers exist outside the USA and won't have to obey any backdoor-ing legislation.

  20. This idea is so full of wrong by TiggertheMad · · Score: 4, Insightful

    I am curious how this is going to not constitute destruction of criminal evidence when the first court case goes before a judge...

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
    1. Re:This idea is so full of wrong by Anonymous Coward · · Score: 0

      If you're poor, and did what you thought you were allowed to do, you'll be charged that way yes.

      If you're the large corporation that was doing exactly that, possibly the person above's attacker even, you were acting within the bounds of the law and never did anything wrong, including when your hacking involved armed goons and the person's home.

  21. nope by Anonymous Coward · · Score: 0

    Retarded bullshit from the Trumpniks. Why on Earth would you notify a compromised administration of your attempts to defend against Russian active measures?

    Better defense is to move your servers out of the United States and ignore this garbage non-thinking legislature while America sorts of her bad boyfriend.

  22. You need a bill for this? by wolfheart111 · · Score: 1

    If someone has the skills and is being attacked... it wouldn't matter if there is a bill or not.

    --
    [($)]
  23. Wild Wild Internet by Anonymous Coward · · Score: 0

    Wild Western in the Digital Age. Retardation seems to be a qualifier and requisite for american politicians. Instead of order, they are trying to make the wild western out of internet?

  24. To right a wrong. by Anonymous Coward · · Score: 0

    The police don't hold a monopoly on justice.

  25. So... use a foreign computer? by Kjella · · Score: 1

    Since the US doesn't have jurisdiction outside the US, attacking any foreign computer will likely remain illegal under foreign law. If the US courts protect them they'll become modern day privateers, state-sanctioned thugs. Like a loose cannon version of the NSA, this will not end well.

    --
    Live today, because you never know what tomorrow brings
    1. Re:So... use a foreign computer? by Bob+the+Super+Hamste · · Score: 1

      If the US courts protect them they'll become modern day privateers, state-sanctioned thugs. Like a loose cannon version of the NSA

      So more constrained then.

      --
      Time to offend someone
  26. Cyber War by Anonymous Coward · · Score: 0

    This can easily change a Cyber Attack into a Cyber War.

    The next time AT&T decides to force an update on my phone that I OWN, and it destroys my data, then I could retaliate against their network.

    Or if my device was enslaved via virus and a corporation responded by wiping out my device that also happens to contain the cure for cancer on it.

  27. Who bought the beacon? by Cajun+Hell · · Score: 1

    The "beacon" exception is interesting. Someone went to the extra trouble to pay somebody to add that. Who did it and why? What's the imagined scenario?

    --
    "Believe me!" -- Donald Trump
  28. I've got a raging cyber right now by Anonymous Coward · · Score: 0

    and it's pointing way over to the right.

  29. The quarantine of the Darwin Station by karlandtanya · · Score: 1

    must be maintained forever

    I remember watching the episode and thinking Gee--it would be great to be one of the people with the active immune system.
    Of course it would suck for my neighbors, friends, and family--but that's their problem.

    Right?

    --
    "Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
  30. Re:Let's allow active defense in other situations, by Anonymous Coward · · Score: 0

    And after you finish with them you can eliminate the second most violent and oppressive religion in the world by getting rid of all the christians... it's only smart and an enlightened approach to national security.

  31. Re:Beacon? Can someone give the executive summary? by Anonymous Coward · · Score: 0

    "downloads beacon ready US data"

    Whatever that means

    "That special US data sends out a secure fully encrypted beacon message about the ip and type of computer its has been downloaded to."

    traditionally computer scientists and engineers don't talk about "data sending out a message". We call that non-sensical. Is the data of a format that induces a bug/segfault/etc in common media players and has an executable payload and thus the computer/media-player-program then sends out the message? Over the internet, over the ether, over subspace, via passive reflecting usb port bug to a microwave emitting predator drone? So after the first few people fall prey to this, the pirates start watching their booty movies from non internet connected systems, perhaps in faraday cages. Then what? This sounds really stupid.

  32. Re:Beacon? Can someone give the executive summary? by AHuxley · · Score: 1

    It really is that silly AC for the executive summary.
    A solution that expects a home computer with a modem to be direct downloading a "file" that reports back the ip.
    That users computer is then "disrupted".

    --
    Domestic spying is now "Benign Information Gathering"