SlideShare ist ein Scribd-Unternehmen logo

Hacking back in self defense

David Willson, Attorney, CISSP, Security +
David Willson, Attorney, CISSP, Security +

Can you hack back in self defense if your company is being persistently attacked?

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
1/10/2015 Page 1 Hacking Back in Self-Defense: Is It Legal? Should it Be? David Willson Attorney at Law CISSP, Security+ Titan Info Security Group and Azorian Cyber Security
1/10/2015 Page 2 David Willson david@titaninfosecuritygroup.com  Owner of Titan Info Security Group, LLC, providing enhanced cyber security and liability reduction or elimination  Retired Army JAG officer  Advised the DoD and NSA on computer network ops law  Legal advisor to what is now CYBERCOM  Published author and active speaker  Licensed attorney in CO, NY, and CT  Member ISSA and InfraGard  Holds CISSP & Security+ certifications
1/10/2015 Page 3 Legal Disclaimer This presentation is made available for educational purposes only as well as to provide general information and a general understanding of the law, not to provide specific legal advice. By viewing and participating in this presentation, you understand that no attorney-client relationship is formed. This presentation and material herein should not be used as a substitute for actual legal advice from a licensed attorney in your state with whom you establish an attorney-client relationship. The ideas presented are only theories and should not be considered authorization or advice to take action and/or violate the law.
1/10/2015 Page 4 David Willson Articles and Lectures  “An Army View of Neutrality in Space: Legal Options for Space Negation,” The Air Force Law Review, Vol. 50, 2001  “A Global Problem: Cyberspace Threats Demand an International Approach!” Armed Forces Journal, July 2009; ISSA Journal, August 2009; lectured on the subject at CSI (as keynote) and RSA  “When Does Electronic Espionage Become an Act of War?” CyberPro Magazine, May 2010; ISSA Journal, June 2010; lectured on the subject at International Cyber Crime Conference  “Flying through the Cloud: Investigations, Forensics, and Legal Issues in Cloud Computing” at CSI and HTCIA  “Ethical Use of Offensive Cyberspace” at RSA
1/10/2015 Page 5 $78,000 stolen $151,000 stolen $241,000 stolen $115,000 stolen Problem: Hackers and their botnets plague the networks of many businesses around the world! Jobs
1/10/2015 Page 6 500 Executives Surveyed…  “One thing is very clear: The cyber security programs of US organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries.” www.pwc.com/cybersecurity  One sad reality is despite all the warnings, companies and individuals continue to fail to implement basic security practices.
1/10/2015 Page 7 More Statistics  Attacks against small and medium-size businesses up 60%  400 companies surveyed over a four-week period admit to approximately 72 attacks per week on their networks, with one successful each week  Pentagon is attacked 6 million times per day (2008)  150,000 malware samples per day (Sophos)  Zero Day attacks ever increasing
1/10/2015 Page 8 Coreflood Botnet and CryptoLocker  Computer virus used to steal personal and financial information from the machines it infects  Stolen info can be used to steal funds, hijack identities, and commit other crimes  FBI estimates that Coreflood enabled fraudulent transfers that cost businesses hundreds of thousands of dollars before the agency shut it down (Government Security News, John Mello, Jr.)  Ransomeware
1/10/2015 Page 9 Cost of Breach (Ponemon Study 2013)
1/10/2015 Page 10 Losses (Ponemon Study 2013)
1/10/2015 Page 11 What is a bot or botnet?  Bot or web robots  Software applications that run automated tasks over the Internet. The largest use of bots is in web spidering, in which an automated script fetches, analyzes, and files information from web servers at many times the speed of a human. Recently, bots have been used for search advertising, such as Google Adsense.  Botnet  Collection of infected computers or bots that have been taken over by hackers and are used to perform malicious tasks or functions. A computer becomes a bot when it downloads a file (e.g., an e-mail attachment or malware on a web site) that has bot software embedded in it. A botnet is considered a botnet if it is taking action on the client itself via IRC channels without the hackers having to log in to the client's computer. The typical botnet consists of a bot server (usually an IRC server) and one or more bot clients.
1/10/2015 Page 12 How a Bot Works  Botnets have different topologies or command and control (CnC) structures  Most, it appears, use a compromised server as an IRC server, or referred to as the IRC daemon (IRCd)  Multiple bots will communicate with the IRCd via a “phone home” function  Single point of failure: If the central CnC is blocked or otherwise disabled, the botnet is effectively neutered (this will become important as we get into the theory)
1/10/2015 Page 13 More Definitions  Spam  Add-ons  Cookies  MyLife.com  ReUnion.com  Google
1/10/2015 Page 14 Is Hacking Back Self-Defense?  No C.H. “Chuck” Chassot of the DoD Command, Control, Communications & Intelligence office: “It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person.”
1/10/2015 Page 15 Is Hacking Back Self-Defense?  Yes  Timothy Mullen, CIO of AnchorIS, Inc.: People should be allowed to neutralize one that is unwittingly spreading destructive Internet worms such as Nimda  Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School: “This is a type of defense of property. There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses.”
1/10/2015 Page 16 Response Nothing Block Call LE Hack Back Remove Clean- up Scenario Business X finds malware on their networks in the form of a bot that is receiving instructions from a host server via IRC chat
1/10/2015 Page 17 Deterrents to Hack Back Law Ethics Retribution Illegal to gain unauthorized access to a computer Highly probable that hacking back will affect innocent computers or networks You may awaken the beast!
1/10/2015 Page 18 Computer Fraud and Abuse Act (CFAA)  A law to prevent trespass against a computer or network  Applies to any “protected computer”  Must “exceed authorized access”  Computer  Damage  Loss
1/10/2015 Page 19 Law “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby XXX”
1/10/2015 Page 20 Law, cont.  Unauthorized Access to a Computer  Computer Trespass  Self-Defense
1/10/2015 Page 21 Embed Code in the “Phone Home” function of a Bot. When the Bot connects to the IRC server the Code disables it. My Theory
1/10/2015 Page 22 Common Objections “You will start a war with China!” Really?
1/10/2015 Page 23 Common Objections “You will impact an innocent bystander!” No one in this scenario is innocent. Victim? Yes! Innocent? No!
1/10/2015 Page 24 Legal?  Did you have the intent to access the innocent computer or server being used as the IRC server?  Did you access that server without authorization?  Did you cause harm, alter, or in some way have a negative impact on the innocent computer?
1/10/2015 Page 25 Legal?, cont.  Does an infected computer impliedly grant you access to their system if their computer is causing damage to or plaguing your computer or network?  Wouldn’t a traditional scenario of self-defense apply in this situation?  Is the only driving factor imminence?
1/10/2015 Page 26 Legal?, cont.  Does an infected computer whose negligence allows your computer to be attacked, and the attack is ongoing or imminent, give you automatic authority to defend yourself by accessing that infected computer?  Can the victim of a bot attack claim that their code was automatic, used common protocols, followed the bot into the infected server (IRCd), and blocked the bot – did he exceed authorized access?
1/10/2015 Page 27 Questions David Willson Attorney at Law CISSP, Security + Titan Info Security Group 719-648-4176 david@titaninfosecuritygroup.com

Empfohlen

Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Grant Barker
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 

Empfohlen

Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Grant Barker
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLockBusinessSolutions
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteSandraPaiva
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Versionfamudal
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
AI in Hacking
AI in HackingAI in Hacking
AI in Hackingvenkatvajradhar1
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Jisc
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Toan cao cap a2
Toan cao cap a2Toan cao cap a2
Toan cao cap a2Informatics and Maths
 
Vat ly dai cuong a1 bai giang
Vat ly dai cuong a1 bai giangVat ly dai cuong a1 bai giang
Vat ly dai cuong a1 bai giangInformatics and Maths
 

Weitere ähnliche Inhalte

Was ist angesagt?

Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteSandraPaiva
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Versionfamudal
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Jisc
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 

Was ist angesagt? (20)

Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin Presentation
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
Data breach
Data breachData breach
Data breach
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference Keynote
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Version
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
AI in Hacking
AI in HackingAI in Hacking
AI in Hacking
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018
 
Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 

Andere mochten auch

Dinh huong phat trien cua eximbank
Dinh huong phat trien cua eximbankDinh huong phat trien cua eximbank
Dinh huong phat trien cua eximbankvokhanhvan
 
Giao trinh ngon_ngu_lap_trinh_c_1847
Giao trinh ngon_ngu_lap_trinh_c_1847Giao trinh ngon_ngu_lap_trinh_c_1847
Giao trinh ngon_ngu_lap_trinh_c_1847Informatics and Maths
 

Andere mochten auch (20)

Toan cao cap a2
Toan cao cap a2Toan cao cap a2
Toan cao cap a2
 
Vat ly dai cuong a1 bai giang
Vat ly dai cuong a1 bai giangVat ly dai cuong a1 bai giang
Vat ly dai cuong a1 bai giang
 
Toan t1 ton duc thang - chuong 9
Toan t1 ton duc thang - chuong 9Toan t1 ton duc thang - chuong 9
Toan t1 ton duc thang - chuong 9
 
Bai tap giai tich demidovich
Bai tap giai tich demidovichBai tap giai tich demidovich
Bai tap giai tich demidovich
 
Dinh huong phat trien cua eximbank
Dinh huong phat trien cua eximbankDinh huong phat trien cua eximbank
Dinh huong phat trien cua eximbank
 
Toan a2 ton duc thang
Toan a2 ton duc thangToan a2 ton duc thang
Toan a2 ton duc thang
 
Tin hoc can ban bai giang
Tin hoc can ban bai giangTin hoc can ban bai giang
Tin hoc can ban bai giang
 
Toan t1
Toan t1Toan t1
Toan t1
 
4 tu truong
4 tu truong4 tu truong
4 tu truong
 
Vat ly dai cuong a1 bai tap
Vat ly dai cuong a1 bai tapVat ly dai cuong a1 bai tap
Vat ly dai cuong a1 bai tap
 
Giao trinh ngon_ngu_lap_trinh_c_1847
Giao trinh ngon_ngu_lap_trinh_c_1847Giao trinh ngon_ngu_lap_trinh_c_1847
Giao trinh ngon_ngu_lap_trinh_c_1847
 
MSDM
MSDMMSDM
MSDM
 
Triet hoc mac lenin
Triet hoc mac leninTriet hoc mac lenin
Triet hoc mac lenin
 
Toan a2 bai tap
Toan a2 bai tapToan a2 bai tap
Toan a2 bai tap
 
T3 2
T3 2T3 2
T3 2
 
00 bo de thi minh hoa
00 bo de thi minh hoa00 bo de thi minh hoa
00 bo de thi minh hoa
 
C++ for beginners......masters 2007
C++ for beginners......masters 2007C++ for beginners......masters 2007
C++ for beginners......masters 2007
 
Cybersecurity and liability your david willson
Cybersecurity and liability your david willsonCybersecurity and liability your david willson
Cybersecurity and liability your david willson
 
C++ dai hoc cong nghe
C++ dai hoc cong ngheC++ dai hoc cong nghe
C++ dai hoc cong nghe
 
Chuong 02 bieu thuc
Chuong 02 bieu thucChuong 02 bieu thuc
Chuong 02 bieu thuc
 

Ähnlich wie Hacking back in self defense

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 

Ähnlich wie Hacking back in self defense (18)

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Security
SecuritySecurity
Security
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism Essay
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
Malware
MalwareMalware
Malware
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
INT 1010 10-3.pdf
INT 1010 10-3.pdfINT 1010 10-3.pdf
INT 1010 10-3.pdf
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook
 
Cyberterrorism Essays
Cyberterrorism EssaysCyberterrorism Essays
Cyberterrorism Essays
 

Kürzlich hochgeladen

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Kürzlich hochgeladen (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Hacking back in self defense

  • 1. 1/10/2015 Page 1 Hacking Back in Self-Defense: Is It Legal? Should it Be? David Willson Attorney at Law CISSP, Security+ Titan Info Security Group and Azorian Cyber Security
  • 2. 1/10/2015 Page 2 David Willson david@titaninfosecuritygroup.com  Owner of Titan Info Security Group, LLC, providing enhanced cyber security and liability reduction or elimination  Retired Army JAG officer  Advised the DoD and NSA on computer network ops law  Legal advisor to what is now CYBERCOM  Published author and active speaker  Licensed attorney in CO, NY, and CT  Member ISSA and InfraGard  Holds CISSP & Security+ certifications
  • 3. 1/10/2015 Page 3 Legal Disclaimer This presentation is made available for educational purposes only as well as to provide general information and a general understanding of the law, not to provide specific legal advice. By viewing and participating in this presentation, you understand that no attorney-client relationship is formed. This presentation and material herein should not be used as a substitute for actual legal advice from a licensed attorney in your state with whom you establish an attorney-client relationship. The ideas presented are only theories and should not be considered authorization or advice to take action and/or violate the law.
  • 4. 1/10/2015 Page 4 David Willson Articles and Lectures  “An Army View of Neutrality in Space: Legal Options for Space Negation,” The Air Force Law Review, Vol. 50, 2001  “A Global Problem: Cyberspace Threats Demand an International Approach!” Armed Forces Journal, July 2009; ISSA Journal, August 2009; lectured on the subject at CSI (as keynote) and RSA  “When Does Electronic Espionage Become an Act of War?” CyberPro Magazine, May 2010; ISSA Journal, June 2010; lectured on the subject at International Cyber Crime Conference  “Flying through the Cloud: Investigations, Forensics, and Legal Issues in Cloud Computing” at CSI and HTCIA  “Ethical Use of Offensive Cyberspace” at RSA
  • 5. 1/10/2015 Page 5 $78,000 stolen $151,000 stolen $241,000 stolen $115,000 stolen Problem: Hackers and their botnets plague the networks of many businesses around the world! Jobs
  • 6. 1/10/2015 Page 6 500 Executives Surveyed…  “One thing is very clear: The cyber security programs of US organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries.” www.pwc.com/cybersecurity  One sad reality is despite all the warnings, companies and individuals continue to fail to implement basic security practices.
  • 7. 1/10/2015 Page 7 More Statistics  Attacks against small and medium-size businesses up 60%  400 companies surveyed over a four-week period admit to approximately 72 attacks per week on their networks, with one successful each week  Pentagon is attacked 6 million times per day (2008)  150,000 malware samples per day (Sophos)  Zero Day attacks ever increasing
  • 8. 1/10/2015 Page 8 Coreflood Botnet and CryptoLocker  Computer virus used to steal personal and financial information from the machines it infects  Stolen info can be used to steal funds, hijack identities, and commit other crimes  FBI estimates that Coreflood enabled fraudulent transfers that cost businesses hundreds of thousands of dollars before the agency shut it down (Government Security News, John Mello, Jr.)  Ransomeware
  • 9. 1/10/2015 Page 9 Cost of Breach (Ponemon Study 2013)
  • 10. 1/10/2015 Page 10 Losses (Ponemon Study 2013)
  • 11. 1/10/2015 Page 11 What is a bot or botnet?  Bot or web robots  Software applications that run automated tasks over the Internet. The largest use of bots is in web spidering, in which an automated script fetches, analyzes, and files information from web servers at many times the speed of a human. Recently, bots have been used for search advertising, such as Google Adsense.  Botnet  Collection of infected computers or bots that have been taken over by hackers and are used to perform malicious tasks or functions. A computer becomes a bot when it downloads a file (e.g., an e-mail attachment or malware on a web site) that has bot software embedded in it. A botnet is considered a botnet if it is taking action on the client itself via IRC channels without the hackers having to log in to the client's computer. The typical botnet consists of a bot server (usually an IRC server) and one or more bot clients.
  • 12. 1/10/2015 Page 12 How a Bot Works  Botnets have different topologies or command and control (CnC) structures  Most, it appears, use a compromised server as an IRC server, or referred to as the IRC daemon (IRCd)  Multiple bots will communicate with the IRCd via a “phone home” function  Single point of failure: If the central CnC is blocked or otherwise disabled, the botnet is effectively neutered (this will become important as we get into the theory)
  • 13. 1/10/2015 Page 13 More Definitions  Spam  Add-ons  Cookies  MyLife.com  ReUnion.com  Google
  • 14. 1/10/2015 Page 14 Is Hacking Back Self-Defense?  No C.H. “Chuck” Chassot of the DoD Command, Control, Communications & Intelligence office: “It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person.”
  • 15. 1/10/2015 Page 15 Is Hacking Back Self-Defense?  Yes  Timothy Mullen, CIO of AnchorIS, Inc.: People should be allowed to neutralize one that is unwittingly spreading destructive Internet worms such as Nimda  Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School: “This is a type of defense of property. There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses.”
  • 16. 1/10/2015 Page 16 Response Nothing Block Call LE Hack Back Remove Clean- up Scenario Business X finds malware on their networks in the form of a bot that is receiving instructions from a host server via IRC chat
  • 17. 1/10/2015 Page 17 Deterrents to Hack Back Law Ethics Retribution Illegal to gain unauthorized access to a computer Highly probable that hacking back will affect innocent computers or networks You may awaken the beast!
  • 18. 1/10/2015 Page 18 Computer Fraud and Abuse Act (CFAA)  A law to prevent trespass against a computer or network  Applies to any “protected computer”  Must “exceed authorized access”  Computer  Damage  Loss
  • 19. 1/10/2015 Page 19 Law “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby XXX”
  • 20. 1/10/2015 Page 20 Law, cont.  Unauthorized Access to a Computer  Computer Trespass  Self-Defense
  • 21. 1/10/2015 Page 21 Embed Code in the “Phone Home” function of a Bot. When the Bot connects to the IRC server the Code disables it. My Theory
  • 22. 1/10/2015 Page 22 Common Objections “You will start a war with China!” Really?
  • 23. 1/10/2015 Page 23 Common Objections “You will impact an innocent bystander!” No one in this scenario is innocent. Victim? Yes! Innocent? No!
  • 24. 1/10/2015 Page 24 Legal?  Did you have the intent to access the innocent computer or server being used as the IRC server?  Did you access that server without authorization?  Did you cause harm, alter, or in some way have a negative impact on the innocent computer?
  • 25. 1/10/2015 Page 25 Legal?, cont.  Does an infected computer impliedly grant you access to their system if their computer is causing damage to or plaguing your computer or network?  Wouldn’t a traditional scenario of self-defense apply in this situation?  Is the only driving factor imminence?
  • 26. 1/10/2015 Page 26 Legal?, cont.  Does an infected computer whose negligence allows your computer to be attacked, and the attack is ongoing or imminent, give you automatic authority to defend yourself by accessing that infected computer?  Can the victim of a bot attack claim that their code was automatic, used common protocols, followed the bot into the infected server (IRCd), and blocked the bot – did he exceed authorized access?
  • 27. 1/10/2015 Page 27 Questions David Willson Attorney at Law CISSP, Security + Titan Info Security Group 719-648-4176 david@titaninfosecuritygroup.com