Use a honeypot, go to prison?

[Lv4]

There is some discussion now that RUNNING a honeypot could be considered illegal, and leave the organization that runs it open to lawsuits from the hackers they are tracking. The Register has an interesting article discussing this that can be found here.

A quick excerpt from the article:

But that monitoring is what federal criminal law calls "interception of communications," said Salgado, a felony that carries up to five years in prison. Fortunately for honeypot operators, there are exemptions to the Federal Wiretap Act that could be applied to some honeypot configurations, but they still leave many hacker traps in a legal danger zone.

just thought I would share what I found this morning on my daily perusal of the Register, and I hadn't seen in here on AO yet.

[Darksnake]

First off if the "hackers" werent snooping around your machine's then they and you wouldnt be in court. I highly doubt a judge will rule in their favor if you can prove they were unlawfully snooping around and got caught. Personally I think its a bunch of **** but thats just me. I mean if you catch someone snooping around outside your house can he sue you for making your house a tempting target to him as a burglar? not only no but hell no! Our laws are just a bunch of **** when it comes to computers.

[tonybradley]

Its not that you're getting sued for having a honeypot. The concept is that you would be sued for using the honeypot to track the hacker- in effect reverse hacking him.

To steal your analogy, it would not be like the burglar suing you for having a tempting house to break into. It would be like you spotting a burglar scoping your house and following him back to his house. At that point, you would be stalking him.

I think the premise of the article or the comments by Salgado are flawed though. A honeypot, in my opinion does not "intercept" communications. It simply monitors and logs communications that are directed at it.

It would be like saying video surveillance equipment is illegal because it records the actions of a burglar that breaks into your house. Or, its like saying that CallerID is illegal because you are intercepting information to identify the source of the "intrusion" into your phone system.

I am sure you can stretch the law and distort it to make it apply this way, but I think that if you come to me I am allowed to monitor your actions without violating any law.

Just my $.02

[blunuke420]

Oh my...

So does this basicly mean that a hacker/cracker is whineing that someone is violateing his right to privacy on the internet? You have got to me kidding me...

What this sounds like to me is that some newbie hacker/script kiddie got nailed by someone who took offence to the hacker digging around his network neighborhood (sp?) and now he gets to deal with the consequnces...

Leave it to a newbie to whine and complain the most about what he knows the least about...


My $.02 and a cup of coffee at waffle house

[bballad]

This has been discuessed to death here...just see any of the super dcma threads there are at least four on this topic.

As for use a hony pot go to jail, well the register is known to be sansationalist form time to time. The law is too broad to be applied until the courts strip it down its safe to assume security devices are legal...remember the state goverments have to fallow their own laws, I know Il (one of the states with SDCMA) has firewalls and NAT running, they probably have honnypots running as well, they would not have knowingly passed a law that they where violateing.

[tonybradley]

I agree we have beat DMCA and Super-DMCA to death, but this is different.

This article discusses using the Federal Wiretap Act to snag you for "intercepting" communications without the other party's consent.

I submit that A, they are trespassing in the first place so its not "wiretapping" and B) it wouldn't hold up in court.

They do make the point that it may depend on the proximity of your honeypot to the real server. In other words, if Joe Hacker was trying to get to Server A and you redirect the connection to Honeypot A that is somewhere else on a whole other subnet or something you, in effect, have intercepted and hijacked the communication intended for Server A.

I question whether the law would apply in that way though. Again, Joe Hacker would be trespassing on your network in the first place so you are within your rights. If you have a fake safe in your house to "attract" burglars while you hide you real valuables in a Pringles can in the cupboard can the burglar sue you for tricking him? I don't think so.

[blunuke420]

So does this mean that if someone called my house, got my answering machine, but i picked up in the middle of it, did not turn off the machine and started the conversation i would be up for federal charges? what would happen if i had no message on my machine to alert the caller that he was about to begin speaking to a tape recorder? Or if the caller entered into a 3 way conversation with someone else while speaking to myself and my answering machine?

This is about to get really scary...

[bballad]

Wire tap should not apply here, you are alowed to record your own conversation..I guess you could put a note on a default web/the entrence ftp message of your honey pot that stated that you where logging...but I think you could argue that logging is implied on all systems.

[MrLinus]

Ah but there is another issue with the Honeypot, Super DMCA aside. What about the question of entrapment? This is a question my students always ask when we discuss honeypots and it's one that I don't think there is a true answer for, at least no legal precendent that I have been able to find thus far or heard of.

I've also thought about the "hacker" types found in books like @Large. If putting out a honeypot attracts them and they use it, is it not like putting out illicit drugs and encouraging the junkie?

[bballad]

If I remember correctly only police or other law enforecment types can entrap. Its not like you are forceing the hacker to break into your system, and its not like putting drugs out for a junkie a hacker is not addicted and should have the self controll to not break in...Is it illigal to put up security cameras? If cameras are fine then loggin on a honey pot is fine.