February 23rd, 2004, 09:40 PM
are honeypots illegal in the us under the dmca or any other law for that matter
i know it could be like entrapment but i dont plan to prosecute for breaking my honeypot of coarse my others boxes are a differnt story
February 23rd, 2004, 09:49 PM
I think right now the answer is "I don't know" since really honeypots haven't been contested in court. I would think the SuperDMCA would be more likely the law that would contest the use of honeypot but the big key is intention:
(sample of the Michigan SuperDMCA -- apparently, based on this I cannot wear my 2600 blue box shirt in Michigan)
Prohibited conduct with regard to telecommunications access device; violation as felony; penalty; amateur radio service; forfeiture; order; definitions.
(1) A person shall not assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise an unlawful telecommunications access device or assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise a telecommunications device intending to use those devices or to allow the devices to be used to do any of the following or knowing or having reason to know that the devices are intended to be used to do any of the following:
(a) Obtain or attempt to obtain a telecommunications service with the intent to avoid or aid or abet or cause another person to avoid any lawful charge for the telecommunications service in violation of section 219a.
(b) Conceal the existence or place of origin or destination of any telecommunications service.
(c) To receive, disrupt, decrypt, transmit, retransmit, acquire, intercept, or facilitate the receipt, disruption, decryption, transmission, retransmission, acquisition, or interception of any telecommunications service without the express authority or actual consent of the telecommunications service provider.
(2) A person shall not modify, alter, program, or reprogram a telecommunications access device for the purposes described in subsection (1).
(3) A person shall not deliver, offer to deliver, or advertise plans, written instructions, or materials for the manufacture, assembly, or development of an unlawful telecommunications access device or for the manufacture, assembly, or development of a telecommunications access device that the person intends to be used or knows or has reason to know will be used or is likely to be used to violate subsection (1). As used in this subsection, “materials” includes any hardware, cables, tools, data, computer software, or other information or equipment used or intended for use in the manufacture, assembly, or development of an unlawful telecommunications access device or a telecommunications access device.
February 23rd, 2004, 10:31 PM
Surely the question is not "are honeypots legal", but would the "evidence" so obtained be acceptable in court?
Hey, if you leave your car unlocked and someone steals it, that is not entrapment, it is stupidity?
Just a thought?
February 23rd, 2004, 10:34 PM
Very interesting in deed! I wonder how the anonymisers and proxies get around paragraph (1) (b). I guess they don't go to Michigan....
I would imagine we'll see a court case dealing with honeypots pretty soon. However I would highly doubt that if you caught a bad guy, that you would be in too much trouble as long as you turned in all your evidence. But make sure you are not too overly aggressive about the whole thing. Just remember the key phrase, "What would a reasonable and prudent person do?"
February 23rd, 2004, 10:43 PM
I don't see why a honeypot system is any different from any other system. Unless you are actually entrapping the attacker (example: offer them money or other reward to hack your honeypot), then any evidence should be admissable.
Just because it doesn't have any real purpose, doesn't mean a honeypot isn't still a computer system as defined by the relevant laws. Here are some other scenarios
- A machine has been set up to be a web server but has yet to be actually used as one
- A machine has previously been set up as a web server but is no longer used as one, and has been left turned on with net access
How are either of those scenarios different from a honeypot? None whatsoever. IANAL however.
February 23rd, 2004, 11:26 PM
so if i only use the info i gather to learn from and not to bring people to court im definatly fine right?
im in NY any super dmca laws to worry about
the dmca sucks its almost like we dont own our own property with what it says about by passing copy protection if i want to mod my x-box i shuold be able to.
February 23rd, 2004, 11:45 PM
I would say you are OK, the question is really if evidence so gathered is acceptable, NOT if you have done anything wrong? Otherwise:
1. Hackers are right, and the FBI and USSS can go play with themselves......hacking is no longer a crime?
2. Anyone who leaves an unprotected server/open relays is a nasty criminal leading poor skiddies into temptation??? and should be punished (come to think of it, the open relays bit wouldn't be all bad ?)
Just make sure you do it on a laboratory machine and DON'T try to hack back.
February 24th, 2004, 12:30 AM
The link I provided should give you info about the SuperDMCA. Generally, there are no rules in regards to honeypots (and the same can be said for the most part, scanning but it's still an iffy area since it truly hasn't been challenged in court).
There was one weird area of Honeypots that Lance Spitzner brought up in the Honeypot SecurityFocus Bugtraq: Privacy. He contends that privacy is more the issue than entrapment. This Article I believe covers his point of view.
February 24th, 2004, 01:00 AM
yeah msmittens that was another one of my conserns becasue im monituring them with out them knowing and if they compromise my box i can see what teir doing without them knowing and isent covered under some of though wiretap law?
February 24th, 2004, 01:47 AM
I would go for...............
1. The machine is your private property and you have the right to monitor what happens on it? otherwise keylogging and IDS software would be illegal?
2. They came to you, you did not go to them, or security cameras would be illegal?..............they monitor people's activity?
Just a thought