Use a honeypot, go to prison?

[Tedob1]

I had read this threw a link on packetstorm today but didnt have time to post anything on it so im glad this thread is here.

I think Salgado is trying to tap into the frustration of a privacy minded but much stomped upon community for publicity. Hoping he'll find support for anything thats anti DMCA because thats what this law is about Copy right protection and catching those "defrauding" service providers, and thereby promote himself.

Now "defrauding" service providers there's a term to watch out for. This makes NAT a felony, but for him to say his very education and degree make HIM illegal is just a bit much.

Running a honey pot is not "Intercepting communication" because thats the address the hacker intended to communicate with. Building a room on a house not connected to the interior rooms but only to the outside and then leaving the door with a very easy lock to circumvent to see who's been breaking in is not entrapment (hey thats not a bad idea...RT Honeypots) even though its the only purpose for it

[ccKid]

The whole idea of using a honey pot and going to jail is just insane. If the loser hacker/cracker wasn't intruding into systems that they had no right to be in they wouldn't have a case at all. This smacks of the cases in which the criminal sues the home owner for owning a rottweiler that bites them. Never mind the fact that the SOB was robbing the house. What the hell do people think now a days? Not much is what I think!!


ccKid

[MrLinus]

Originally posted here by khanacarm
Regardless of the law, ....

In response to what MsMittens said, having credit card numbers on your server does not in any way justify hacking.

First, in regards to your comment of "Regardless of the law", I don't think one should do something that is illegal to catch criminals. That said, I also believe that honeypots are very legal and things like the SuperDMCA are making it more difficult for "white hats" to do their job properly. My posts here, as I mentioned earlier, are merely a "Devil's Advocate" point of view.

Second, I'm not saying that it justifies hacking. I'm saying that it might encourage hacking for some. If you go into an Alcholics Anonymous meeting with an armful of hard liquor, are you not tempting them? It's not illegal. Some will have the will power to withstand it. Others won't. Same idea. You are encouraging them to hack. Since you are doing that -- encouraging them to "break the law" -- who are you bring charges against them?

As for litigation (as brought up by some more recent posts) that's the laws in the US. You can sue pretty much over anything. One thing that isn't mention is the reward that is sometimes given out. Sometimes its a few thousands (like the thief who was electrocuted) sometimes it's a dollar. The judge/jury awards things based on what they feel is right and what is felt to be deserved. No system is perfect. One thing that they have here in Canada that seems to limit some of that is the ability of the "criminal" to "profit from the crime". It's not allowed. I wonder if that's why in Canada we don't see that much litigation by criminals against their victims unlike in the US.

I don't know if removing government from cyberspace will help. It would be better if they asked us or got the community involved. One bad case and those laws will be removed. I find that a lot of the laws coming out of the US right now are "reactionary" laws to an already paranoid system. If we didn't have trespassing laws, you couldn't charge someone with breaking into your computer. If we didn't have someone watching the activities of some of our members, we'd have more child porn and more "stalkers". What we need is more balance in regards to the involvement of government in cyberspace. Attempts to control it so that you can catch the "bad guys" won't work.

[bballad]

There seems t obe a lage belife here in fake lawsuits.
Check out the legal link on this page http://66.165.133.65/
No criminal has gotten money from hurting himself while commiting a crime...and the US has laws that keep a crimianl from profiting in any way from his crime. Of the other suits that where mentiond the only one that was real and that the company being sued lost was the McDonalds coffe case. That case was not frivolus McDonlads new for a long time that their coffe was dangerously hot and finaly ran into a person that wouldn't take soem free food to shut up about it.

That being said, if some one breaks the law by hacking into your system and you catch them in your honey pot they cannot sue you or get of on entrapment claims (well they can sue you but they will lose the case and be hit with the court fees ect.)

[zigzag_8336]

Operating a honey pot? What has this world come to?

[Lv4]

Originally posted here by bballad
There seems t obe a lage belife here in fake lawsuits.
Check out the legal link on this page http://66.165.133.65/
No criminal has gotten money from hurting himself while commiting a crime...and the US has laws that keep a crimianl from profiting in any way from his crime.

I know it's a bit off subject here, but I thought I would weigh in on that quote.

There is currently a case here in the San Francisco bay area where a criminal is suing because he got shot twice while attempting to rob a convenience store. He says that "deadly force" wasn't needed and that he's been psychologically scarred from the event. He also says he suffers from nightmares because of it. He was injured during the criminal activity... and no, this isn't an Urban Legend, this is something the news has been talking about for the past few days.

I'll see if I can find a link to that today and will post it here... FWIW KTVU is the one that I have heard reporting this, I even heard them talking about this before I came in to work this morning.

[bballad]

Originally posted here by Lv4


I know it's a bit off subject here, but I thought I would weigh in on that quote.

There is currently a case here in the San Francisco bay area where a criminal is suing because he got shot twice while attempting to rob a convenience store. He says that "deadly force" wasn't needed and that he's been psychologically scarred from the event. He also says he suffers from nightmares because of it. He was injured during the criminal activity... and no, this isn't an Urban Legend, this is something the news has been talking about for the past few days.

I'll see if I can find a link to that today and will post it here... FWIW KTVU is the one that I have heard reporting this, I even heard them talking about this before I came in to work this morning.

Let me know who that one comes out.. Unfortunately once a gun is involved you enter a gray area, where each state is a little different. Here in IL I can shoot someone who has broken into my house/business with no warning, in Indiana you must yell out I have a gun before you shoot them. This also changes if the robber also had a gun if he dose then it is legally assumed he had intent to kill you so any action you take is self-defense.

Dose any one know a Lawyer we can bring in on this, all of my info comes from personal reading verified by a friend who is a lawyer in environmental law what we need is input from a prosecutor or criminal defense attorney.

[TSeNg]

If you bloat about you have a honeypot, and INTISE the intruder, then while they hack it you report them, then YES its not legal, its entrapment. But if its there, and you just have it there for whatever means then no. its perfrectly legal.

[bballad]

Originally posted here by TSeNg
If you bloat about you have a honeypot, and INTISE the intruder, then while they hack it you report them, then YES its not legal, its entrapment. But if its there, and you just have it there for whatever means then no. its perfrectly legal.

Unless you are a member of a law enforcement or federal agency it is not entrapment. There is no way a private citizen can commit entrapment, it just isn't possible the entrapments laws specifically mention government official/law enforcement official.

*YOU MUST HAVE LEGAL ATHORITY TO COMMIT ENTRAPMENT*

you will not go to jail/get fined for busting a hacker for breaking in to your honey pot...nor will you infringe on his privacy as it is a private system he has no rights.

[jackal_usa]

Over the past two months, my organization has been using a honeypot for research. It's disguised as a "normal" system, as the entire purpose of a honeypot is to act like a normal system. Going back to the Indiana law, where you have to yell "I have a gun" before you fire, an "authorized users only" banner on our honeypot should cover us, right? After all, once you go past the banner, you're legally trespassing.

The thought of having our own system's capabilities rendered useless in court is sad.