Researchers from the University of Mannheim in Germany and the Institut
Eurecom have reverse-infiltrated Storm by
deliberately allowing the botnet to infect a series of honeypots, bait
computers that were intended to be infected.
Those infected computers then sent out their own payload that had
incorrect instructions so the bots on the network did not get the real
instructions from the worm’s controllers. They documented it in this
It all sounds very Independence Day (no word on whether Jeff
Goldblum figured out how to do the hack) but it does raise a legal question:
Is it right to fight the hackers using the same dirty tricks they use?
The first instinct may be to cheer. Judging by the variety of reactions InternetNews.com received, it seems this is a debate that’s about as settled as Net Neutrality. Some say yes, some say no, everyone has a separate reason
“On the surface, a lot of people seem to think that’s a good idea,” said
Ken Dunham, director of global response and threat discovery for iSight
Partners. “But a lot of times when changes are made to a system, some
unexpected consequences take place. Suppose you remove it from a working
server and crash the computer, causing a significant outage?”
Dunham argued that the white hat hackers don’t always know what’s on the
other end. It could be some kid’s computer or a department server. It may be
infected with the Storm worm but if you bring it down, you face the music.
“When you do that, you enter into a liability scenario for which you might
be liable,” he said.
Extralegal cat-and-mouse games
However, attorney Jonathan Praed of the Internet Law Group said “it’s
happening today whether you like it or not. There are far more extralegal
cat-and-mouse games than people know. There are lots of countermeasures
being deployed that help to keep a lid on some of the malevolent activity
Praed said there are “good Samaritan” laws that will protect a person
who, for example, might be driving down the street, comes on an accident,
and tries to help, even though he or she may not be a doctor. He said white
hat hackers have asked up and down for some kind of similar safe harbor
“Every government authority looking at cyber crime has received requests
from white hats asking for safe harbor rule, asking for guidance of what
they can do and can’t do, and what remains the gray area,” he said.
The response has been minimal, with the main government concern being the
bad guys could pretend to be white hats and say they were gathering dirt and
about to turn it in. “Government is concerned it could provide plausible
defenses to bad guys to avoid liability. But that can be solved by the
subtlety of the safe harbor. Lots of rules can be put in place to
distinguish the bad guys,” said Praed.
Matthew Prince, president of Unspam, felt playing as dirty as the
malicious hackers could lead to an “arms race” that would only make the
problem worse. “Attacking consumers machines may stop a few nodes in a
botnet, but you are just transferring the costs to ISPs,” he said.
He also felt it didn’t fix the fundamental problem, which is that
individual PCs have become a battleground in botnet fights, and people have
to start securing their own computers better.
“I think one of the consequences of this type of a strategy is you aren’t
targeting the botnet operator, you are targeting individual PCs,” said
Prince. “To a large extent they are not aware that their machine has been
compromised. Merely going after those machines and swamping them … what I’m
not sure it does is get at the underlying problem of inadequately secured
In the end, it seems like the classic argument against vigilantism. “The
last thing we need is a bunch of rogue vigilantes out there attacking one
another. We’ve already got a bad situation and that could make it
increasingly chaotic,” said Dunham.
“The instinct has to be applauded at some level,” replied attorney Praed.