All the latest UK technology news, reviews and analysis


RSA: Lawyers eschew "self-defence" hacking

28 Feb 2013
A gavel used at an auction

During a panel at this year's RSA conference judges and lawyers warned against companies taking the law into their own hands in cyberspace.

The presentation between judges and lawyers offered a mock trial between competing e-commerce firms. The trial was an attempt to illuminate the legality involved in cyber attacks based on self defence. It mirrored similarly cases involving Microsoft and botnet hosters.

The mock trial involved an e-commerce firm who discovered it was hacked. Telluria, as the firm was called, was able to trace the attack back to one of its competitors. The firm then spoke with its competitor, Nevia, who said it was not responsible for the attack.

Telluria eventually hired a third-party cyber security firm that was able to discover that Nevia had been hacked and the malware on its servers was attacking Telluria.

Following the investigation, Telluria brought the information to Nevia who reported that the firm was wrong and that it would do nothing to correct the issue. It was with that information that Telluria took matters into its own hands and removed the controller for the malware off of Nevia's systems.

Telluria's actions caused Nevia's operations to shut down and cost the firm millions in lost revenue. Nevia then took the case to court which set off the mock trial in full.

While no verdict was given in the case, much was discussed about the real world implications of similar cases. According to some on the panel, there is never a reasonable cause for actions similar to the ones performed by Telluria.

"I'm very sceptical of self-help. If I was general council I'd say that you shouldn't do that. Anytime you go down this road you don't know where it could lead," said Stephen Wu, partner at the law firm Cooke, Kobrick and Wu.

According to Wu, the best thing to do in cases similar to the one covered in the mock trial is to request a temporary restraining order (TRO) on the offending party. He said that requesting a TRO should offer a quick response time and lead to mediation between the two parties.

While Wu advised for a tempered response to an attack, fellow panelist Hoyt Kesterson reported that it was common practice for companies to take cyber security justice into their own hands 30 years ago.

The senior security architect at Terra Verde Services said that in the 1980s cyber vigilantism was common practice.

"In the '80s, before the law came to the internet, people took it on themselves to respond to attacks," said Kesterson during the panel.

The mock trial was similar in scope to what Microsoft does to takedown botnets. Redmond's current policy is to take over servers that are hosting botnets without the server owner's permission.

Microsoft instead takes over servers and tells the people involved to show up to court within 15 days for an explanation as to why it was shut out of its own infrastructure.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Law
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Junior Developer - Manchester - up to £25,000

Graduate Web Developer (C/C++, HTML, CSS, JavaScript...

Logistics Systems Project Manager - WMS

Logistics Systems Project Manager - Leading retailer...

Supply Chain Project/ Programme Manager

Supply Chain, Project Manager, Programme Manager, Consultancy...

Incident Manager - Birmingham - £400 - £500 per day

Incident Manager - Birmingham - £400 - £500 per day...
To send to more than one email address, simply separate each address with a comma.