All the latest UK technology news, reviews and analysis

RSA: Lawyers eschew "self-defence" hacking

28 Feb 2013
A gavel used at an auction

During a panel at this year's RSA conference judges and lawyers warned against companies taking the law into their own hands in cyberspace.

The presentation between judges and lawyers offered a mock trial between competing e-commerce firms. The trial was an attempt to illuminate the legality involved in cyber attacks based on self defence. It mirrored similarly cases involving Microsoft and botnet hosters.

The mock trial involved an e-commerce firm who discovered it was hacked. Telluria, as the firm was called, was able to trace the attack back to one of its competitors. The firm then spoke with its competitor, Nevia, who said it was not responsible for the attack.

Telluria eventually hired a third-party cyber security firm that was able to discover that Nevia had been hacked and the malware on its servers was attacking Telluria.

Following the investigation, Telluria brought the information to Nevia who reported that the firm was wrong and that it would do nothing to correct the issue. It was with that information that Telluria took matters into its own hands and removed the controller for the malware off of Nevia's systems.

Telluria's actions caused Nevia's operations to shut down and cost the firm millions in lost revenue. Nevia then took the case to court which set off the mock trial in full.

While no verdict was given in the case, much was discussed about the real world implications of similar cases. According to some on the panel, there is never a reasonable cause for actions similar to the ones performed by Telluria.

"I'm very sceptical of self-help. If I was general council I'd say that you shouldn't do that. Anytime you go down this road you don't know where it could lead," said Stephen Wu, partner at the law firm Cooke, Kobrick and Wu.

According to Wu, the best thing to do in cases similar to the one covered in the mock trial is to request a temporary restraining order (TRO) on the offending party. He said that requesting a TRO should offer a quick response time and lead to mediation between the two parties.

While Wu advised for a tempered response to an attack, fellow panelist Hoyt Kesterson reported that it was common practice for companies to take cyber security justice into their own hands 30 years ago.

The senior security architect at Terra Verde Services said that in the 1980s cyber vigilantism was common practice.

"In the '80s, before the law came to the internet, people took it on themselves to respond to attacks," said Kesterson during the panel.

The mock trial was similar in scope to what Microsoft does to takedown botnets. Redmond's current policy is to take over servers that are hosting botnets without the server owner's permission.

Microsoft instead takes over servers and tells the people involved to show up to court within 15 days for an explanation as to why it was shut out of its own infrastructure.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club,, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Law
What do you think?
blog comments powered by Disqus

Microsoft Azure outage

Is cloud computing reliable enough for business yet?

Popular Threads

Powered by Disqus
Huawei Ascend Mate 2 with Android 4.3 Jelly Bean and Emotion UI

CES: Huawei Ascend Mate 2 video demo

We take a look at the Chinese phone maker's second 6in smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Business Analyst - Manchester - £45,000

IT Business Analyst - Manchester. A well-established...

Client Systems Support Analyst

Are you keen to help users make the most of their Information...

Telecoms Planner

What you will be doing: - Team management - Undertake...

Associate Professional / Project Management (PCA)

Locations: - Chorley - Banbury - Aldershot - London...
To send to more than one email address, simply separate each address with a comma.