All the latest UK technology news, reviews and analysis

RSA: Lawyers eschew "self-defence" hacking

28 Feb 2013
A gavel used at an auction

During a panel at this year's RSA conference judges and lawyers warned against companies taking the law into their own hands in cyberspace.

The presentation between judges and lawyers offered a mock trial between competing e-commerce firms. The trial was an attempt to illuminate the legality involved in cyber attacks based on self defence. It mirrored similarly cases involving Microsoft and botnet hosters.

The mock trial involved an e-commerce firm who discovered it was hacked. Telluria, as the firm was called, was able to trace the attack back to one of its competitors. The firm then spoke with its competitor, Nevia, who said it was not responsible for the attack.

Telluria eventually hired a third-party cyber security firm that was able to discover that Nevia had been hacked and the malware on its servers was attacking Telluria.

Following the investigation, Telluria brought the information to Nevia who reported that the firm was wrong and that it would do nothing to correct the issue. It was with that information that Telluria took matters into its own hands and removed the controller for the malware off of Nevia's systems.

Telluria's actions caused Nevia's operations to shut down and cost the firm millions in lost revenue. Nevia then took the case to court which set off the mock trial in full.

While no verdict was given in the case, much was discussed about the real world implications of similar cases. According to some on the panel, there is never a reasonable cause for actions similar to the ones performed by Telluria.

"I'm very sceptical of self-help. If I was general council I'd say that you shouldn't do that. Anytime you go down this road you don't know where it could lead," said Stephen Wu, partner at the law firm Cooke, Kobrick and Wu.

According to Wu, the best thing to do in cases similar to the one covered in the mock trial is to request a temporary restraining order (TRO) on the offending party. He said that requesting a TRO should offer a quick response time and lead to mediation between the two parties.

While Wu advised for a tempered response to an attack, fellow panelist Hoyt Kesterson reported that it was common practice for companies to take cyber security justice into their own hands 30 years ago.

The senior security architect at Terra Verde Services said that in the 1980s cyber vigilantism was common practice.

"In the '80s, before the law came to the internet, people took it on themselves to respond to attacks," said Kesterson during the panel.

The mock trial was similar in scope to what Microsoft does to takedown botnets. Redmond's current policy is to take over servers that are hosting botnets without the server owner's permission.

Microsoft instead takes over servers and tells the people involved to show up to court within 15 days for an explanation as to why it was shut out of its own infrastructure.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club,, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Law
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

FIX Network Analyst - URGENT - Financial Vendor, Degree, FIX

FIX Network Analyst - City of London - Financial Vendor...

Business Analyst - STP - Financial Services

Business Analyst - STP - Financial Services Business...

Solutions Architect

Grade: B1 Salary: £ 37,935 up to £ 41,793 with...

Computer Systems Manager

Computer Systems Manager Job Description: This...
To send to more than one email address, simply separate each address with a comma.