Is Vigilante Hacking Legal?
Striking back at computers that are attacking a company or home network could be legal under federal nuisance laws, a technology-law expert said Thursday. Curtis Karnow, attorney for law firm Sonnenschein, Nath & Rosenthal, stressed during a speech at the Black Hat Security Briefings conference here that no court case has yet established precedent regarding the use of a limited counterstrike to stop Internet attackers, but that nuisance statutes appear to apply. “It has a lot of promise…if we can get the court to look at it,” Karnow said. “The law allows you to go in without permission and abate, or stop, the nuisance. You can even sue the malefactor for the expense of the abatement.” Nuisance laws allow the state and private individuals to file lawsuits aimed at ending activities deemed harmful to a community. They have been used to close buildings that house drug dealers and to shut down businesses, such as quarries that create excessive dust in a neighborhood. Karnow pointed to “self help” provisions that allow citizens to take action to mitigate an obvious nuisance as a way of dealing with intruders and so-called zombie servers. Under the law, the victim of an attack could conceivably shut down the offending program on the attacking server–even if the server belonged to someone else, he said. Karnow’s solution could give hope to system administrators whose networks are under attack and who have found that petitioning law enforcement agencies is both slow and frequently ineffective. Full Story