Hacker vs. Counter-Hacker — a Legal Debate

Freddybear writes "If your computer has been cracked and subverted for use by a botnet or other remote-access attack, is it legal for you to hack back into the system from which the attack originated? Over the last couple of years three legal scholars and bloggers have debated the question on The Volokh Conspiracy weblog. The linked webpage collects that debate into a coherent document. 'The debaters are:

• Stewart Baker, a former official at the National Security Agency and the Department of Homeland Security, a partner at Steptoe & Johnson with a large cybersecurity practice. Stewart Baker makes the policy case for counterhacking and challenges the traditional view of what remedies are authorized by the language of the CFAA.
• Orin Kerr, Fred C. Stevenson Research Professor of Law at George Washington School of Law, a former computer crimes prosecutor, and one of the most respected computer crime scholars. Orin Kerr defends the traditional view of the Act against both Stewart Baker and Eugene Volokh.
• Eugene Volokh, Gary T. Schwartz Professor of Law at UCLA School of Law, founder of the Volokh Conspiracy, and a sophisticated technology lawyer, presents a challenge grounded in common law understandings of trespass and tort.'"

Retaliation

[Anonymous Coward]

Is there any way to know if you're retaliating against the correct target?

Re:

[FriendlyLurker]

Is there any way to know if you're retaliating against the correct target?

Does "hack back into the system from which the attack originated" == "retaliating against" or is it merely investigation into the perpetrators?

Considering many bot nets are state run (think wikileaks take-downs) Id venture that the answer official will always be "No, do not investigate [our possible] botnet activity"

Re:

[Onymous Coward]

Does "hack back into the system from which the attack originated" == "retaliating against" or is it merely investigation into the perpetrators?

If going into another's system is intruding on someone's privacy (regardless if it's a "guilty" party) it is not investigation without impact.

Re:

[newcastlejon]

Is there any way to know if you're retaliating against the correct target?

Does "hack back into the system from which the attack originated" == "retaliating against" or is it merely investigation into the perpetrators?

That depends. Are you only looking?

Re:

[Onymous Coward]

This concern is one of the fundamental issues to consider in discussing philosophy of "violence". Another is what degree of force is appropriate.

Thinking on these things and recognizing that people make mistakes in both action and perception, and that people often have a tendency to perceive malice from others, it seems that there's a positive bias for violence. That is, "violence begets violence".

Similarly to how servers on the net should be conservative in what they do, liberal in what they accept [wikipedia.org], and

Re:Retaliation

[utkonos]

10 times out of 10, if you hack into the system where the attack is coming from, you will be hacking into a system owned by an innocent third party that was also hacked. You are then violating that party a second time. Lets take a more concerning scenario: You discover an attack that is originating from a competitor. You hack back into their system. This situation can only end badly. First, if they were responsible you have now spoiled evidence. Second, if they are not responsible and were also hacked as a jumping off point, you now have hacked into a competitor's system and compromised them. You should now have to pay damages because they have not way to tell that you didn't steal their corporate secrets while you were there in their system.

Re:

[LordLimecat]

Better question, does "correct target" have any meaning when the jury has not yet convicted anyone of hacking you?

As far as I am aware, most first world countries' legal systems do not allow the offended party to act as judge and jury.

Re:Retaliation

[Freddybear]

At least some of the argument in TFA assumes that the botnet's toolkit has itself been cracked and exploits are available making it possible to turn the tables on the botnet controllers. That may be a rather large assumption, even just for the sake of the argument.

Re:

[Smallpond]

Not easily. The commercial botnets typically use a command-and-control structure with various proxies or zombied hosts in between the attacker and the victim. Tracing or cracking one's way back through the botnet can often cause more damange to the intermediate hosts than the botnet is causing.

BS. What "damage" will it cause?

Re:

[MakerDusk]

Not easily. The commercial botnets typically use a command-and-control structure with various proxies or zombied hosts in between the attacker and the victim. Tracing or cracking one's way back through the botnet can often cause more damange to the intermediate hosts than the botnet is causing.

BS. What "damage" will it cause?

Chances are it's just another victim's computer. Since they're being used as a node, it would only be common sense for their to be a script that forcibly removes it from the internet so that you can't follow it to the next level. So by gaining access, you might trigger something that bricks another victim's computer. Why this is done? So that you can't get the IP that is controlling the node, and so that you can't appropriate the other computers that are being controlled by the node.

Re:

[tibman]

Damage to the botnet is "good".

Re:

[tibman]

If someone brought one of my machines down with a message "This machine was used in an attack on my network because it is part of X botnet." I would be angry. Angry that i was in a botnet, not that someone sought to fix it. Though that is just me : )

I've only been rooted once (that i've been able to discover). Around 2003 i installed a redhat box from disc (big mistake) and left it unpatched for a few days. Went in to patch it and found a shitstorm of garbage installed on it. Traced it back to an ssh

Vigilante Justice

[Anonymous Coward]

Is vigilante justice legal? No. Is self defense legal? Yes. What is what? Depends on the judge.

Re:Vigilante Justice

[hobarrera]

This isn't really self defense; your actions didn't PREVENT harm from ocurring to you, this was rather vendetta: he did X to me, I did it back.
I don't think this should be legal, because it could escalate into cyber-wars. Much like you can't steal something that was stolen from you in the first place - you can't take justice into your own hands.

Re:

[BronsCon]

If the retaliation occurs after the fact, this is correct; however, if the retaliation occurs while the instigating attack is ongoing, you are preventing [further] harm by putting an end to the offending party's ability to attack. That's textbook self defense [which does allow for use of nonlethal force and destruction of the means used to carry out the attack in cases where one is defending their property].

Re:

[hobarrera]

Yes, but closing the port is enough to stop him.
This is akin to shooting someone's head of, when you notice he's walking towards an open window - closing the window would have been enough.

Re:

[BronsCon]

So if I'm hosting a service for others (who are authorized) to access, please explain how closing the port is an option?

Re:

[BronsCon]

In retrospect, I realize the above reply might not make my point effectively. Let's roleplay:

I'm hacking Slashdot's servers right now. I'm doing so by exploiting the HTTPd they are using. Let's just have them close port 80 to stop me, right? If that was the correct and reasonable response, I could take out half the internet in a day.

Re:

[AmiMoJo]

Depends. If they are DDOS'ing your connection by shear volume of traffic merely closing the port will do nothing. That data is still going to come down your pipe and choke you connection, even if your firewall drops the packets.

You also have to consider that closing the port might be expensive for you. What if it is running some vital service your company needs, like email?

Re:Vigilante Justice

[Firethorn]

The problem here is that self defense is legal in context of preventing harm to yourself - typically this means your body. You're not allowed to attack somebody for busting up your car with a hammer, for example.

Except for their lagging behind, as far as I'm concerned any retaliatory measures should be done by the police, or if the attack originates in a country that doesn't cooperate with your police, the military.

IE You're in the USA:
hack comes from within the USA - FBI, ie federal police. If if comes from next door, local police
Hack comes from, say, Australia - The FBI contacts their counterparts there and the investigation continues
From a country without formal legal agreements - Interpol assists
From a hostile country, such as North Korea? Military, maybe.

Re:

[ILMTitan]

That is not true. You are allowed to use degrees of non-lethal force (such as a fist) to defend your property.

From the Wikipedia article on self-defense:
"The ownership and possession of property confer a certain right to defend that possession, [including] a defense of it which results in an assault and battery, and that which results in the destruction of the means used to invade and interfere with that possession."[4]
People v. Kane, 131 N.Y. 111 (142 N.Y. 366, 37 N.E. 104)

Re:

[Firethorn]

That is not true. You are allowed to use degrees of non-lethal force (such as a fist) to defend your property.

I don't know about you, but I'm not going up against somebody with a hammer with my bare fists. Even then the police recommend calling them over intervening.

Re:

[Tastecicles]

when seconds count, the police are only minutes away.

Someone is in my home uninvited, they are trespassers intent to do harm to those who are authorised to be in my home. I will use whatever means at my disposal to stop that individual.

He left his rights at the threshold.

Re:

[Tastecicles]

I think someone's reading comprehension is shot to hell. My situation play STARTED: Someone is in my home uninvited, they are trespassers intent to do harm to those who are authorised to be in my home.

Try again.

Re:

[jhoegl]

I disagree, being hacked is a psychological attack on a person, and therefore can be defended against.

Re:

[Firethorn]

As the AC mentioned, that leads to you being able to use force against a fraudster, which in the real world would land you in prison along with him.

For that matter, robbing your house could be considered a psychological attack compared with hacking a computer system.

My core point was that counter-hacking can't be considered under the same context as self-defense statutes, because generally speaking there's nobody's body on the line.

Re:

[AK Marc]

In Texas, if someone is letting the air out of your tires (at night), you may shoot them in the back (some restrictions may apply).

Also, most places (not just Texas) allow for a reasonable response. You are allowed to raise your arms to attempt to deflect an incoming blow, even if that block causes the attacker harm. The attacking the body analogy you used is inappropriate, as you noted they aren't attacking your body, but you aren't attacking their body back. A better analogy is that if someone is smas

Re:

[Firethorn]

You misunderstood me. Murderface proposed using self-defense clauses to excuse the counter-hacking. I disagreed - you're only allowed to commit harm, legally, in self defense. This doesn't qualify as self defense, because there's no bodily harm involved.

Thus raising your arms to deflect a blow, or even raising a metallic object to help block at the cost of your attacker's hand is perfectly legal - because blocking the blow is blocking injury, and you're allowed to use force in that case anyways - you'd b

Re:

[AK Marc]

I don't think murderface was implying that the self defense literally, but the spirit of the law. If you "attack me", then, under the "self defense" doctrine, I'm allowed to respond with corresponding force to halt the attack. If you are attacking my property, then I should be able to respond with corresponding force to halt the attack.

It makes sense to me, but the law has little comprehension of an attack on property, as usually people don't damage things for fun.

Re:

[AK Marc]

In fact, it's a car which is being stolen each night and belongs to someone who is completely unaware it's being used for that purpose.

You left out the fact that the car is being left unlocked with the keys in it, and the owner doesn't "know" it's stolen each night, but it's always returned empty.

Re:

[AmiMoJo]

From a hostile country, such as North Korea? Military, maybe.

So if Anonymous hacks Iranian servers that would justify Iran sending a few missiles our way? Or if a random Israeli hacker hits some Iranian sites that makes their country a valid target too?

Hacking is rarely done at state level, so military force is extreme and almost certainly unlawful.

Re:

[Firethorn]

So if Anonymous hacks Iranian servers that would justify Iran sending a few missiles our way? Or if a random Israeli hacker hits some Iranian sites that makes their country a valid target too?

Believe it or not, but Iranian police DO cooperate to some extent with US and European police. There's a reason I stuck a 'maybe' on military action at that point and listed North Korea. It's also a diplomatic issue now that I've been away from it for a bit. Basically, the military is the only force

Hacking is rarely done at state level, so military force is extreme and almost certainly unlawful.

Did you know that the DoD is now has cyberwarfare divisions? I wasn't necessarily suggesting a missile strike, that was all on you. The point I was trying to make is that you work with the police whenever po

Re:

[Firethorn]

'Except for their lagging behind'. I'm aware of the difficulties. I just think that we need to solve that rather than go vigilante. Legalize drugs, retrain/retire & replace the vice departments and put them to work fighting identity theft, botnets, computer hacking, and such.

Robber vs Counter-Robber

[ryanmc1]

Just change it to this
""If your house has been robbed, is it legal for you to break into the other persons house and steal your stuff back?"

Re:

[russotto]

Just change it to this
""If your house has been robbed, is it legal for you to break into the other persons house and steal your stuff back?"

Doesn't help; that's not a simple question either. The answer is sometimes and in some places yes, other times and in other places no.

Personally I'm all for self-help because the courts are useless for actual redress of small grievances; by the time you've gotten through the process, you'll have cost yourself more than letting the issue pass, and likely have lost anywa

Re:

[Sarten-X]

A question of legality depends heavily on the location, time, and far more other circumstances... let's reduce it to morality, instead.

On the one hand, you have "an eye for an eye", where it's allowed to return in kind any grievance, such as a hack's damage to one's reputation and possible loss of control over one's identity. On the other hand, you have "two wrongs don't make a right", where it's best to let society's authorities deal appropriate punishments to serve justice, and everyone leaves unhappy, bu

Re:Robber vs Counter-Robber

[Fnord666]

Throwing a computer into the mix and using new words doesn't change the underlying philosophical debate, and certainly won't ever bring it to an end.

True, but apparently it does mean that I can patent it!

Re:

[Sarten-X]

As with most ideas in the Bible, the original concept goes much farther back. The specific "eye for an eye" law dates to as early as 1700 BCE [wikipedia.org], and the philosophy of reciprocal justice is likely older still.

Of course, the Bible contradicts itself as well, and in other places says that absolute restraint is the preferred resolution of conflict (turning the other cheek, giving one's robe, and other such verses). This notion also dates even further back, as early as ancient Egypt's concept of the goddess Ma'at,

Re:

[Bengie]

A house is just property, a computer can be a proxy of one's self and actually do actions on your behalf. It's more like a person attacking you and fighting back at that person that someone breaking into your house then you breaking into their house.

Re:

[Neil_Brown]

""If your house has been robbed, is it legal for you to break into the other persons house and steal your stuff back?"

As long as you do not cause damage, it is probably not a criminal offence under English law; it is more likely to amount to trespass, which is a tort. If the thief wishes to sue you, he /she is welcome, and I doubt a court would look favourably on it.

Re:

[DriedClexler]

Oooh! Analogy refinement! I like this!

He's my first improvement:

"If you detect someone robbing your home, is it legal for you to follow them back to where they came from and place a bad-luck curse on it that residence/business that causes all kinds of things there to go wrong?"

[assuming such curses are possible]

Re:

[AK Marc]

If someone is breaking into your house and you see their car parked outside, and it's otherwise illegal to place a GPS transmitter on someone else's car, can you place a GPS transmitter on their car to help determine their identity and contact information so you can help enforcement against them?

Re:

[Zadaz]

An alternate analogy with a completely different answer:

If you're being physically attacked, is it legal for you to use physical force to defend yourself?

(Or should you only be allowed to use purely defensive measures and call the cops, who will do nothing.)

Re:

[Anonymous Coward]

No, the analogy is good, you're reading it too literally. The question is not whether hacking equals robbing, but whether being wronged gives you authority to retaliate in the same way against the other party, regardless of the actual way you've been wronged. This is something that most legal systems in the world usually explicitly disallow: if an act is against the law when done against you, it is still against the law if you do it in retaliation against the offending party.

Control is lost

[Sarten-X]

Control is taken, and usually cannot be recovered. Control over one's identity is extremely valuable, as maintaining that control allows one to also maintain control over one's finances and reputation, and in turn that affects one's control over the record of their history, which can heavily influence later abilities.

Re:

[icebike]

Control is taken, and usually cannot be recovered. Control over one's identity is extremely valuable, as maintaining that control allows one to also maintain control over one's finances and reputation, and in turn that affects one's control over the record of their history, which can heavily influence later abilities.

Clearly.

But counter attacks do nothing toward maintaining said control.
Once your dark dirty secrets are out in the open, all the attacks in the world won't put the Genie back in the bottle.

Re:

[icebike]

*Even in the case where something is taken, it's just copied, not removed from your possession. You can't break in and 'get your stuff back' because it was never taken away. And you also can't break in and erase it because it's been copied since.

There are documents/data items where mere possession constitutes a huge advantage for the attacker.
Not everyone is out to steal your porn collection.
(Trade secrets, bank accounts, computer code, hidden treasure maps, what ever).

In such cases the counter attack is not designed to "take back", but rather identify the attacker such that you can
take steps to prevent the use/sale of such information.

Like unringing a bell, failure to do this very quickly pretty much obviates the need to do it at all. Once your t

Re:

[hobarrera]

Ok then, let's put it this way:

"If someone breaks into your house and uses your living room to have dinner, is it legal for you to go over to their house and do them same."?

Re:

[AK Marc]

So I should disconnect my wife from the Internet-connected Rape-o-tron?

"Take em' down", I say!

[patchouly]

I look at it as using "reasonable force" to end an attack. If someone is hacking your computer, you have the right to get in there a mess up their computer, to protect yours.

Re:

[Anonymous Coward]

That's not reasonable force when the alternative is to block the act through some other non-aggressive means. And as the AC poster above suggests, you don't know you are retaliating against the correct target.

Re:

[AK Marc]

You can end the attack at any time by pulling the plug on your computer (Ethernet or power, either works). So attacking someone else is not required to end the attack.

Re:

[hobarrera]

This is too extreme. That's like saying "I can prevent people from stealing my golden watch by leaving it at home".
Closing the appropiate ports may be saner.

Re:

[BronsCon]

And when you come back online? You need to make them stop or, well, they're not gonna stop.

Re:

[hobarrera]

Closing the port they're using to access your computer(s) is way easier. Attacking them is actually aggressive.

....on the gripping hand

[russotto]

How can I possibly be responsible if conflicting botnets are duking it out through my thoroughly pwned computer? That's my story and I'm sticking to it.

Legal? Probably not.

[roc97007]

Moral? An argument could be made.

No

[dcollins117]

"If your computer has been cracked and subverted for use by a botnet or other remote-access attack, is it legal for you to hack back into the system from which the attack originated?"

Heavens, no. It is not. Next question.

The trouble with analogy

[Animats]

The legal arguments are interesting. It's amusing to see lawyers struggle with reasoning through analogy. They're trying to hammer property law, trespass law and assault law into covering this, and it's not working.

In almost all modern online attacks, the immediate source of the the attack is a machine owned by an innocent third party. While this is common online, it is a rare situation in the physical world. It can come up in auto repossessions where the repossession was not legally authorized, the repossession agent reasonably believed that it was, and the vehicle owner resisted. Most states have specific laws in that area, and repossession agents are limited in what they can do. [westcoastbk.com]

Let's do some comparisons

[davidwr]

If someone steals your car and drive it to land they own, do you have the right to trespass onto it to get your car back? If you see them driving it away in a tow truck, do you have the right to shoot out the tires of the tow truck if you can do so without causing losses to third parties? Do you have the right to shoot the driver of the tow truck? If the car thief is driving your car away, do you have the right to shoot out the tires if it won't damage third parties? Do you have the right to shoot the d

Re:

[Neil_Brown]

If someone steals your car and drive it to land they own, do you have the right to trespass onto it to get your car back?

Perhaps a fussy point but, if you have a right to be on the land, you cannot be trespassing. Even if you did trespass on the land, what is the likelihood of a court finding that you were trespassing and, even if it did, what would the likely measure of damages be?

Re:

[Tastecicles]

ok. If you force a gate to recover your illegally taken vehicle, you could be done for trespass, which would be mitigated by your intent to recover "your" property. I used quotes because you don't actually own that vehicle, the DVLA does (in the UK). When you register that vehicle, you get a form back (registration document) describing the vehicle, and describing you as the "RESIGTERED KEEPER". You do not own the vehicle, you just signed over title and ownership to a corporation; you are responsible for mak

Re:

[tompaulco]

Even if you force the gate, it is not trespass. They invited you onto their property by acquiring and stowing your property on it without your permission. In order to recover your property, you obviously have to gain entry to that property.

Re:

[Tastecicles]

sorry, you are incorrect; it is trespass. That your property is on their land is incidental but may be a mitigation.

Re:

[tompaulco]

Well, I wasn't speaking from a legal perspective. From a legal perspective of course it is trespass because you are a normal law abiding citizen and they would much rather arrest you for a crime than the possibly armed bad guy who stole your stuff. But from a moral perspective, it is definitely justified to thwart whatever barriers they have put up between you and your property.

Re:

[Tastecicles]

I entirely agree, although of course the Law knows no moral compass. A thing is or it isn't.

Re:

[Neil_Brown]

For a trespass claim to work there HAS TO BE a PHYSICAL barrier to entry.

That's not my recollection of things, but I can't find anything to help either way — do you happen to have a link / citation?

Re:

[RobertLTux]

thats when you flag down the nearest Disco Car and explain things quickly then they can have more Disco Cars help as needed so the guy can be fitted for nice Shiny Bracelets.

...What a Stupid Question.

[bistromath007]

Of course it isn't. The only time something that's normally a crime isn't is when violence is self-defense. Absolutely nothing else in our system of law has a "he started it" defense. Leaving aside that no judge is going to accept that hacking is violence without legislative action that will never happen, the normal standards of self-defense could still never apply. Given that you can't know you've been hacked until after it's done, it would instead be retaliatory, which is naughty.

Some people above are debating whether stealing stolen stuff is a crime. The answer is: it's not stealing. That is still your stuff. If somebody grabs your shit right off your person, that's also assault, so you're free to tackle them to get it back. If they steal it off a table or something, you might have more of a problem; you're still not stealing, but depending on where you live and whether the prosecutor's got a bug up his ass, using force to retrieve your stuff might get you in trouble. Same for carjacking your stolen car, and if you don't somehow do it the same time it happens to you, I imagine using a gun like that would at least get you arrested anywhere, in court anywhere but Texas, and convicted anywhere north of the Mason-Dixon line.

The larger point here: hacking is not exactly the same as assault, theft, or trespass, and applying the same logic to it is something almost any good judge would refuse to do for fear of unintended consequences. For instance: since you don't know who's hacking you until you've checked them out, if you counter-hack them, you might wind up hacking the police. That's kind of a good thing from a civil rights standpoint, as it means they are on the same level as us, bound by the same natural consequences of their actions, but hacking the police would only be legal in a goddamn utopia. Furthermore, counter-hacking might theoretically lead you to the wrong person if you're not as skilled as your attacker. While this is not the reason trespass is illegal, one can easily imagine trying to steal your stuff back and getting the wrong house, and that's when you're looking for a physical location which you know is associated with a specific person. With counter-hacking, you're looking for a computer somewhere which may or may not belong to your attacker which may or may not have PID stored that is legitimately associated with said bastard.

So, the whole argument boils down to this: hacking is hacking. It is not other activities, and cannot be usefully treated as similar to other crimes. The closest other thing is wiretapping, and nobody asks if it's okay to do that in a retaliatory fashion. Because of historical computer culture stuff, it might be argued that hacking shouldn't always be illegal, but currently it is, so that is the very obvious answer to the original question of this article. They should've been asking "should counter-hacking be legal," and because of the potential for harm to uninvolved third parties, I am kind of surprised to find myself saying that it should definitely not be. Counter-hacking should never happen without a warrant, and evidence gathered by it needs to be scrutinized very closely to make sure the right guy is caught.

Re:

[bistromath007]

Your ability to not-read what I wrote and still read a whole bunch of extra words into it is a truly astonishing talent. I can tell that you didn't really read it due to one simple error: when I talked about self-defense, you failed to notice that I said nothing else has a "he started it" defense. With the exception of "fighting words," which is a very weak defense where it exists, and defense of property, which is explicitly not a defense in more backward locales, everything you mentioned in your tirade wa

Re:

[Tastecicles]

Assault is (basically) when I do something that would cause a reasonable person to fear for their safety of body, and posess the means to carry through with it. Basically -- it's when I draw my fist back threatening to punch you, but not the actual punch itself -- although if I do punch you, you almost certainly reasonably fear for your safety.

Wrong. Common assault is the unwanted contact of any part of one person's body with any part of another person's body no matter how violent or incidental. Offences Against The Person Act 1861 and section 39 of the Criminal Justice Act 1988. I could swat a bit of dandruff off your shoulder or tap your elbow to get your attention. If you're having a bad day you could press charges for common assault and they would STICK. The second an incident of contact causes bruising or swelling or draws blood, then it's a

Simple question

[Todd Knarr]

"If someone breaks into my computer system, is it legal for me to break into his?". OK, rephrase it: "If someone breaks into my house, it is legal for me to break into his?". Answer the second, you've answered the first.

Re:

[Neil_Brown]

If someone breaks into my house, it is legal for me to break into his?

Illegal, no, but potentially something for which the aggrieved party could sue you if s/he could prove damage? (From an English law point of view.)

Re:

[AK Marc]

The fuzzy issue is that his break-in into your house was burglary, but your break-in is not. Why not? Because part of the definition is that you must be doing something otherwise illegal, or else it's just simple trespass. And simple trespass isn't so simple if you remove the breaking-in component to clarify the situation.

If you followed the burglar home and he placed all your stolen items in his back yard, behind an unlocked gate with a "no trespassing" sign on it, is it illegal for you to enter the ya

Re:

[Tastecicles]

if you have to move the gate to gain entry then it's trespass. If you are trespassing to recover your own property then it's still only trespass. The only burden on you is to prove a: that the gate was ajar if you are going the whole hog, and/or b: that the stolen property is yours. If you can do b to the criminal standard (produce receipts, photographs and/or insurance documents), then chances are that the trespass charge against you would be dropped anyway.

Re:

[AK Marc]

Looking at the law in TX and AK, moving a gate is irrelevant to whether it's trespass.

Re:

[Tastecicles]

I refer to the Common Law definition of trespass, which is to gain entry by moving a barrier or forcing a barrier.

Re:

[AK Marc]

I referred to the actual law definition of trespass, which is being where you know you aren't allowed.

irrelevant in the most cases

[allo]

in most cases you do not have a chance to successfully "hack back" anyway. The typical hacker victim is much more vulnerable than the typical hacker himself.

MITM

[gmuslera]

The one in the middle with no clue on security will be used by the bad ones and destroyed by the good ones? Odds are high that you will hit an innocent (or at least, clueless) bystander. From his point of view, both sides are evil ones.

In the other hand, **AA may not hack, but instead sue those people serving as proxy, maybe attacking them will prevent far bigger economical damages if they get sued (and that, without going to the "intelligence" agencies that could attribute to such proxies as originators

How about a case study from the early 2000s

[dpidcoe]

Back when highspeed internet wasn't as ubiquitous as it is today, I remember a friend on IRC who owned a computer shop telling me some stories of counter hacking. I have no idea how legit the following story is since I wasn't actually there for any of it, and I'm fuzzy on a lot of the details since it was related to me nearly 10 years ago. Despite all that, I think it has some relevance in that it's an easy target to pick specifics from and discuss them, rather than having to rely on sketchy car analogies

He

Re:

[Arancaytar]

unless that person is a proven murderer. Then, a normally illegal act is legal.

Try getting out of a murder conviction by telling the judge your victim was a proven murderer, so killing the victim was legal.

See how that works out.

Re:

[PPH]

Depends on the circumstances (and jurisdiction). The 'proven murderer' isn't the key*. What is important is whether you reasonably felt your life or property (or those of a bystander) to be in immediate jeopardy. If so, open fire, or take whatever measures are necessary to stop the threat. It tends to work out fine in most places in the USA.

*You can't reasonably be expected to know an attacker's state of mind or criminal history.

Re:

[Smallpond]

If the guy was in the act of murdering your family I'd say it would work out pretty well. Don't forget that the purpose of the reverse hacking is to stop a crime in progress.

Re:

[FatdogHaiku]

Is it legal for you to steal your stuff back from a robber?
Can you carjack a carjacker if (s)he is driving your car?
Same applies here

Doesn't this concept validate everything the *IAA does in attempting to control use of their "IP"?
If MY 0's and 1's are steal-able stuff then THEIR 0's and 1's are the same...
Not real wild about that idea.

Re:

[Neil_Brown]

If MY 0's and 1's are steal-able stuff then THEIR 0's and 1's are the same...

The difference, to my mind, is that theft applies to property (at least, it does under English law), and I'd argue [slashdot.org] that a 0s and 1s are not capable of being property. Their order may be capable of protection, as copyright, but, in this case, it is the copyright which is owned, not the underlying sequence of bits.

Re:

[FatdogHaiku]

I would tend to agree with you about the theft issue. But it still leaves the whole "ownership of information" in the murk. If I had the right to pursue someone digitally back to the system used to copy "my" data (i.e. "my IP") and then possibly take action against what I deem to be the offending system, what kind of power would that convey to any commercial rights holder seeking the source of, say, shared files? To my mind, the concept of justified retaliatory action is not even a slippery slope, it's a c

Re:

[Neil_Brown]

what kind of power would that convey to any commercial rights holder seeking the source of, say, shared files?

I'm not sure I understand your question, unfortunately — it seems like an interesting one to consider so, if you happened to think of another way of asking it, please do post back!

Re:

[Neil_Brown]

Is it legal for you to steal your stuff back from a robber?

Under English law, you cannot steal something which belongs to you — theft [legislation.gov.uk] is the dishonest appropriation of property belonging to another with intention to permanently deprive.

Re:

[Daniel Dvorkin]

But I'll bet breaking and entering is still illegal, even if the only reason you do it is to get your stuff back.

Re:

[Neil_Brown]

But I'll bet breaking and entering is still illegal,

I am not aware of a crime of "breaking and entering" under English law — it's possible that there is one which I have not come across, of course.

The nearest I know is the crime of burglary [legislation.gov.uk] — which is, in effect, trespass plus theft (or a number of other crimes, including rape and criminal damage, depending on whether the relevant intention is there). However, if the only act upon entering the premises is the removal of one's own property, the second part is not made out, so it remains just tr

Re:

[Tastecicles]

breaking and entering v., n. entering a residence or other enclosed property through the slightest amount of force (even pushing open a door), without authorization. If there is intent to commit a crime (of any description beyond the actual entry), this is burglary. If there is no such intent, the breaking and entering alone is common trespass.

I stopped a police officer cold on this. Told him he had three seconds to get the fuck out of my kitchen (I had just come in from work and found him there talking to

Re:

[Neil_Brown]

If there is intent to commit a crime (of any description beyond the actual entry), this is burglary

This isn't the case under English law — the crime must be one from a set list, which varies according to when the necessary intention was formed, for it to be burglary. (It looks like the example I use above of rape is incorrect too.) We agree, it seems, that, without this element, it's just a matter of trespass.

Re:

[tompaulco]

From a legal perspective, no it is not legal to steal your stuff back from a robber. If you can prove it is yours, then you can get the police to force them to give it back, but if you know it is yours and don't have proof, then you can be arrested for stealing it back, and since you are a normally law abiding citizen, and the person you stole from is a dangerous robber, the police would rather arrest you because you are not actually dangerous.
A guy a know had a bike stolen when he was a kid. He had the se

Re:Who cares?

[Daniel Dvorkin]

You may not have noticed this (yet) but nerds are not above the law. "Can I do this?" is obviously the first question a nerd should ask in a situation like this. "Will I go to prison for doing this?" should be a close second.

Re:Who cares?

[Smallpond]

"...No ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter." -- Nathaniel Borenstein

Re:

[newcastlejon]

You seem to be confusing nerds with lawyers.
*Rimshot*

Re:

[budgenator]

So if I was checking my Email, and found this phishing email in it specifically asking me to send information like name, address, social security number ect to them; would it be wrong of me to write a program that sends them a tetrabytes of names, addresses, social secrurity numbers, credit card numbers, all sliced and diced into uselessness?

Re:

[Sulphur]

So if I was checking my Email, and found this phishing email in it specifically asking me to send information like name, address, social security number ect to them; would it be wrong of me to write a program that sends them a tetrabytes of names, addresses, social secrurity numbers, credit card numbers, all sliced and diced into uselessness?

A good random number generator might be indistinguishable from one that does just that.

Re:

[tibman]

So, where are the internet cops?