Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Use a Honeypot, Go to Prison?

CmdrTaco posted more than 11 years ago | from the sticky-situations dept.

Security 507

scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""

cancel ×

507 comments

Sorry! There are no comments related to the filter you selected.

FIRSET POST (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6017873)

You dont get FIRST POST by reading the articles. But this one smells like reactionary hippie bullshit.

Re:FIRSET POST (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6017891)

fuck you . zegond post ! that kicks first in the ass

Poodle Hat - Another Weird Al Classic! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6017881)

I only watched Will & Grace one time, one day, wish I hadn't cause now TiVo thinks I'm gay

Brilliant!

Re:Poodle Hat - Another Weird Al Classic! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6018143)

maybe you are. there's nothing to be ashamed off. man-love can me very rewarding. imagine masturbating your own and your partner's penises with one hand, or gently sliding your erect penis into another man's anus?

not to mention the fact you'll never need to stop hagin sex due to a woman's period or put up with the mood swings females are so prone to.

go to a gay bar and pick someone up. take some poppers with you, cos when you have botty sex for the first time there may be a little residual bleeding.

fioaosod-irst (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6017882)

20 seconds? If I type 70wpm, that's like, 20 25 characters. w00t.

oh no! (5, Funny)

fjordboy (169716) | more than 11 years ago | (#6017886)

I always knew that something bad would come of Pooh and his addiction...

Who knew that honeypots would lead to jail? I bet even Owl and Rabbit didn't know that!

What a bunch of Pooh (-1)

GhostseTroll (582659) | more than 11 years ago | (#6017924)

Taco Pooh.

Your Bowels Cleansed

Let me ask you this...which is worse:

A. The engine on your Lexus freezes up at 160,000 miles instead of 300,000. You take a financial hit and you are forced to buy a Camry this time.

B. You start bleeding during bowel movements. You go to the doctor and get poked, prodded, X-ray'd, biopsied, etc. 3 days later you get a call for a consultation. The doctor informs you that you have advanced colon cancer at 45 years old. You have anywhere from 6 months to 5 years left to live. He tells you it's time to get your house in order because you'll be checking out soon. Chemotherapy starts today.

A friend of mine who was a science and health researcher at the University of Chicago, just died this past year of colon cancer at 42. In the midst of the prime of his life, he said goodbye, and left his wife and child behind, wondering what just hit them.

Why do you brush your teeth? Are your teeth falling out right now? For most of us, we do it so we won't need false teeth and Fixodent down the road...right? We want to be able to eat apples. Hey, I agree with that. Natural teeth are great.

But have you ever seen someone who was forced to endure a colonectomy? Someone who now will be spending the rest of their life carrying a bag around?

Incredibly, this is an area where even the staunchest MD's AGREE with us!! Can you believe it? If they knew you had the greatest colon cleanse in the world, I bet they might even refer people to you. NO, I'm not kidding...

This subject is not even up for debate. It's a proven fact. The problem is, most people are not doing anything about it. Please don't be one of them.

****WARNING***** The next section of this email contains graphic
material which may not be suitable for squeamish individuals.

Let's talk stools.

The stool tells you a lot about your colon health. If it's dark brown in color, and it sinks, and it stinks, that's not good. And don't feel bad, that's the way most people are. What you want to see is light brown color, which means it's full of fresh bile from the liver, very mild odor, and a stool that floats. We're talking low-density here folks. The more compaction you have the darker the color and the faster it sinks. Compaction is not good. Also, moving bowels should be SIMPLE. If the veins are popping out of your neck and you feel like your doing the bench press, you NEED to cleanse your colon.

When you do the cleanse, for the first few days....things are a little weird. But you know you're cleansed when you see the above good stuff happening, and you are eliminating at least 2-3 times per day.

Cleansing your colon is a 30-day process. Its also very economical at under $50. You may be very surprised at some of the benefits you will receive besides just losing 1-5 lbs of cr*p from your body and brightening your future health.

People have reported more energy, less allergies, clearing of acne, cessation of migraines, and many other results, not to mention restored regularity. When your body is void of old, poisonous toxins that are constantly being reabsorbed through the colon walls, it can begin to heal again. And when the colon walls are clean, the good nutrients from your food and supplements can be absorbed again. You will be thrilled with the results.

At this point you are either nauseated thinking about what is inside your own colon, or you're ready to do something about cleaning it out.

Want more info? Click here and I'll send it to you, including instructions on how to take it. It is private, all natural, totally safe, inexpensive, and very effective. And yes, I have taken it myself.

Currently available only in the U.S. and Canada. Seeking Distributors to meet high demand.

cmdrtaco@slashdot.org?subject=SendColonCleanseIn fo

cmdrtaco@slashdot.org?subject=PleaseRemove

Please do not 'reply' to this email as we might not see your message. Please use the links above.

Re:oh no! (-1, Offtopic)

ramzak2k (596734) | more than 11 years ago | (#6017929)

what ? Pooh used honeypot to attract piglet ? I knew there there was something about gay relationship in those cartoons.

Re:oh no! (3, Funny)

I Am The Owl (531076) | more than 11 years ago | (#6017966)

I bet even Owl and Rabbit didn't know that!

Yeah, you can tell that to my cellmate, Bubba!

Re:oh no! (5, Insightful)

I8TheWorm (645702) | more than 11 years ago | (#6018028)

Does this mean I'll have to turn off my server logging, since it could quite possibly "monitor" an intruder?

Re:oh no! (3, Funny)

RealityMogul (663835) | more than 11 years ago | (#6018159)

No, you should have detailed logging on, and be keeping those logs for 100 years in case law enforcement needs to look at them, except in the cases when people are hacking your system, then you should turn off the logging.

Re:oh no! (5, Funny)

Just Some Guy (3352) | more than 11 years ago | (#6018155)

I am screwed. So screwed. My main server is kanga.honeypot.net, and my workstation is pooh. My wife's iMac is piglet, and my FreeBSD firewall is gopher. Save me a soft bunk in prison.

Quick! (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6017890)

Hide Winnie the Pooh!

Oh, the other kind of honeypot...

-T

Re:Quick! (0)

Anonymous Coward | more than 11 years ago | (#6018098)

suddap and hide da piglet

I've got a honeypot in my bathroom (-1)

GhostseTroll (582659) | more than 11 years ago | (#6017903)

Your Bowels Cleansed

Let me ask you this...which is worse:

A. The engine on your Lexus freezes up at 160,000 miles instead of 300,000. You take a financial hit and you are forced to buy a Camry this time.

B. You start bleeding during bowel movements. You go to the doctor and get poked, prodded, X-ray'd, biopsied, etc. 3 days later you get a call for a consultation. The doctor informs you that you have advanced colon cancer at 45 years old. You have anywhere from 6 months to 5 years left to live. He tells you it's time to get your house in order because you'll be checking out soon. Chemotherapy starts today.

A friend of mine who was a science and health researcher at the University of Chicago, just died this past year of colon cancer at 42. In the midst of the prime of his life, he said goodbye, and left his wife and child behind, wondering what just hit them.

Why do you brush your teeth? Are your teeth falling out right now? For most of us, we do it so we won't need false teeth and Fixodent down the road...right? We want to be able to eat apples. Hey, I agree with that. Natural teeth are great.

But have you ever seen someone who was forced to endure a colonectomy? Someone who now will be spending the rest of their life carrying a bag around?

Incredibly, this is an area where even the staunchest MD's AGREE with us!! Can you believe it? If they knew you had the greatest colon cleanse in the world, I bet they might even refer people to you. NO, I'm not kidding...

This subject is not even up for debate. It's a proven fact. The problem is, most people are not doing anything about it. Please don't be one of them.

****WARNING***** The next section of this email contains graphic
material which may not be suitable for squeamish individuals.

Let's talk stools.

The stool tells you a lot about your colon health. If it's dark brown in color, and it sinks, and it stinks, that's not good. And don't feel bad, that's the way most people are. What you want to see is light brown color, which means it's full of fresh bile from the liver, very mild odor, and a stool that floats. We're talking low-density here folks. The more compaction you have the darker the color and the faster it sinks. Compaction is not good. Also, moving bowels should be SIMPLE. If the veins are popping out of your neck and you feel like your doing the bench press, you NEED to cleanse your colon.

When you do the cleanse, for the first few days....things are a little weird. But you know you're cleansed when you see the above good stuff happening, and you are eliminating at least 2-3 times per day.

Cleansing your colon is a 30-day process. Its also very economical at under $50. You may be very surprised at some of the benefits you will receive besides just losing 1-5 lbs of cr*p from your body and brightening your future health.

People have reported more energy, less allergies, clearing of acne, cessation of migraines, and many other results, not to mention restored regularity. When your body is void of old, poisonous toxins that are constantly being reabsorbed through the colon walls, it can begin to heal again. And when the colon walls are clean, the good nutrients from your food and supplements can be absorbed again. You will be thrilled with the results.

At this point you are either nauseated thinking about what is inside your own colon, or you're ready to do something about cleaning it out.

Want more info? Click here and I'll send it to you, including instructions on how to take it. It is private, all natural, totally safe, inexpensive, and very effective. And yes, I have taken it myself.

Currently available only in the U.S. and Canada. Seeking Distributors to meet high demand.

cmdrtaco@slashdot.org?subject=SendColonCleanseIn fo

cmdrtaco@slashdot.org?subject=PleaseRemove

Please do not 'reply' to this email as we might not see your message. Please use the links above.

Err... (5, Insightful)

.com b4 .storm (581701) | more than 11 years ago | (#6017905)

If it's YOUR system, then how are you "intercepting" anything? If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not? This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

Re:Err... (3, Funny)

gid (5195) | more than 11 years ago | (#6017927)

This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

Ah but the burglar CAN sue you for cutting himself on your knife. Welcome to the good old US of A.

Re:Err... (3, Insightful)

fjordboy (169716) | more than 11 years ago | (#6017972)

He won't win though. He can sue all he wants..the results won't be in his favor.

I can *sue* you for making this post if I have the money and a lawyer...I might be the laughingstock of the courtroom, but I have the right to sue you.

Re:Err... (4, Interesting)

Fulcrum of Evil (560260) | more than 11 years ago | (#6018043)

He won't win though

He might. Burglars have successfully sued homeowners for falling through a roof and injuring themselves whilst breaking into said house.

Prove it. (1)

DrMorpheus (642706) | more than 11 years ago | (#6018072)

Sounds like an urban legend to me.

Re:Err... (5, Funny)

outsider007 (115534) | more than 11 years ago | (#6018123)

next we'll see handicapped burglars suing homeowners for not providing wheelchair access to their valuables.

Re:Err... (0)

Anonymous Coward | more than 11 years ago | (#6018145)

Care to back that up with some evidence?

Re:Err... (4, Insightful)

antis0c (133550) | more than 11 years ago | (#6018087)

Lets not forget the man who successfully sued a car owner for driving over his hand as he was trying to steal his hub caps.

I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.

Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.

Re:Err... (1)

mhesseltine (541806) | more than 11 years ago | (#6018169)

As antis0c said:

Lets not forget the man who successfully sued a car owner for driving over his hand as he was trying to steal his hub caps.


I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.

Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.

Obviously, the solution is to leave a gun out that they can "accidentally" shoot themselves with.

Re:Err... (5, Informative)

stratjakt (596332) | more than 11 years ago | (#6018040)

No, but he could sue you if he fell down the stairs because there was no guard rail, or suffered 3rd degree burns because there were no smoke alarms.

Both of these have to do with building/safety/fire codes, and you're liable for anything that happens to anyone if you dont meet code.

Of course, the burglar still goes to jail.

Its a case of two wrongs not making a right, it makes for two punishmens.

Re:Err... (5, Funny)

Anonymous Coward | more than 11 years ago | (#6017930)

So I guess the fact that I have event logging on my Windows 2000 server makes me a criminal.

Stupidity always manages to get its way...

Re:Err... (1)

jo42 (227475) | more than 11 years ago | (#6018080)

Or logging HTTP requests, or logging dropped firewall packets, or ...

Dumb frickin' laws. Just goes to prove that the population is rising at logarithmic levels while the universal IQ is a constant.

Re:Err... (4, Insightful)

EmagGeek (574360) | more than 11 years ago | (#6017944)

"This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware... "

And there's tons of legal precedent out there making homeowners liable for injuries incurred on their premises, regardless of the motivation of the "visitor."

If you look at all of the cases out there, one could make a very strong argument that homeowners are required by this precedent to make their homes safe for burglars.

This really isn't any different if you think about it. We have to make sure we exercise care for the safety of criminals. It's sad, but unfortunately becoming more true every day.

Re:Err... (2, Interesting)

u19925 (613350) | more than 11 years ago | (#6017946)

"If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not?"

not really. if you put an expensive jewel in your front yard, display it prominently, tell others that there are no security measures preventing theft, blah.... and then put a trap which would kill intruder. well, you will go to jail for doing that.

Re:Err... (1)

jandrese (485) | more than 11 years ago | (#6018055)

So all hosts on the internet are an "attractive nuisance"? Also, I don't think honeypots cause any sort of bodily or monetry harm (unless you consider the cracker's time worth money). I don't think this is an apt analogy.

Re:Err... (1)

Fulcrum of Evil (560260) | more than 11 years ago | (#6018063)

The chief difference between a honeypot and a man-trap is that the honeypot doesn't kill intruders. Duh.

Re:Err... (4, Interesting)

.com b4 .storm (581701) | more than 11 years ago | (#6018065)

not really. if you put an expensive jewel in your front yard, display it prominently, tell others that there are no security measures preventing theft, blah.... and then put a trap which would kill intruder. well, you will go to jail for doing that.

That's an interesting analogy, but the "trap which would kill intruder" part is silly. A honeypot does not kill a cracker, it does not trojan their system(s), it doesn't do anything except act like a generic and (usually) unsecured box. If I have an expensive jewel in my front yard, and I have a security camera (heh) that records some guy stealing it, can he sue me for video taping him on _MY_ property stealing _MY_ possession?

Re:Err... (3, Insightful)

stratjakt (596332) | more than 11 years ago | (#6017980)

No, it's like a burglar suing because you caught him in the act on CCTV without his permission.

Actually, it's nothing like it, since the law is about electronic communications.

You know, the reason Linda Tripp got in so much shit for taping Lewinski's conversations.

If someone calls you on the phone, you cant tape it to use it against them (unless they know it's being taped).

So, honeypots aside, if you apply this to computers, does not any sort of log count? Web hit logs? Cookies that you didnt know about? Email spools?

Maybe I can sue slashdot for tracking my IP to stop me from posting too much.

Of course I cant, this is basically just a bunch of "OMG big brohter is teh suck" geek whining.

Re:Err... (4, Informative)

Brian Knotts (855) | more than 11 years ago | (#6018099)

If someone calls you on the phone, you cant tape it to use it against them (unless they know it's being taped).

Yes, you can...depending on the state.

It just happened that Ms. Tripp's taping occurred in Maryland, where both parties must consent to taping. Many states only require one party's consent, however.

Re:Err... (1)

Xerithane (13482) | more than 11 years ago | (#6018154)

So, honeypots aside, if you apply this to computers, does not any sort of log count? Web hit logs? Cookies that you didnt know about? Email spools?

I think it would only count if your system was acting as a relay between two end-points. Then, it would also only count if you didn't publicize what you are doing. I think that I am going to add that onto my systems... "Any information passed through this system may be logged and used as the operator sees fit or under court subpeona. If you do not agreee, disconnect from this server now." Should take care of it, but IANAL...

Of course I cant, this is basically just a bunch of "OMG big brohter is teh suck" geek whining.

Yup... same old shit.

Re:Err... (3, Interesting)

tomhudson (43916) | more than 11 years ago | (#6018162)

The FCC has ruled ( taping telephone conversations [consumer-action.org] ) regulations do not apply to law enforcement investigations, emergency situations or patently unlawful conversations .

So, since a breakin into a honeypot is an "illegal conversation" between your server and some hacker, started by the hacker, FCC rules don't apply.

Only in America... (0)

Anonymous Coward | more than 11 years ago | (#6018014)

This is what happens in an overly litigious society such as the USA...

Burglars can sue for injuring themselves in your house, old women can sue for spilling coffe on their own laps, and crackers can sue you if you montitor them while they 'explore' your systems...

Re:Err... (4, Insightful)

kikta (200092) | more than 11 years ago | (#6018031)

The article talks about the problem occuring if and when the intruder uses the honeypot to connect to a third system and the honeypot acts as an intemediary between the two (and logs all the keystrokes & traffic). Regardless, this is pretty far-fetched, IMHO. Yes, a jury of idiots may side with the cracker, but a jury of idiots could theoretically do almost whatever they please. Just hope that the appeals court is sane.

Jury of idiots (4, Insightful)

mrlatito (595000) | more than 11 years ago | (#6018127)

See OJ verdict. :)

Re:Err... (1)

No Such Agency (136681) | more than 11 years ago | (#6018034)

This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

You obviously don't live in the USA. I'm sure it's happened, and maybe the burglar didn't win but I bet (s)he had their day in court.

Re:Err... (1)

Mattsson (105422) | more than 11 years ago | (#6018051)

Which could probably happen. =)

Re:Err... (3, Informative)

Shackleford (623553) | more than 11 years ago | (#6018096)

If someone tries to crack into a system that is yours, then who cares if it is a honeypot or not? This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

I'd say that your analogy is quite accurate. But it may not even matter. What you said reminds me of this apparently true story, from here. [ebaumsworld.com] It goes as follows:

"Terrence Dickson of Bristol, Pennsylvania, was leaving a house he had just finished robbing by way of the garage. He was not able to get the garage door to go up since the automatic door opener was malfunctioning. He couldn't reenter the house because the door connecting the house and garage locked when he pulled it shut. The family was on vacation, and Mr. Dickson found himself locked in the garage for eight days. He subsisted on a case of Pepsi he found and a large bag of dry dog food. He sued the homeowner's insurance claiming the situation caused him undue mental anguish. The jury agreed to the tune of $500,000."

So it can happen, whether it sounds just or not.

Re:Err... (1)

iiii (541004) | more than 11 years ago | (#6018148)

This is like a burglar suing a homeowner because he cut himself on a knife he was stealing along with the rest of their silverware...

Kinda, but to extent the analogy, I can shoot the burglar dead if my life is being threatened, so there is a line there where my liability ends and my right of self defense begins. Where is that line when it comes to a computer system?

I don't think anyone knows the answer to that right now, since the courts are still wrestling with it. Hopefully there will be a few lucid judges that will create some sort of reasonable precedent.

The anti-honeypot (0, Offtopic)

Kaz Riprock (590115) | more than 11 years ago | (#6017908)


This post is an anti-honeypot for karma.

Not good (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6017911)

Why can't there be any freedom in this world?!

Like Bees to... (4, Funny)

eaglebtc (303754) | more than 11 years ago | (#6017913)

Whatever happened to good-old-fashioned access logs? On the other hand, this is just like setting up bear traps. Only difference is, the bears can't sue you in court. But they'll probably eat you alive if they ever get out of the trap.

Intercepted communications? (5, Insightful)

Nagatzhul (158676) | more than 11 years ago | (#6017921)

Hmmmm..... How can you intercept your own communications? Does that mean it violates federal law to use voice mail or an answering machine? After all, they also "intercept" communications.

What about home security cameras? (3, Interesting)

Travoltus (110240) | more than 11 years ago | (#6017923)

If I put a sign on all my machines saying "all activity on this machine is subject to monitoring. If you don't like it, leave now", am I still lia-bull??

Re:What about home security cameras? (1, Informative)

Anonymous Coward | more than 11 years ago | (#6018152)

yes notification doesnt make a difference. I know , i am a layer.

Heh. (5, Funny)

k03 kalle (669378) | more than 11 years ago | (#6017928)

The computers you own are not actually yours. They are owned by the United States govt. Everyone go download their new distributed CPU project called "Count The Votes". Oh, wait, they installed it for me. Thank you govt. :D On a serious note though. Its getting to be that regular Americans can't do anything without fear of getting sued or suing someone else. McDonalds coffee anyone?

Re:Heh. (1)

geekoid (135745) | more than 11 years ago | (#6018075)

"McDonalds coffee anyone?"

what about it?

Eh, I wouldn't worry (3, Interesting)

I Am The Owl (531076) | more than 11 years ago | (#6017933)

If you're, say, Fyodor [insecure.org] and you're running a honeypot (like he does, he's involved w/ the project), you can more or less count on the fact that the perp is some poor minor or college student who won't be able to bring suit in court. Hell, if you're Fyodor, this works when you're on the other side, too.

Silly poo (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6017938)

I like Windy duh Poo.

This story gave me a boner!

Because I stick my boner in honey and let Tiggstuh bounce up and down...

Fo schizzle my nizzle...

./ Repeating itself? (0, Redundant)

javelinco (652113) | more than 11 years ago | (#6017940)

Hey, I could SWEAR I saw this about two weeks ago. Anyone else?

Exploit (5, Funny)

DJ Rubbie (621940) | more than 11 years ago | (#6017942)

I can see this might happen:

1) Find Open Windoze SMB share (or any open, insecure systems)
2) "Hack" into it
3) Try to get caught (log files, whatever)
4) Claim that was a honeypot
5) Sue for profit

It does seem this easy.

Aaaargh! (0)

Anonymous Coward | more than 11 years ago | (#6017952)

I just know this is a dupe, and I want to score "First Dupe!", but I cannot find a link to the story....

will the real ISS website please stand up? (1)

Shadestalker (598690) | more than 11 years ago | (#6017954)

So, according to this (new) article [securityfocus.com] , ISS is wide open to the further embarrassment of having suit brought against them for having their website defaced.

WANTED... (2, Funny)

LordYUK (552359) | more than 11 years ago | (#6017955)

Small, yellow bear wearing red shirt.

Suspect goes by the name of "Winnie the Pooh" which he received because he smears feces all over his victims after he murders them. Suspect keeps company with the likes of a bouncing self proclaimed "thug" named "Tigger" and a small yet crafty mastermind of evil "Piglet".

Suspects should be conidered armed and dangerous. If seen, please contact Detective Christopher Robinson.

We advise the public to keep all Honeypots safely out of sight and or smell.

Re:WANTED...Gopher (1)

PenguinPooper (627246) | more than 11 years ago | (#6018146)

Most of if not all of the destruction blamed on Pooh is really the work of Gopher...Just ask Rabbit and please leave Pooh and his honey alone.

Winnie (0)

Anonymous Coward | more than 11 years ago | (#6017957)

A Pooh needs his honey!

hmm (1)

Joe the Lesser (533425) | more than 11 years ago | (#6017958)

So Homeland Security is more important than Home Security? ;-)

Better unlock my door for the Feds!

Well then make it useful (4, Interesting)

binaryDigit (557647) | more than 11 years ago | (#6017963)

Couldn't this be avoided by making the honeypot actually "do something", thereby making it not a "honeypot"? IE, stick some files on there and call it a backup server (unimportant files of course) or whatever. After all, isn't the most effective honey pots those that fool the intruder into thinking that it's a real "site", what better way than to sorta make it real? Nothing illegal about monitoring your own real site right?

loopholes (3, Insightful)

Anonymous Coward | more than 11 years ago | (#6017964)

What does it say about a society that allows a person *caught in the act* of committing a crime to sue because he wasn't caught "legally"?

I mean, I know there's always the opportunity for abuse, etc., but... come on! I mean, a lawbreaker sues because something bad happened *while breaking the law*.

That's just sad. And not sad as in: 'that criminal is an idiot'... sad as in: 'that justice system needs some work'.

First Post! (0)

Anonymous Coward | more than 11 years ago | (#6017965)

First post!

It is illegal to mod me down because it would be a violation of the Federal Wiretap Act. I will sue anyone who mods this post down! And I will win to, because I trust the justice system to help the innocent like me!

Webserver logs? (0)

Anonymous Coward | more than 11 years ago | (#6017967)

Run a webserver go to prision?

Running a honeypot *could* possibly be considered entrapment but then again so could vendor-lock-in if you want to start s_t_r_e_t_c_h_i_n_g it that far.

This is all false information (-1, Troll)

A Proud American (657806) | more than 11 years ago | (#6017975)

After reading the story about Fyodor, a Slashdot-sponsored hacker who invaded the computer systems of other users, I came to realize some things.

First and foremost, I learned that the FBI and other similar anti-crime organizations of the U.S. government will not (I repeat, will not) prosecute or even attempt to investigate computer-related security crimes that involve less than $5,000 in liabilities.

For instance, if someone (say, Fyodor or Kevin Mitnick) hacked into your box and deleted all of your home video files, you could not have them charged with any crime because the investigation procedure is too costly; since you didn't lost $5,000 or more in funds, you cannot get the FBI or other crime organizations to help you.

Ergo, I strongly urge you all to use firewall software and anti-virus packages with updated virus definitions. One can never be too safe these days, especially when people like Fyodor and others, who enjoy hurting people and stealing their information, are out there on the loose.

Prison is not involved unless you crack a bank or a government office and cause financial ruin. If you just attack fellow Linux geeks, you will get off scott free.

MOD PARENT DOWN, -1 EKROUT, WORTHLESS GAY FUCKER! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6018038)

FOAD

BS (1)

death to hanzosan (669177) | more than 11 years ago | (#6018045)

Slashdot did not sponsor Fyodor's breakin [slashdot.org] . He did that on his own.

Re:This is all false information (1)

DJ Rubbie (621940) | more than 11 years ago | (#6018132)

...you cannot get the FBI or other crime organizations to help you.

You mean the mafia? Or did you mean other anti-crime organizations?

It's all about selective enforcement. (1, Insightful)

Anonymous Coward | more than 11 years ago | (#6017977)

If the FBI wants to nail you for cybercrime, there are a lot of other far more ambiguous statutes to nail somebody under. The real question is: Have you attracted the ire of the FBI?

Consider the $5,000 damage threshold [google.com] . The FBI won't even prosecute you unless there is an upstanding member of the community (usually corporate) who will attest that you have damaged them to the tune of $5,000 or more. Who would claim that a honeypot did them 5 grand in damages? That is the real question.

Keep in mind that nmap creator Fyodor managed to hack some jerk of a Slashdot user [slashdot.org] and brag about it on his website without getting prosecuted. This is because he knew the rule of selective enforcement.

Interesting point. (1)

John Penix (562591) | more than 11 years ago | (#6018121)

Consider the case of Biswaneth Halder, the CRWU student who walked into a campus building two weeks ago and shot a man to death because no one would investigate the hacking and deletion of his web site. His letter to Congress [freeyellow.com] gives a clear account of what it's like to try to get the FBI to prosecute a cybercrime case where no financial damage can be demonstrated.

This is not to say, however, that Mr. Halder was sane.

There should be a law that say's (0)

Anonymous Coward | more than 11 years ago | (#6017982)

That if a person is taking measures to protect one's self, then whatever crime was committed agains't the victim. Then the attacker still has his rights to sue or whatever But whatever they did to the person protecting themselves' whatever the person did to protect themself (if it was illegal or not) the victim should be able to sue back with the higher charge, whether that higher charge was from the attacker or victim. Then again I am not a law maker. SO there are lots of flaw's with what I just said.

It looks to me... (4, Insightful)

zutroy (542820) | more than 11 years ago | (#6017984)

...like the article is actually saying that you could be sued if a hacker used your honeypot machine to hack into another machine that's not on your network. The argument is that you set up a machine to be hacked, and it got hacked, and was then used to hack others...kind of like saying that you've become an accomplice in hacking. So the lesson is to secure your honeypot machine, so it can't be used for evil.

Drop this! (0)

Anonymous Coward | more than 11 years ago | (#6017987)

This law only applies to phones! Only certain people, none of which are in any postion to make laws, have theorized that it could apply to computer networks. Im shocked and slashdot would be spreading this fud around. If you guys would only read the actual law you would be fine!

They're selling, but I'm not buying (2, Interesting)

dtolton (162216) | more than 11 years ago | (#6017990)

I'm as against the invasion of federal powers as the next guy,
but something that hurts that cause is overly reactionary or
alarmist agruments. This articles strikes me that way.

Anyone who has spent some time in a court room realizes that
judges are not the completely inept morons they are often made
out to be. Sure someone could "sue" you for breaking a
wiretapping law, that doesn't however mean they would win.
People seldom appreciate the difference between those two
things, anyone can sue for just about anything. Whether or not
they win the case is an entirely different thing.

Saying that monitoring a honey pot is a violation of the federal
wiretapping act is a huge legal stretch IMO. Even though a
honeypot is designed to be hacked, it still has to be hacked.
They still have to commit a felony to get into it, that's the
equivalent of saying that if someone hacks into your workstation
and you happen to be monitoring it at the time you are then in
violation of the federal wiretapping act. That is just patently
absurd.

The one example they use isn't very compelling to me either.
They are as usual light on the details, but "tapping" a cell
phone that isn't yours is an entirely different story than
monitoring a computer that you own and operate.

Every once in a while we get crazy laws on the books, and off
the wall judges pushing their own agenda's, but when things make
it to the supreme court or the higher courts, things usually
shake out in a logical and reasonable fashion. The first time
someone get's *successfully* prosecuted under this, then I'll
buy it.

Lawyers are poo. (1)

grub (11606) | more than 11 years ago | (#6017992)



IANAL [mulletsgalore.com] but wish I was.

Damn! (1)

Black Parrot (19622) | more than 11 years ago | (#6017993)


You bled on my knife, you bastard! If you live I'm going to sue your ass off!!!

Just changed my MOTD (5, Funny)

deadfishhotmail.com (548162) | more than 11 years ago | (#6017994)

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these four things: #1) Respect the privacy of others. #2) Think before you type. #3) Everything is being recorded #4) You've just rooted my server, before continuing your hacking please read the complete TOS in /usr/share/tos. If you do not agree to the TOS you must stop hacking my server immediately. root#
That outta do it!

Honey Pot? (3, Funny)

LordYUK (552359) | more than 11 years ago | (#6017995)

I've tried some weird combinations before, but mixing honey with pot never occured to me.

Does it get you a better buzz?

By this same logic... (1)

Gibble (514795) | more than 11 years ago | (#6018001)

That would mean a voice mail recording of a wrong number is a crime because you intercepted a call that was not meant to be directed at you.

Implications in piracy (2, Interesting)

EmagGeek (574360) | more than 11 years ago | (#6018009)

I wonder if putting phony MP3's on your ftp server in hopes of confusing the powers that be might fall under this. After all, isn't that sort of honeypot-ish?

I wonder what this would mean for other "red herring" type of defense measures....

log on banner? (1)

benny_lama (516646) | more than 11 years ago | (#6018011)

Wouldn't the standard log on banner that states that any and all use of the system could be monitored, used in court, etc, etc, be useful in preventing legal action? How can someone sue you if you warned them that you were monitoring them?

Double standards. (0, Troll)

grub (11606) | more than 11 years ago | (#6018020)


"interception of communications", a felony that carries up to five years in prison.

Unless you're John Ashcroft and his brownshirts. What about whatever the NSA picks up? Echelon? Carnivore? Even if data that wasn't covered by a warrant is discarded, it was still intercepted.

Another example of how the courts are messed up (1)

cyberguyd (50420) | more than 11 years ago | (#6018032)

Over and over our courts are issuing rulings against people who are trying to protect themselves from people who are trying to do them harm. There are precedents in the physical world. Shop owners are getting sued by criminals caught in traps or injured in some way and winning. I guess it was only a matter of time before the e-world was impacted by this. Pretty soon users will be getting sued for deleting SPAM!

Something doesn't add up here (5, Funny)

Hamstaus (586402) | more than 11 years ago | (#6018035)

Wait a minute!

No anti-MS sentiment... posted by Taco... not a dupe...

This story is a honeypot! Whatever you do, don't post any comments! It's a trick! It's a tri^&T3ATZ
NO CARRIER

unfair (1)

ramzak2k (596734) | more than 11 years ago | (#6018039)

how come the federal agents are allowed to use honeypots, as in the case of the russian hackers, when private investigaters cant ?

hmmm (2, Insightful)

Tumbleweed (3706) | more than 11 years ago | (#6018048)

Is there any way to mark an entire Slashdot story as a Troll? This is ridiculous.

( Go ahead, mod me down - I can take the hit. )

Using Honeypots for Increased Computer Security (1)

akedia (665196) | more than 11 years ago | (#6018053)

How is using a honeypot an "interception of communications"? The attack is coming in on your own machine, which you have set up and are sacrificing in the name of enhanced security. Under the law, this is known as "permissable deception." (Yeah, I learned this from Law & Order.)

If a cop poses as a "prostitute" and attempts to solict from a John, they can be found guilty of solicitation of sex. If I throw a "server" holding lots of "important data" on my network, and I catch some hacker breaking in, presumably, under the same idea, he is now guilty of a cyber-crime, and can be tried and found guilty.

There is a cyber-war going on, and as in a land war, you must know your enemy. Think of using a honeypot as gathering intel on your attacker, learning his ways and developing methods to protect against his attacks.

Honey pots (4, Insightful)

Nonillion (266505) | more than 11 years ago | (#6018061)

This just goes to show just how low spamers are willing to sink. I have been hosting my own mail server for several years now because it's the ONLY way for me to combat unwanted e-mail. If some worthless spamer is going to wine about a honey pot or my server rejecting his/her e-mail I say TOUGH FUCKING SHIT! It's MY machine, MY bandwidth, MY rules... period. If I want viagra, penis/breast enlargements, debt consolidation, loans re-financed or hot asian chicks I'll seek you out myself..

>SELECT * FROM spamers WHERE clue > 0
>0 rows returned

FUD in summary (4, Informative)

Kaz Riprock (590115) | more than 11 years ago | (#6018082)


RTFA. The use of a honeypot won't get you in trouble. The prosecution of someone hacking your honeypot won't get you in trouble. The prosecution of someone hacking your fileserver based solely on the honeypot's logs has the *potential* to get you in trouble.

Kidnapper (1)

travdaddy (527149) | more than 11 years ago | (#6018083)

"But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won."

This specific case seems VERY different than using a honeypot for computer security, and it sounds like the alleged kidnapper may have actually had a case. I'd like to see more information about that case before making comparisons, unfortunately I was unable to find any.

how stupid (1, Interesting)

Anonymous Coward | more than 11 years ago | (#6018084)

First of all, it's YOUR computer, you are allowed to monitor your network however you like.

This has nothing to do with a cloned cell phone, which is illegal to begin with, and the perp wasn't trying to commit a crime on the cellphone itself.

It would be like this: A criminal gets into your house because you leave the door open intentionally. He starts tearing the place apart and in the process trips and breaks his arm. How can he possibly sue YOU? Sure, you left the door open, and maybe that weakens your case against him, but he has no right to sue you.

Now, suppose the criminal takes the bus to work during the day and also used it to get to your house that night. Lets say he trips and breaks his arm on the bus due to long-standing negligence of the bus owner. Does he have a case against the bus owner.. maybe! I think that's more like the cell phone example.

I think this is just silly, any judge with half a brain would understand that breaking into a computer is wrong, regardless of the honeypot.

Yeah, the laws are fucked up and upside down when it comes to computers and networks, but not THIS stupid.....

VITTU OLEN 30 KYMPPINEN! (1)

DrunkenPenguin (553473) | more than 11 years ago | (#6018086)

Ja tänään vetäsen perseet olalle!

a translation (2, Informative)

Anonymous Coward | more than 11 years ago | (#6018122)

Sorry, he was too fast, hence the finnish language. What he ment to say is that he has a 30 years of experience in similar cases and none of them have led to any actual results, so it's just a waste of time talkin' about this issue, he thinks.

I'm curious (1)

I Am The Owl (531076) | more than 11 years ago | (#6018109)

Would this work the other way around? I mean, I know it sounds ludicrous that someone protecting their own systems could get in trouble for doing so, but let's take a different look at this using a slightly differnet situation.

Let's say you're somebody (maybe Fyodor [insecure.org] ) and you break into someone's system and subsequently monitor it through screenshots [slashdot.org] . This is a rather clearcut case, is it not? The wiretapping is bad no matter which sides you place the two parties on.

Furthermore, this smacks of vigilanteism. If people start taking the law into their own hands, what happens to the whole idea of a codified system of justice? Or, indeed, justice at all? Wiretapping is best left to the justice system.

USA? How about other countries? (1)

axxackall (579006) | more than 11 years ago | (#6018128)

I wonder, is US Goverment the only one in the world keeping such stupid laws or other countries have same or similar stupidy in place?

RIAA & Honey Pots (4, Interesting)

splatter (39844) | more than 11 years ago | (#6018142)

I was reading this and had a thought. Has anyone set up a FTP or P2P honey pot to attract attention from the RIAA?

This could be a great way to annoy the RIAA when they try and sue or fine someone that actually doesn't have illegal material on their hard drive.
Has anyone done this yet? Any storys? Could the honey pot project be used to simulate a FTP server with mp3 goodies?

DP

God bless america (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6018156)

And the americans...

Local issues involved (3, Informative)

jd (1658) | more than 11 years ago | (#6018172)

Some States explicitly authorize wiretapping, where the other party is NOT informed. South Carolina is one such State.


Now, normally Federal law usurps State law, so this wouldn't matter. However, in a case where it is dubious as to whether the Federal law applies, it's perfectly possible that it could be ruled that State law takes precedence in this case.


The second thing to consider is that you can't profit by someone's crime. Thus, it would be illegal for a cracker to attack a honeypot for the purpose of making money via the Federal law. The cracker would then be placed in the position of needing to prove that their attack was for unprofitably malicious purposes.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>