[109393] in Cypherpunks
RE: Gently nurturing the misguided hacker with baseball bats
daemon@ATHENA.MIT.EDU (Trei, Peter)
Mon Mar 22 16:09:03 1999
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: dcsb@ai.mit.edu, cypherpunks@cyberpass.net, cryptography@c2.net,
Digital Bearer Settlement List <dbs@philodox.com>,
"'Robert Hettinga'"
<rah@shipwright.com>
Date: Mon, 22 Mar 1999 15:50:51 -0500
Reply-To: "Trei, Peter" <ptrei@securitydynamics.com>
I remember seeing this on the infowar list about 6 months
ago.
I didn't really beleive it then, nor do I find it credible
now. Winn Schwartau carries very little credibility with me.
Any US corporation counsel would go ballistic if their
people tried this sort of thing. Can you say 'RICO'?
Can you say 'criminal liability'? Can you say 'jail time'.
Can you say 'PR disaster'?
The full article discusses cyber retalliation as well -
DoS attacks on the alleged attacker's browser and system.
If an attack is mistakenly targeted at an ISP which
innocently hosted a hacker, the liability implications
for the retaliator are more then minor.
As for physical attacks, forget it. Maybe a non-US corp
acting outside the US, but not otherwise.
Winn asserts that the DoD instituted a browser crashing
Java countermeasure in response to a server flooding
attack. That's pretty much the limit of what I'd think
was acceptable.
Anything more, and I'd want sovereign immunity, and a
capable force of JBTs to defend it (hey, I'd like
that in any event :-).
Peter Trei
> ----------
> From: Robert Hettinga[SMTP:rah@shipwright.com]
> Whit Diffie, of course, talked about this kind of thing at MIT a while
> ago.
> I even think this particular might be apocryphal, and has possibly made
> the
> rounds already, but for those of you who missed it, here it is.
>
> On the net, private law will supplant public law, modulo the occasional
> baseball bat. Somewhere, David Friedman is smiling...
>
> Cheers,
> RAH
>
>
> --- begin forwarded text
> Subject: Gently nurturing the misguided hacker
>
> ...with baseball bats.
>
> It appears the kinder/gentler approach to network break-ins is falling out
> of
> favor in the financial community.
> <Somebody else's .sig>
>
> http://www.cnn.com/TECH/computing/9901/12/cybervigilantes.idg/
> ...
>
> Lou Cipher (a pseudonym of his choice) is a senior security
> manager at one of the country's largest financial institutions.
> "There's not a chance in hell of us going to law enforcement with
> a hacker incident," he says. "They can't be trusted to do anything
> about it, so it's up to us to protect ourselves."
>
> Cipher's firm has taken self-protection to the extreme. "We have
> the right to self-help - and yes, it's vigilantism," he says. "We
> are drawing a line in the sand, and if any of these dweebs cross
> it, we are going to protect ourselves."
>
> Cipher says his group has management approval to do "whatever it
> takes" to protect his firm's corporate network and its assets.
>
> "We have actually gotten on a plane and visited the physical
> location where the attacks began. We've broken in, stolen the
> computers and left a note: 'See how it feels?' " On one occasion,
> he says: "We had to resort to baseball bats. That's what these
> punks will understand. Then word gets around, and we're left
> alone. That's all we want, to be left alone."
> ------- End of forwarded message -------
>
>
