[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: RE: RE: cybercop sting

To: "Eric" <eric@gruver.net>
Subject: Re: IDS: RE: RE: cybercop sting
From: "Bill Martin" <bmartin@orion.it.luc.edu>
Date: Sun, 10 Oct 1999 21:19:45 -0500
Cc: <ids@uow.edu.au>
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------
---
Eric,

Personal experience has shown me that:

"you can no be convicted of entrapment if, they other party is behaving in a
manner that they would otherwise".

Now, almost anyone on this list I'm sure can state that, if someone is
attempting to gain entry to your network is doing so or attempting to do so,
whether the honey pot is in place or not.  Lets face it, if their activity
is being tracked, they are usually doing something to trigger the logging.
If the logging is taking place as a result of normal system functionality,
and they are caught doing something they should not be doing, they are doing
it as a result of their own choice.

Now, if you put up an advertisement on the net, indicating you are not doing
any tracking, and you do not have passwords on ant account, then I'm sure
that's another story.

Bottom line is, "if someone is hacking your system, they will undoubtedly be
doing it or attempting to do it whether the honey pot is in place or not"

After all, if a cop is on a corner and offers to sell a man drugs, the cop
can not be nailed for entrapment.  Why?  Because the alleged buyer is buying
only because he wanted to.  Now, if the man repeatedly refused, I'm not sure
how that would work, but, if the man buys, then, he is guilty of purchasing.
Ultimately, the man acted in the same manner he would have if the cop was
indeed a real dealer, hence, no entrapment charge.

-bill-
-----Original Message-----
From: Eric <eric@gruver.net>
To: Endler, David S <David.S.Endler@usa.xerox.com>
Cc: Staggs, Michael <Michael_Staggs@nai.com>; Isman
<kukulkan@netsecure.fsksm.utm.my>; ids@uow.edu.au <ids@uow.edu.au>
Date: Sunday, October 10, 1999 12:14 AM
Subject: Re: IDS: RE: RE: cybercop sting


>FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
>IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
>HELP: Having problems... email questions to ids-owner@uow.edu.au
>NOTE: Remove this section from reply msgs otherwise the msg will bounce.
>SPAM: DO NOT send unsolicted mail to this list.
>USUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
>---------------------------------------------------------------------------
>---
>"Endler, David S" wrote:
>>         The sacfrifical lamb suggestion is a great idea generally, but be
>> careful about the legal pitfalls of "disinformation." Leading an attacker
to
>> commit a crime by providing an open door (aka no warning banners, weak
>> passwords, etc.) is commonly called entrapment and can be
counterproductive.
>
>In the United States, setting up a computer to detect and catch people
>attempting to break into your systems is not entrapment.
>
>For example, in Texas, the following is the definition of entrapment from
>the state's Penal Code, Section 8 - General Defenses to Criminal
Responsibility
>
>   Sec. 8.06.  Entrapment.
>
>            (a) It is a defense to prosecution that the actor engaged in
>   the conduct charged because he was induced to do so by a law
>   enforcement agent using persuasion or other means likely to cause
>   persons to commit the offense.  Conduct merely affording a person
>   an opportunity to commit an offense does not constitute
>   entrapment.
>
>            (b) In this section "law enforcement agent" includes personnel
>   of the state and local law enforcement agencies as well as of the
>   United States and any person acting in accordance with
>   instructions from such agents.
>
>Note the last sentence of paragraph (a).  Also, please note that it applies
>only to personnel of law enforcement agents or from people under their
>control.
>
>Of course, the law may be different in other parts of the world.
>
>> You can get in a lot of serious trouble with your own organization as
well
>> by spreading false data which could result in nasty rumors about earnings
>> which could affect stock prices negatively, etc.
>
>That's a good point.  Any false data, or for that matter real data,
contained
>should be cleared by the lawyers before using it.
>
>Eric Johnson
>

Prev by Date: Re: IDS: Assessment tools/Scanners
Next by Date: Re: IDS: Assessment tools/Scanners
Prev by thread: Re: IDS: RE: RE: cybercop sting
Next by thread: IDS: RE: cybercop sting
Index(es):
- Date
- Thread