After running “Could a DDoS attack land you in court? Experts say yes,” we asked TechRepublic members whether they had a policy in place to protect against lawsuits in case a hacker uses their system to launch a distributed denial of service (DDoS) attack.
Forget policies, you replied. This is about something larger than Internet security.
“Yep, only in our hypocritical nation, which proclaims peace and freedom while destroying other cultures and forms of government, could you see a stupid law like this,” wrote a particularly incensed Greg. “This whole Internet security thing is just one part of a MUCH BIGGER problem with society itself.”
Greg said he would assist in tracking down any hacker who compromised his system, regardless of legal options. But the focus of his almost 600-word manifesto on the issue was on why it’s ridiculous that companies can be sued for inadvertently hosting a DDoS attack.
”Everyone is responsible for their own security on their PRIVATE network,” Greg wrote. “I am not responsible for the security of your network, and you are not responsible for mine. People need to realize that life itself is a risk, and no number of new laws will ever change that. If you want to connect to the net, you must accept this fact, and do the best you can to protect your own network.”
Greg wasn’t the only one a bit…er…miffed about the whole issue.
“Once again the legal system appears to be covering up its inability to serve the public good by punishing the victims of crime,” wrote Kerry L. Meyer. “As a victim, I would be anxious to participate in the search and conviction of the actual criminal, but not under threat of prosecution. If you want to stop criminals don't punish victims.”
Cclaytonsuggested the legal system should focus on catching the criminals, not on finding a scapegoat.
“No one is denying the need for all the parties to work together to find some way to increase security,” Cclayton wrote. “It just seems to me that trying to sue the house because the burglar used the phone to see if anyone was in next door is plain nuts!
“Instead of spending resources on tracking and fully punishing the culprits it is easier to blame a target that is visible. Is this indicative of the failure of the justice system or of the policing system or both?” Cclayton challenged.
What about individual PCs?
Several readers questioned whether individuals with home PCs might be subject to the same liabilities as businesses.
“Is it also possible that I could be prosecuted if my home system is used as a slave by some hacker doing a DDoS?” asked Erockhey. “Since I have 24/7, always-on service, I take full advantage of it and never turn the computer off. Even though I use a firewall, I'm sure there are many thousands of home users that don't.”
Another member, who identified herself as Wolfmistress, expressed similar concerns.
“I can understand how a company can be held responsible for being partially blamed for a DDoS attack, but what about the common PC user? I hope not, since the usual PC user is normally lucky to just get through the normal usage of a PC on the Internet,” she wrote.
We thought these members raised a valid point. While it seems unlikely a lawyer would go after an individual at this point, especially given the fact that there have been no lawsuits against the companies and universities involved in previous DDoS attacks, we wondered if home computers are at risk for hosting attacks.
We asked Jim Lippard, director of Internet Security for GlobalCenter , a backbone network provider. Since GlobalCenter provides Yahoo’s network, Lippard worked on security after February’s DDoS attacks.
And he said yes, the higher connection speeds of DSL and cable modems are resulting in more desktop computers being used in DDoS attacks.
“In fact, cable modem machines have certainly been used to engage in denial of service attacks,” he told TechRepublic. “Basically, there have been lots and lots of cases of people’s home machines being compromised and then used as a base for all different kinds of attacks.”
The software used in February’s much-publicized attacks was written for UNIX. Within weeks, however, that same software had been rewritten for Windows, he said.
“By putting equipment on the Internet, you are giving everybody else in the world access to your equipment in some way or another,” Lippard said. “People need to realize that and make sure that the type of access that you’re giving the outside world is the type of access you want them to have.”
Do you have virus protection software installed on all of your PCs? What about your home PC? Has your home PC ever been hacked? Post a comment below or e-mail us.