Rep. Gohmert Wants A Law That Allows Victims To Destroy The Computers Of People Who Hacked Them

from the do-these-people-even-listen-to-themselves? dept

Last week, we had talked about some concerns about how various cybersecurity provisions would allow those hit by malicious hackers to "hack back" or, as some call it, engage in an "active defense." There were significant concerns about this, but as Marvin Ammori briefly mentioned in last week's favorites post, Rep. Louis Gohmert seems to not only think hacking back is a good idea, but that it should be explicitly allowed under the CFAA (Computer Fraud and Abuse Act). You can see his explicit statements to this effect below during last week's House Judiciary Committee hearing on the CFAA. It appears he heard a story about someone installing some malware on a hacker's computer to get a photograph of them, and has decided "that's a good thing, that helps you get at the bad guys," without ever thinking of the very, very long list of dangerous consequences of allowing such things:
In case the video embed is not working above, I created a short highlight that just covers the ~5 minute exchange involving Gohmert.

Here's the basic transcript. The really crazy part is where Gohmert says he doesn't care as long as the hack back is "destroying that hacker's computer."
Rep. Gohmert: It's my understanding that under 18 USC 1030 that it is a criminal violation of law to do anything that helps take control of another computer, even for a moment. Is that your understanding?

Orin Kerr: It depends exactly what you mean by "taking control." If "taking control" includes gaining access to the computer, assuming a network your not supposed to take control of, then yes, that would clearly be prohibited by the statute.

Rep. Gohmert: For example, my understanding is that there was a recent example where someone had inserted malware on their own computer, such that when their computer was hacked and the data downloaded, it took the malware into the hacker's computer, such that when it was activated, it allowed the person whose computer was hacked to get a picture of the person looking at the screen. So they had the person who did the hacking, and actually did damage to all the data in the computer. Now, some of us would think 'that's terrific, that helps you get at the bad guys.' But my understanding is that since that allowed the hackee to momentarily take over the computer and destroy information in that computer and to see who was using that computer, then actually that person would have been in violation of 18 USC 1030. So I'm wondering if one of the potential helps or solutions for us would be to amend 18 USC 1030 to make an exception such that if the malware or software that allows someone to take over a computer is taking over a hacker's computer, that it's not a violation. Perhaps it would be like for what we do for assaultive offenses, you have a self-defense. If this is a part of a self-defense protection system, then it would be a defense that you violated 1030. Anybody see any problems with helping people by amending our criminal code to allow such exceptions or have any suggestions along these lines?

Orin Kerr: Mr. Gohmert, that's a great question that is very much debated in computer security circles. Because, from what I hear there is a lot of this "hacking back" as they refer to it. But at least under current law, it is mostly illegal to do that.... The real difficulty is in the details. In what circumstances do you allow someone to counterhack, how broadly are they allowed to counterhack, how far can they go? The difficulty, I think, is that once you open that door as a matter of law, it's something that can be difficult to cabin. So I think if there is such an exception, it should be quite a narrow one to avoid it from becoming the sort of exception that swallows the rule.

Rep. Gohmert: Well, I'm not sure that I would care if it destroyed a hacker's computer completely. As long as it was confined to that hacker. Are you saying we need to afford the hacker protection so we don't hurt him too bad?

Orin Kerr: (brief confounded look on his face) Uh... no. The difficulty is that you don't know who the hacker is. So it might be that you think the hacker is one person, but their routing communications... Let's say, you think you're being hacked by a French company, or even a company in the United States...

Rep. Gohmert: Oh and it might be the United States Government! And we don't want to hurt them if they're snooping on our people. Is that...?

Orin Kerr: No.

Rep. Gohmert: I don't understand why you're wanting to be protective of the hacker.

Orin Kerr: The difficulty is first, identifying who is the hacker. You don't know when someone's intruding into your network who's behind it. So all you'll know is that there's an IP address that seems to go back to a specific computer. But you won't know who it is who's behind the attack. That's the difficulty.
First off, kudos to Orin Kerr for keeping a (mostly) straight face through that exchange. There are many amazing things about this particular exchange, but the fact that Rep. Gohmert is one of the people in charge of how the CFAA gets reformed, and doesn't understand these very basic concepts, is immensely troubling. Among the headsmackers in that exchange: the idea that hackers are bad -- and not just partially bad, but apparently obviously and totally bad, like out of a movie. Also: that they're somehow easy to identify and that a freebie on hackbacks wouldn't be abused in amazing ways. Further, as Kerr pretty clearly points out that you can't automatically track back and (without saying so directly, but clearly implying) that hackers likely would shield their identity or fake someone else's identity, Gohmert still doesn't get it and somehow thinks that Kerr is saying we don't want to allow hackbacks on US government snooping (which, again, Gohmert seems to have no problem with). Yikes. Please do not let people like this near laws that have anything to do with computers. To me, this level of misunderstanding is worse than the whole "series of tubes" garbage from a few years back by Senator Stevens.

I'm sorry, but it seems that if you can't understand that there isn't some magic list that says "these hackers are bad, and therefore we should destroy their computers," I don't think you should have any role in making laws around this topic.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Jay (profile), Mar 19th, 2013 @ 6:31am

    Gohmert the unbearable

    Let's see...

    This is the same guy that wants to lock up journalists, shut down the government, stop the government from spending money on its citizens, keep taxes lowered ok the richest people, believes in gerrymandered districts over democratic rights of the people, denies climate change based on his bribes from the oil industry, and his overall morality is atrocious when it's based on being a self-centered power hungry mad man who treats the public like serfs and peasants instead of people with valid concerns.

    Have I missed anything or does anyone else see the problem with these people in office supporting the worst representation of American culture?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      gorehound (profile), Mar 19th, 2013 @ 7:47am

      Re: Gohmert the unbearable

      Go ahead and Pass your stupid Law !
      MAFIAA & Government & Others who Enter my Domain will be Hacked and Brought down because I will be the Victim !

      Gohmert you are one big stupid Clown ! Amazing how losers like him get Voted in...........those people who said YES must of had a brain fart.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Donnicton, Mar 19th, 2013 @ 7:55am

      Re: Gohmert the unbearable

      Gohmert the unbearable

      Gohmert the Gohmerian?

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Monkey with Attitude, Mar 19th, 2013 @ 9:09am

      Re: Gohmert the unbearable

      Shut down the government? I could support that...

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      mhab, Mar 19th, 2013 @ 2:50pm

      Re: Gohmert the unbearable

      Nope, that about sums it up... keep in mind the guy is from texas... and given my experience with texas politicians, the ones that get the most attention are the ones that say the most outrageous things (or those who have the lowest IQ). Before anyone gets butthurt about it, im not saying all texas politicians are dumb... just those that get the most attnention it seems.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 9:42pm

        Re: Re: Gohmert the unbearable

        We're are certainly embarrassed here that we can't seem to get rid of Lamar Smith too.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Shon Gale (profile), Mar 27th, 2013 @ 5:30am

      Re: Gohmert the unbearable

      Ohh that guy!!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    LyleD, Mar 19th, 2013 @ 7:36am

    " It appears he heard a story about someone installing some malware on a hacker's computer to get a photograph of them"

    If I remember that story correctly, the victim of the stolen laptop installed the software himself.. Which remotely sent him a picture of the thief..

    What hackers have to do with it idk...

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      LyleD, Mar 19th, 2013 @ 7:43am

      Re:

      Mkay, read it again further down and seems he's talking about a different hacking incident...


      Tbh, I don't know what all the fuss is about.. More people should install anti-hacker apps imo and it should be legal.. Screw anyone who hacks in I say, be it a real hacker or the government :P

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 8:06am

        Re: Re:

        two problems: 1) the way Rep. Gohmert is saying it, you being hacked would entitle you to hack the other computer, it isn't limited as to when. So, if you were attacked by a computer using the IP address 127.0.0.1, then you could attack the computer at IP Address 127.0.0.1. Unfortunately, you attacked a month later, and it was a different computer you destroyed. So, what's the legal position?
        2) how do you identify a counterhack? If a victim of hacking can counterhack, how do you determine they actually were hacked in the first place? It could become a defense that makes the law utterly toothless.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          techturf (profile), Mar 19th, 2013 @ 8:40am

          Re: Re: Re:

          So you call the police that night to report you are being hacked by 127.0.0.1 and they put their best agent on it who calls you back a half hour later and says, "The Hacker is in your House! Get OUT!"

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          kirillian (profile), Mar 19th, 2013 @ 8:44am

          Re: Re: Re:

          I just wanted to clarify something here as I was slightly confuzzled by some misinformation here even though the point is valid.

          - 127.0.0.1 references the loopback interface (actually anything in the 127.0.0.x range does) which won't allow you to access another computer according to IE specs. Just to clarify. Thus, you're either hacking yourself or incorrectly identifying the source of the original attack. This is one such problem with the whole thing...identification of the ACTUAL source.

          - Assuming you correctly identified the source, IP addresses change as you noted. So while you can identify the specific attacking computer at a given point in time (assuming you can correctly do so), you still have a risk that the address of the computer that actually performed the act changes before you can respond. Now, granted, if you respond in a very short period of time, the likelihood of the IP address changing is slim, but legally, you have to consider the ramifications of a possible change in address between action and reaction.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            beltorak (profile), Mar 19th, 2013 @ 11:49am

            Re: Re: Re: Re:

            regarding the use of the loopback IP (127.0.0.1); yes. that should have been in one of the "documentation IP ranges": http://tools.ietf.org/html/rfc5737


            3. Documentation Address Blocks

            The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), and 203.0.113.0/24 (TEST-NET-3) are provided for use in documentation.


            Shame the addresses aren't as recognizable as 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/20, or 10.0.0.0/8.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Mar 20th, 2013 @ 3:59am

            Re: Re: Re: Re:

            I am the AC who posted that: I was using the loopback IP address in the example to avoid using an IP address that someone might actually be using. Therefore, please ignore the fatc ti is the looback address.

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Mar 19th, 2013 @ 12:40pm

          Re: Re: Re:

          Don't forget, a hacker could first hack into another computer before hacking into your computer from it. You would have a hard time knowing this, and you'd most likely end up counter-hacking a poor guy who just had his computer hacked as well.

          Oh and if that poor guy caught in the middle found out you're hacking him, he could hack you back... Because to him you'd look like an original hacker, he would not know you're trying to counter-hack.

          And wait until hackers plant false evidence that you were a hacker yourself, so they can claim they were counter-hacking you.

          Seriously, legalizing counter-hacking is just loads of bullshit. If you're being hacked, just block the IP address hacking you and contact the authorities.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Mar 19th, 2013 @ 7:39pm

            Re: Re: Re: Re:

            You haven't played uplink?

            The first step of tracing the hack backwards is checking the connection log to see if this was an origination point or just a step along the way. Of course, you need to use a log undeleter with a high enough level to make sure it wasn't just falsified!

            I wish you could do this in real life... except... no, I don't.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Mar 20th, 2013 @ 4:01am

              Re: Re: Re: Re: Re:

              except even if it was technically possible, would your ordinary computer user know to try?

               

              reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 9:23am

        Re: Re:

        Fine, let me hack your computer and go straight to the honey pots elsewhere, where YOUR computer will get destroyed LoL

        God forbid somebody else in your house actually use that computer, it would be useless for a while and all data YOU stored would be gone.

        That is not the only way it could go wrong though.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 7:37am

    Do we get to destroy the computers of the RIAA and the investigative companies they hire for their record of having so many false positives?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 9:37am

      Re:

      You might be able to argue against sony for that DRM rootkit debacle. Heck, under this version of the law, you might even be able to make a case for legally attacking the US government if you're infected with stuxnet.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Rikuo (profile), Mar 19th, 2013 @ 7:37am

    Mike you owe me a new desk. I face-desked and I couldn't stop myself from doing so repeatedly after reading that exchange (including the bit where questioning this bill automatically means you're somehow protective of the hacker...)

    Unlike other bills that simply tack on the word cyber and say there's a difference because its on a computer...just because...in this case there actually IS a difference. Since he's using the analogy of self defence, if I'm being attacked physically, I can see who's attacking me. I can fight back against those who are clearly identifiable as my attackers. Not so with a hacker. They're going to rout through and use proxies, so just like with Six Strikes, this means allowing harm to innocents because the lawmakers and policy pushers are complete and total morons.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 7:38am

    I have to admit, I've always wanted to send viruses/destructive programs to Nigerian scammers under the guise of sending them something they ask for.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pixelation, Mar 19th, 2013 @ 7:39am

    I like the idea of "hack back". It will help create a truly wild west atmosphere on the net.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Coogan (profile), Mar 19th, 2013 @ 7:43am

    1. Hacker takes over Computer A
    2. Hacker uses Computer A to hack into Computer B
    3. User of Computer B notices hack attempt from Computer A
    4. User B installs covert software to snap a pic from the webcam of Computer A to catch evil hacker
    5. User A happens to be a teenage girl who's changing clothes at the time.
    6. User B gets 50 years in PMITA prison for child porn.
    7. Lawmakers pat themselves on the back for catching dangerous predator of America's youth.
    8. Lawmakers continue to propose stupid laws. Americans continue to elect stupid lawmakers.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 7:57am

      Re:

      Better example.

      1) User A is a troll who posts the password to their forum account online.
      2) User B uses the password to log in as User A and make a few joke posts for fun.
      3) User A then tricks User B into clicking on some bad links to install malware on their computer, which lets User A take control of User B's computer.
      4) User A steals User B's bank account information and steals all their money, and then floods User B's hard drive with a bunch of junk files saying "You suck User B".
      5) User B finds out that they've been hacked and robbed, and goes to the police and FBI.
      6) In court User A points out that User B 'hacked' into their forum user account first, so all their retaliation hacking against User B is perfectly legal thanks to Rep Gohmert.
      7) Case is dismissed against User A. User B is charged with hacking under the CFAA, and is still out over $100,000 stolen by User A.
      8) User A goes on to get himself 'hacked' by more 'victims' for a living, and the federal government continues to lock up those 'victims' for 5 or more years.
      9) User A gives very big campaign donations to Rep Gohmert, so everyone wins! Everyone except User B's!

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 9:02am

      Re:

      How you explain this to idiots like this one:

      Me: Here's an example. Suppose you have a computer.
      G: OK.
      M: And someone takes it over without your knowledge.
      G: OK.
      M: They then use it to attack my computer. To me, it looks like the attack is coming from your computer (because it is.)
      G: OK.
      M: Are you suggesting that I should have the legal right to destroy your computer because it's attacking me?
      G: Well, no.
      M: OK, then. Shut up and let the adults discuss this.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 7:43am

    I guess the term "due process" is a foreign concept to the esteemed legislator. How sad...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Kevin Marks, Mar 19th, 2013 @ 7:44am

    Heard this one before

    Back in 2002 the RIAA proposed that they be allowed to hack our computers to delete MP3s. It's the Implacable logic of DRM

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rikuo (profile), Mar 19th, 2013 @ 7:50am

      Re: Heard this one before

      And has_got_an_ass_crack_of_bob's_average_lube wonders why we here at Techdirt don't trust the RIAA/MPAA when they say the sky is blue?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 7:50am

    If this passes then I wouldn't put it past the likes of Prenda Law etc. to seek the destruction of the computers from the people that pay up or take the people to court that they accuse for copyright infringement. The likes of Prenda Law will say something along the lines that those who committed copyright infringement with downloading from bittorent hacked into the computer that was in the office to get the file that they downloaded.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    trish, Mar 19th, 2013 @ 7:53am

    Politics :D

    Win a (very expensive) popularity contest: write laws that you know nothing about to control everyone else's lives! Democracy is the worst governance system, except for ... all the others.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 7:55am

    "Do we really want an Internet-sized game of corewars?"

    (Post from 2001, on a discussion about counter-hacking machines infected with the Code Red worm. Look up "Core War" on Wikipedia to understand the reference.)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:04am

    Orin most certainly did not throw cold water on the concept and dismiss it out of hand. What Orin did do is note that the "devil is in the details" if one is to avoid an overinclusive bill. Perhaps one should read Orin Kerr's published articles in law and other journals before jumping the gun...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:05am

    as usual, a fucking idiot is trying to deal with a technology that he has no clue about, doesn't understand and yet he thinks, just like the entertainment industries, that an IP address is definitive proof of a person, an identity. courts have taken a long time to realise it but now do so more usually than not that an IP address is nothing more than identifying the name on the bills for that internet account. it does not identify the user of that account every second of every day! how do these morons ever get through school, let alone get elected into positions of such power that they can make or break something, everything for everyone for a long time to come, if not forever!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jeremy, Mar 19th, 2013 @ 8:07am

    For the inexperienced, this might seem like a good idea. After all, the argument with guns is often made that the best way to prevent random shootings is to arm everyone. People are much less likely to simply shoot randomly if they know they'll be the second one shot at. However, in the case of hacking, we're discussing something altogether different. Each computer/device/router on the internet, while (most are) privately owned, actually constitute a whole that is publicly used. If you allow hacking legally, you need a very effective law enforcement agency to prevent abuse of the legality of hacking (i.e. to enforce the law with regards to legal/illegal hacking). There is no such law enforcement right now that I can see.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Keroberos (profile), Mar 19th, 2013 @ 8:30am

      Re:

      And can be none. It's too easy to conceal your identity on the internet--which is Kerr's whole point, although he describes it rather poorly in the clip. How can you police a massive group of essentially anonymous PC's many, if not most of which reside in other jurisdictions and countries?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:22am

    Yeah, right... and five minutes after the law is passed, we'll be living on a planet with no working computers, because there are already a lot of paranoid people who think EVERYTHING is trying to hack their PCs etc.... not that they're very far from truth, actually, but...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Keroberos (profile), Mar 19th, 2013 @ 8:24am

    The stupid...it hurts...Lets also make a law that says it's OK to kill someone that you think, maybe, might be, but you're not quite sure, trying to kill you.

    I think we should pass a law that states "In order to pass legislation on a particular subject, you must first pass a college level test on that subject". Hell, even a high schooler with basic IT knowledge would know that's idiotic.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:35am

    Well...

    I'm not in favor of this sort of thing, but I think there should be some special loopholes in a very few cases. Example: Microsoft/Norton/Whoever gains control of a spambot C&C server. Using this they could "infect" the individual bot machines with a removal tool. Or send a signal to shut down the bot software. Currently they won't do this because of the CFAA, all they can do is take down the server. Which leaves the botnet up and running, just missing a head - which can be relatively easily replaced.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Mar 19th, 2013 @ 9:37am

      Re: Well...

      Botnet C&C machines are a tempting target for this type of activity, but on the whole I think it's a mistake to declare attacking the legal. There are far too many ways for this horribly, horribly wrong.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:38am

    So if you hacked back, would the original hacker have the right to hack you back? And then you can hack back again? And the hacker can hack back again?

    If you hack back the wrong person, does that person have the right to hack back against you?

    Oh, and this could create jobs, couldn't it? I mean, now every public library and coffee house with public wi-fi will need to hire a new security expert just to protect the network from all the hackbacks triggered by hackers using them to launch the initial attack.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    DOlz, Mar 19th, 2013 @ 8:43am

    Maybe this will help

    There seems to be an invested interest in not understanding the relation of IP addresses to individuals, so let me us this analogy. An IP address is NOT like your home address that you have lived in for years, it IS LIKE a hotel room number that you only stayed in a few days (or perhaps a few hours).

    Attacking people or charging them with crimes based on an IP address, is like charging the current resident of a hotel room with a crime that was committed there last month.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 20th, 2013 @ 4:07am

      Re: Maybe this will help

      to run with your analogy, you can ask the hotel who booked a room at a certain time. it's the same principle behind charging people based on an IP address: find out who was using the IP address.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 8:47am

    Please Please American citizens, elect people with more that two brain cells. Would you really want someone like that to get control of your country and its weapons?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 11:14am

      Re:

      Unfortunately, collaboration between the two main parties prevents this from happening. They use "us versus them" team spirit psychology to keep the public too busy slinging mud at each other to notice that both candidates are actually nearly identical.

      Every election is a choice between voting for an idiot or a moron. Heads they win, tails we lose. It's a vicious cycle, and as long as big businesses can keep funding both parties to guarantee favorable legislation, it'll probably keep going for a long time.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 11:26am

        Re: Re:

        Or until an idiot gets into the Whitehouse and uses some of those missiles that he/she can control.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Mar 19th, 2013 @ 8:47am

    Hacking vs land mines

    Actually, I think it should be, and can be argued to be, legal for you to install any software you wish on your own computer. Including malicious software that lies in wait and can only be activated when your machine is hacked into. That isn't hacking. That's using my personal property as I see fit, in a way that does no harm to anybody unless they are violating my personal property.

    The second issue, making hacking back legal, is absolutely insane. Ignoring the script kiddies, any hacking is probably coming from another compromised machine, not one owned by the hacker. So the hack-back will not affect the hacker, but will cause further harm to a different victim.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 9:02am

      Re: Hacking vs land mines

      Yeah that's what I was thinking inert software that when pulled to a new machine id would set off and run and completely encrypt the system then power off.

      Force the assholes to reformat or make it force their GPU and CPU fans and attack the PSU as well as encrypting. "If you're looking to actually destroy their system."

      IMO a reformat is punishment enough but some people rather take it to the max.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 9:03am

        Re: Re: Hacking vs land mines

        erm cut off again

        force their GPU and CPU fans "run at max"

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2013 @ 9:57am

        Re: Re: Hacking vs land mines

        Yeah that's what I was thinking inert software that when pulled to a new machine id would set off and run and completely encrypt the system then power off.

        Force the assholes to reformat or make it force their GPU and CPU fans and attack the PSU as well as encrypting. "If you're looking to actually destroy their system."


        And if the software is not immediately pulled to the attacker's own machine, but that of one of the hacker's already-compromised victims?

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      LyleD, Mar 19th, 2013 @ 9:11am

      Re: Hacking vs land mines

      I have to agree.. There's two separate issues here..

      First is you can install anything you like and if that happens to be a nastygram piece of malicious code that destroys a hackers computer after they've stolen it, so be it.. Should be legal..

      The second, which as I read it does not follow the story anyway is a back-hack after the event against the IP who attacked you.. While that may sound like fun it's entirely to dangerous as who can say 100% you get the right IP to attack...



      The whole thing reminds me of Ghost in the Shell where everyone's Cyborized with external computing and memory.. When someone gets hacked there they get blocked by active firewalls called Phages which backtrace the connection immediately and fry the brain of the attacker.. Perhaps this Senator's been watching too much Manga?

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2013 @ 11:36am

      Re: Hacking vs land mines

      Actually, I think it should be, and can be argued to be, legal for you to install any software you wish on your own computer.

      Apple would disagree with you on this, and Micro$oft is moving in the same direction. The MAFIAA would love to be able to control everyone's computers, so that they can kill all forms of piracy.
      Long Live Linux and the BSDs.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Keroberos (profile), Mar 19th, 2013 @ 9:02am

    One thing I think this clip clearly shows is that the very people that we need to have advising on legislation like this do a very poor job translating all the technical details into terms the legislators--some of whom seem to have less of a grasp of technology than your average grade schooler--need to understand. Once you start throwing terms like "routing communications" and "IP address" out there, you've lost them. Kerr was confusing Rep. Gohmert rather than informing him.

    This is something the lobbyists and "experts" for some other industries do very well. Their positions and statements may be utter crap--but at least it's understandable crap--and this is why we get crappy laws.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Mar 19th, 2013 @ 9:17am

      Re:

      It is FAR worse than that.

      Move this out of the 'computer hacking' arena and it is totally nuts. He refers to self-defense, but self-defense laws are very narrowly defined and require imminent harm. Until there is a hack that is going to kill people through their keyboards, we are not talking about self-defense.

      This is defense of property. As far as I am aware, there are no states that allow me to go throw a rock through my neighbor's window if they threw one through mine. That would be insane. You call the police and they investigate or you bring a civil action.

      Anyone that suggests that 'hacking back' is a solution needs to hand in their citizenship card and move to the stone ages or some country that we just bombed (possibly back into the stone ages).

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Keroberos (profile), Mar 19th, 2013 @ 9:46am

        Re: Re:

        Move any of the proposed 'computer hacking' and 'copyright infringement' legislation out of those arenas and they're completely nuts, but they just keep proposing them.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    jackspheonix (profile), Mar 19th, 2013 @ 9:28am

    How is this worse than "Series of Tubes" Stevens?

    To me, this level of misunderstanding is worse than the whole "series of tubes" garbage from a few years back by Senator Stevens.


    I'm not disagreeing, but I'm curious how this is worse than Ted Stevens?

    I think Stevens displayed an even thinner grasp of understanding of the internet than Gohmert is doing, currently. I think Gohmert seems to understand how computers work, but is just showing a limited amount of thought into the issue (or a limited ability to reason out his own argument).

    Stevens' display of understanding was terrible, and I don't see how this is worse (bad as it is). So my question is whether I'm missing something, myself.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      nasch (profile), Mar 19th, 2013 @ 3:03pm

      Re: How is this worse than "Series of Tubes" Stevens?


      Stevens' display of understanding was terrible, and I don't see how this is worse (bad as it is). So my question is whether I'm missing something, myself.


      Stevens clearly wasn't particularly computer savvy, but fundamentally his series of tubes analogy was not bad. In fact don't we sometimes refer to them casually as pipes? What's the difference?

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    DannyB (profile), Mar 19th, 2013 @ 9:33am

    Judicial Review

    I assume this hacking back does not require judicial review? Sort of like the Sick Strikes copyright alert system?

    So it's okay for anyone to hack anyone else, as long as they first accuse them of hacking you first?

    That would make sense, because it is okay to accuse anyone (like the MPAA) of copyright infringement six times to get their internet cut off or slowed down.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 9:45am

    This is the tech version of the "I'm afraid if we add more people to Guam it might capsize" issue right?

    Gotta just love the intellegnce that runs our country!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jesse (profile), Mar 19th, 2013 @ 9:55am

    Can I just say it would have been awesome if those rootkitted by Sony could have legally completely destroyed Sony's networks?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Atkray (profile), Mar 19th, 2013 @ 9:59am

    Sony

    So would this would allow people with PS3's to hack back into the Sony servers that modified their computers?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Mar 19th, 2013 @ 10:08am

    No, no Mike. You got it wrong, he gets it precisely. The internet is a series of BIDIRECTIONAL tubes. Whatever this means.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 12:52pm

    Somebody has to suggest it...

    This may sound like a conspiracy theory, but it has happened before.
    Might this be the copyright industry trying to use the guise of hacking to get a law introduced that will later be expanded to include them? Legal to hack "back" infringes?
    The reason I suggest this is due to the fact that they have introduced other measures with buzzwords, just because it would go easier with the public, judges and politicians. An example of this is the danish Anti Piracy Group who made the child porn filter because "Childporn is a thing they understand". And they then, as planned, got it expanded to include other sites.
    It might sound insane for some, but really when you think about it: Hacking and Cyber are the new buzzwords and judging by other stuff that group has done or suggested over the years, would you really be surprised?
    Links about what was said by the danish APG boss about the filter:
    https://www.techdirt.com/articles/20100427/1437179198.shtml
    https://christianengstrom.word press.com/2010/04/27/ifpis-child-porn-strategy/

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    ECA (profile), Mar 19th, 2013 @ 2:04pm

    Some good comments here

    I wonder...

    HOW easy is it to TRACK a bot/advert that has been installed on your computer.

    You goto a site that has ADVERTS and 1 installs its cookie on your system, that TRACKS you, all over the net..
    It opens a backdoor for OTHER ADVERTS for what it THINKS you are looking for..

    This idea(from the article) will take a TON of discussion and cleanup, of WHAT/WHO is a hack..

    I mean, if the GOV. REALLY wanted to track this crap down, they would hok up with a few companies like spybot/AVAST/Malwarebyte and ADD tracking to the data.
    THINK about it..You get a BOT from a site and its LOGGED where you got it..NOT ANONYMOUS..

    A few years back I had a CLEAN MACHINE..and had to install updates and protection. It was dialup, so connected and the FIRST SITE it went to was MSN.. 7 virus and 37 bots from the FRONT PAGE. It took 15 minutes to gain control of the computer...and 6 more hours to clean up..
    I sent a letter to MSN..1 year later they QUIT adverts from 3rd parties.

    Then comes the thought, of WHO do you hold responsible?
    THE SITE? They didnt SCAN and clean it..

    You have to understand WHY adverts are all OVER the place..
    SOMEONE IS GETTING PAID. and there has to be INFO in the bot, of WHO DID IT..so they can get paid.
    The Company wanted Adverts, they shipped it to an ADVERt company, they shipped it to person to DO THE WORK..

    NOW:
    COMMENTS:
    STUXNET..look it up.
    Do you think the Other countries have rights to BOMB the USA with virus after we did it to THEM?? Do you REALLY think this is the first time?

    COMPUTER security is FAIRLY SIMPLE..
    1. MAJOR systems DONT HAVE ACCESS TO THE NET..
    2. ANY outside data to be installed is SCANNED(HEAVILY) before being inserted..from DECODERS to AV/BOT scanners..
    3. ALL input data is TESTED ON REMOTE/OFFLINE systems FIRST. NOT on the primary system..

    dont do this..
    http://consumerist.com/2013/03/08/its-totally-not-cool-that-my-fridge-stops-working-and-tell s-the-wrong-temperature/

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Winski, Mar 19th, 2013 @ 3:13pm

    Goobernuts

    Goobernuts is a certifiable lunatic. PLEASE, help send him to a home in a straight jacket....

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 4:31pm

    There would be interesting side effects...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2013 @ 10:58pm

    "This stream is currently unavailable on this domain at the broadcasters request"

    Did you happen to upset somebody?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Cowherd, Mar 20th, 2013 @ 5:43am

    If you have credible evidence of a crime, you should bring it to the proper authorities. It is not in the best interests of civilized society to allow vigilantes to take the law into their own hands for vengeance.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jeff Smith (profile), Apr 20th, 2013 @ 10:13pm

    Re: Gohmert the unbearable

    I agree with the consensus of the comments (as I interpret it) as follows:
    1- leaving malicious code in a honeypot as a counter-measure/defense to attack on your systems is ethical, appropriate, and justified
    2- tracing the origin of the attack in order to attempt a hackback is too difficult and a foolish idea

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This