This opinion is not mine, but the one of Tim Mullen, from SecurityFocus Online. In this story, he expresses some strong ideas regarding systems infected by worms.
I believe you should have the right to neutralize a worm process running on someone else's infected system, if it's relentlessly attacking your network. I've even written code to demonstrate the process. Though the initial news coverage of the concept was grossly inaccurate in conveying my ideas, it has stirred up a constructive dialog.
I knew my idea was controversial, but I was wrong about something -- I figured everyone in the security biz would "get it" and that the hard part would be convincing everyone else that if they can't or won't secure their machines, we as the defenders would have the right to terminate the process attacking us.
It has turned out to be the opposite.
The author then looks at the criticisms about this strikeback idea raised by some security experts -- to dismiss them of course. His *opponents* include Eugene Schultz of U.C. Berkeley's Lawrence Berkeley National Laboratory or Bruce Schneier.
Finally, he suggests a "new way of thinking about the parties involved in a strikeback scenario."
Since the owner of a system has no responsibility for the actions of a worm, or any malicious process, that runs without their knowledge, I submit that they also have no rights to the process. No responsibility means no rights.
So, if they have no rights to the process, there is no infringement against them when we neutralize it. If someone wants to claim that their rights were violated by our taking out the attacking process, then they should be held accountable for the actions of the process from its inception. They can't have it both ways.
I'm not sure I completely endorse his idea, but his claims have some merit.
Source: Tim Mullen, Security Focus Online, January 13, 2003
12:15:08 PM Permalink