Ethical/Justifiable Hacking???

[phenious]

I was talking to a friend of mine and we were discussing the Ethical and Legal ideas behind hacking hackers or crackers. In the US it is legal to shoot people trespassing on your property so is it legal to “digitally shoot” these people trying to break into your system? I’m not talking about going after ignorant people who spread virii but rather the people that scan you daily with a Sub Seven Probe checker and what not. Now, we know that crackers can load scanners onto other users computers just like a virus can be loaded but upon closer inspection of the users files one could tell if it was the user running it or services were running the program. Sure mistakes could be made but that’s life. What is your take on it? Should we be able to fight back legally? I would assume most of the time if you destroyed a crackers’ HDD they wouldn’t report it either but I don’t know. There is always the way of tracing the IP and reporting it to their ISP and demanding action. Normally they kick the user assuming it’s a subscription user. He/She can just sign up with another ISP and get going again. What is your take on the matter?

-: phenious :-

Darn I wanted to do a poll guess I messed that up. Can a mod add one please? Wanted: 1. Hack them back 2. Call the ISP 3. Seal your computer and let the ignorant get hacked

[DPA]

in my opinion, digital invasion is the same as a physical invasion of private property, and in doing so, a hacker should expect to be attacked when in anothers "house."

I feel that you have every legal right to defend yourself as far as keeping him/her from coming back.

I also feel that an ISP should be able/responsible for such attacks through them, and give a victim enough information to file charges against the assailant

with crackers, do you mean people who alter programs from their original state to run with a modification such as "no cd" or do you mean password crackers who gain access to a system by forcing a password?

Any of the above is in my opinion directly linked with tresspassing, and for all i know, stealing too, so if you're in my computer, the hand's gonna have to come off buddy...

[phenious]

Well as I have grown up in this digital world the Term Hacker is reserved for people who make things do what they want, Modify code what have you. Crackers are the ones who do that but use it in a malicious fashion causing damage/loss of money or time. They are the bad guys... hackers are the good guys. Most people here could be considered "hackers" I would imagine. Please dont get my started on the "Ha><0r" though lol.

-: phenious :-

[DPA]

i see your direction now, i don't really have a position on crackers as i have never seen their damage, but with hackers, generally all the "good" hackers don't do much other than watch their own backs, maybe a friends, all the other ones seem to be trying to break into my system and what have you. Punks have tried stealing images from my computer, etc, made me get all security paranoid..

[phenious]

My main reason for posting this thread was to stop craping on the Music download thread. I find the two threads releated because a large number of computers are hacked its to store and use the Bandwidth on that computer. They use the computers to serve files to other people who know how to access them. So if the RIAA was to go after them they truely wouldn't be at fault except for not protecting their system fully or having a week password. It makes it even harder to catch the right people in these situations.

-: phenious :-

[Siliconjunkie]

Well, I am torn on this.

First, you don't know if the source that the attacks are coming from is something that the attacker "owns" or something he is just bouncing off of. So, if you attack an IP because an attacker is coming from it, you may be attacking grandma and wiping out her cookie recipies.

While I have no problem with turning the tables on someone attacking you, you need to be certain that you know who is attacking you, not just the address.

There are also a number of pieces of software that will assist, such as portsentry, that will shutdown communication with an IP after certain actions are taken or ports are probed.

Now, as for what DPA said equating it to a home attack, there is a very fundimental difference. A digital attack does not place your person or home in danger. If you are worried about an attack, you can unplug and you are instantly immune, you can't just unplug your home to ward off thieves.

On my leased box I run snort/acid, and every 1 or 2 days I go thru and e-mail abuse deparments at a dozen or so ISPs to inform them of attacks from code-red/nimda infected machines. And, yes I do believe that they read them based on responses I get. I can't say what they do beyond that, but they do read them. The ISP is your best hope at a legitimate fix, either by shutting off the attacker himself, or shutting down one of his points of attack.