Monday, April 14, 2003

Holding Owners of Compromised Computers Responsible

I've heard several people refer to legal activity in Texas, where victims of intrusions were being sued when the original victim's systems attacked third parties. This happened in 2001, when systems at Exodus were allegedly compromised and used to attack Web-hosting company C.I. Host. Marc Zwillinger mentioned this is this webcast, saying the suit was moved to Federal court and then settled out of court. His slides included this scan of the indictment. From this article:

JUST BEFORE 8 A.M. ON FEB. 1, 2001, C.I. Host, a Web-hosting company with 90,000 customers, was hit with a crippling denial-of-service attack. By the end of the day, after outage complaints from what CEO Christopher Faulkner described as "countless" customers, the Fort Worth, Texas-based company got its lawyers involved. . . In an injunction filed in a Texas district court and later moved to a U.S. district court, C.I. Host alleged that the defendants committed or allowed a third party to commit a denial-of-service attack on C.I. Host's systems. The defendants insisted that they were victims of a hacker themselves, not the perpetrators of a crime. The case never made it to trial, but C.I. Host's lawyers did convince a Texas judge to issue a temporary restraining order shutting down three of the Web servers involved in the attack until the companies could prove the vulnerabilities had been fixed.

The other popular case is well-documented in the 2001 CSI/FBI Study:

The U.S. Navy's Criminal Investigative Service (NCIS) is in the throes of an investigation into how and why an as yet unidentified hacker stole the source code to OS/Comet from a computer at the U.S. Navy's naval research lab in Washington, D.C. in an attack conducted on Christmas Eve, 2000. OS/Comet was developed by Exigent International (Melbourne,FL), a U.S. government contractor. The software has been deployed by the U.S. Air Force on the NAVSTAR Global Positioning System (GPS) from its Colorado Springs Monitor Station, which is part of the U.S. Space Command. A copy of the OS/Comet source code was found during a police swoop in Sweden on a computer company whose identity has not been revealed. The intrusion appears to have emanated from a computer at the University of Kaiserslauten in Germany, which was used to download the software's source code via the Web and the service provider, which is owned by the Swedish firm Carbonide. The hacker known only as "Leeif" was able to hide his or her true identity by breaking into the account of a legitimate user and then using that person's account to distribute the source code to others. Exigent has filed suit against both Carbonide and the University of Kaiserlautern in Germany. The NCIS's inquiry is being headedby the NCIS headquarters for European affairs in Naples and by its London bureau, which deals specifically with Scandinavia.

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.