AccessMyLibrary provides FREE access to over 30 million articles from top publications available through your library.
Create a link to this page
Copy and paste this link tag into your Web page or blog:
Honeypots: a sticky legal landscape?(catching computer hackers)
I. INTRODUCTION
With today's enhanced focus on cybersecurity, governments and businesses are looking for effective tools to prevent and detect attacks on their critical information systems. Effectiveness needs to be measured not only in terms of technological feasibility but also in terms of legality. One innovative technique is the use of so-called "honeypots": vulnerable computer systems or networks designed to be attractive to hackers as a target for intrusion. Honeypots can not only deflect the attention of hackers from an organization's "real" system, but they can also provide investigators with the ability to gather detailed and contemporaneous forensic evidence about the hackers.
An intruder into a honeypot may be obtaining access simply as an intellectual challenge or in order to facilitate more serious criminal activities, such as the storage of child pornography or the launching of "denial-of-service" attacks against other systems. Whatever the ultimate purpose of the intrusion, under the laws of most industrialized nations, obtaining unauthorized access to the honeypot should itself be a criminal offense.
Concerns have been raised in technical literature and chat rooms, however, about the legal risks associated with the operation of a honeypot. Uncertainty about the legality of honeypots may deter their use as a tool in the fight against criminal and terrorist attacks against critical information systems. This Article examines two key areas of concern: entrapment and privacy. As with much technological development, there is a need to apply existing legal rules to the innovative scenario to assess the legal risks involved in such activities.
As is obvious from its moniker, honeypots are designed to attract visitors. By attracting a potential criminal or terrorist, however, a honeypot may be viewed as a form of entrapment. (1) Such a finding would render the use of a honeypot as an evidential tool ineffective. Section II of this article reviews the doctrine of entrapment from a comparative law perspective. The operation of a honeypot also enables access to communications between hackers when carried out via the honeypot. (2) Such access raises questions concerning lawful interception or other privacy concerns. Section III examines the relevant privacy rules in the United States and the United Kingdom.
Key problems when pursuing those engaged in criminal activities across the Internet are identifying the perpetrator and obtaining sufficient evidence to commence legal proceedings. Honeypots can be an effective tool in addressing these problems. The legal implications of such techniques, however, need to be considered during the design and implementation of the honeypot; section IV makes some recommendations for those considering using a honeypot.
II. WHAT IS A HONEYPOT?
- Why virtual honeypots are sweet; Authors discuss latest honeypot security...
- Magazine article from: Network World Messmer, Ellen August 10, 2007 700+ words
...building virtual honeypots. So what's a virtual honeypot? Provos: Honeypot...of the latest honeypot tools. For...mention client honeypots, particularly...of commercial honeypot products and...people talk about honeypots much. Provos...
- Sun Tzu's ghost in the machine.(discussion of the pros and cons of honeypots --...
- Magazine article from: Journal of Internet Law Bershad, Robert E. October 1, 2002 700+ words
...is still at work in the form of the honeypot. VALUE OF HONEYPOTS A honeypot is a Web site, computer program, or...consider whether they should install a honeypot in the firm's network. Honeypots perform a number of data security...
- SECURITY ADVISER: Honeypots as sticky as ever; New developments make honeypots...
- Magazine article from: InfoWorld.com August 24, 2007 700+ words
...written an excellent honeypot book in "Virtual Honeypots: From Botnet Tracking...As a seasoned honeypot and honeyclient professional...Niels' excellent honeypot software. CaptureBAT...free tool for Win32 honeypots that analyzes file...
- Luring hackers to the high-tech honeypot.(Enhancing monitoring...
- Magazine article from: Dallas Business Journal JONES, JIM June 1, 2001 700+ words
...monitoring of honeypots has been the domain...years, commercial honeypot offerings have...the attacker. Honeypot features Honeypots may: * be deployed...and analyze the honeypot events without...the future of honeypots will likely include...
- Enter the Honeypot.
- News wire article from: Asia Africa Intelligence Wire July 1, 2003 700+ words
...the beauty of the honeypot and honeynets lies...their versatility. "Honeypots are flexible tools...interacting with the honeypot. For this reason, some honeypots are crammed with...steal. Another way a honeypot can deceive a human...
- SECURITY ADVISER: Honeypots as an early warning system; These sticky traps make...
- Magazine article from: InfoWorld.com December 16, 2005 700+ words
...up and use a honeypot, and not just...was entitled Honeypots for Windows. Honeypots are any non...and malware. A honeypot is usually a...up, but VM honeypots are subject to...as a possible honeypot. Luckily, this...
- Microsoft to lure worms into honeypots.
- Magazine article from: IT Week (UK) March 14, 2005 700+ words
...revealed it is working on honeypot technology to repel...worms. Experts said honeypots will be a key weapon...who has worked with honeypots for several years - also argued that a Windows honeypot would be easily recognised...such technology. "Honeypots are a precious component...
- Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months.
- News wire article from: Asia Africa Intelligence Wire December 24, 2004 700+ words
...last month, similar "honeypot" research done by AvanteGarde...four minutes. Although Honeypot Project deployed several Windows-based honeypots, it felt they were...minutes. A pair of honeypots in Brazil, however...again and again). One honeypot running Red Hat Linux...
- ADVISORY/Sourcefire Founder and CTO to Provide Security Insights at...
- Press release article from: Business Wire November 4, 2002 700+ words
...sessions: "Finding the Honeypot That's Right For...Overview of Types of Honeypots" and "Enhancing...Detection Systems with Honeypots." The "Finding the Honeypot That's Right For...Overview of Types of Honeypots" session at 10...
- SECURITY ADVISER: The Honeynet Project - Honeynets and honeypots are sweet...
- Magazine article from: InfoWorld Andress, Mandy May 20, 2002 700+ words
...mechanisms, as well as the honeypot systems themselves. VMWare...security/ids/20020107-honeypot-vmware- basics.html and...infocus/1506, respectively. Honeypots and honeynets are becoming...enteract.com/~lspitz/honeypot.htmland http://project...
Source: HighBeam Research, Honeypots: a sticky legal landscape?(catching computer hackers)