On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu

Friday, 18 November 2011

Retributive malware protection, hacking laws and self defence - is there a "reasonable force" in cyberspare?

If you confront me in the street with violent intent and I whack you in the face there's a good chance I can argue self defence and avoid punishment; similarly if I belt someone in an attempt to stop them stealing my car.

It's well established that assault, more precisely, the use of "reasonable force", is sometimes necessary and valid. The Crown Prosecution Service website states:

A person may use such force as is reasonable in the circumstances for the purposes of:
  • self-defence; or
  • defence of another; or
  • defence of property; or
  • prevention of crime; or
  • lawful arrest.

After a bit of banter on twitter I wondered about the possibility, morality and legality of retributive malware prevention.

One of the natural moderators against some forms of physical violence in the real world is the fear of coming off worse.

If, in hacking or otherwise attacking my computer with malware, there was a risk of the attacker coming off worse, wouldn't it act as a natural moderator against such a crime?

I'm sure it would be possible to build this into popular antivirus software.  When a verifiable attack is detected, computers could counter-attack with a wide range of known exploits.

If an exploit succeeds, wipe as many critical files as possible from the system directory, disabling your attacker - reasonable force in order to defend your computer, your property?

Of course there would be collateral damage; many malware attacks are launched from compromised machines belonging to innocent third parties.  But there would be a public good in taking a compromised machine out of service, preventing further attacks; and the machine, in distributing malware, is already compromised - damaged - in need of repair.

Do we now start to see a definition of "reasonable force" as disabling the operating system, removing system files which could be replaced by a repair technician with physical access to the computer, but leaving all other files untouched, so as not to risk trashing irreplaceable items such as family photographs, etc?

The problem is especially acute for server operators.  Running a small farm myself I regularly see automated attacks in the region of 6,000 per day, per machine.  I've given up monitoring and tracing - I used to fire-off emails to the registered owner of the IP address block, but it never seemed to help.


1 comment:

  1. It's been tried, it's a bad idea. What happens is that "bad guy" writes malware to look like ti comes from "third party" whom you then attack.

    This is also known as the "suicide" provision in certain forms of anti-malware software - I want to attack you, so I forge an moderately benign attack that appears to come from the internet's DNS rootservers. You block those. You thereby disable yourself from Internet access. QED.


Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.