Countermeasures against Botnets – Legal aspects

The NATO Cooperative Cyber Defense Centre of Excellence based in Tallinn, Estonia just released a study about the legal implications of passive and active countermeasures against botnets. This investigation is made in collaboration with European Network and Information Security Agency (ENISA). It covers the legal aspects of fighting against botnets taking into account the German and Estonian law.  The study was created by two legal experts, one attorney, two scientists and a post-graduate civil service trainee. It’s very well written and it uses an interdisciplinary language which makes it accessible to people who aren’t specialist in information technology or legal.

It covers a variety of interesting topics such as assuming a system is compromised by a botnet. One of the steps, as part of the incident handling process, is that you might capture and inspect the traffic in order to detect and analyze the botnet traffic. However, from a legal perspective the study presents a variety of legal concerns regarding this. Some of them are personal data protection, unauthorized surveillance and confidentiality of communications. It means such monitoring might be perceived as breach of criminal law.  Even if some of the laws were not written in light of cyber space it still can apply.

Another topic with very unique characteristics and legal concerns is running a honeypot to collect, store and process data to learn about botnets. What are the legal concerns about sharing the data gained from running the honeypot? Or how it can be challenging for a private researcher to prove that the data he is collecting is for scientific interests.  These and other legal concerns are discussed in the study.

How about the takeover of botnets? Which assumes you successful infiltrated the CnC server. If the Botnet is taken over with the intent to eliminate and prevent crime and not prepare one, it still has implications under criminal law. Given the uncertainty of jurisdictional traits on how to handle such situations there is the risk of someone making him susceptible to prosecution. Other topics include: Takedown of Command and Control Servers, Automated Immunization or Disinfection, Botnet Mitigation Techniques under Exceptional Circumstances, Duty to Act against Botnet Attacks and Liability of Owners of Infected Hosts.

Apart of that, through out the study there are excellent reference’s that provide supporting and corroborating evidence of their assertions. Definitely a must read for security professionals involved in incident handling and others.

Advertisements
Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: