Speaking as someone who deploys honeypots on a reasonably routine basis, the person accessing it is going to the be the one who gets the big ugly shaft in court.[/QUOTE]

No. Two things here:

1) You still have a person gaining unauthorised access, a big no-no and one the courts are going to be extremely interested in

2) It's my box and I can do whatever I want with it, including the logs generated by it or traffic to or from it

This is a common misconception. NO disclaimer whatsoever is required. It may be desirable from a CYA standpoint if you have legitimate users on the box and don't want them suing you if you end up having to sniff their traffic, etc. but that does NOT make it OK in the eyes of the law to illegitimately gain access to a system.

That they think this would hold water demonstrates their ignorance.

Are you sure it's just 5? many laws changed with homeland security, and alot of stuff has come down since 9/11, including but not limited to the changes involving state and country borders qualifying as cyberterrorism, especially if it happens against a milnet


Qu|rk-

What sources are you using for your assumptions?

As mentioned...you have received some VERY bad information here. A Warning Banner isn't needed in order to prosecute..and ignorance of the law is no excuse for breaking it.

Also, your logic about the honeypots is severely flawed. That said...I don't think you'd be very successful in court trying to prosecute someone for compromising your honeypot. It is a box with the designed purpose of tracing unauthorized access. That said, the "entrapment" card could be played I think.

I have no knowledge of a successful case where someone that just compromised a honeypot was prosecuted, does anyone else?

just a thought I had....

If you trust an operator in a field that would require/facilitate the need to have a honeypot... and they botch it, their job would very short-lived. Any of those that I have ever put up and configured are run by someone who has a bit of intelligence, is sitting on CISSP as a minimum, may have, or is working on ISSEP and is more than aware of the issues that surround it. Rumor has it that HIPAA will be playing a factor shortly with the laws surrounding it and computer/digital/forensics, so anything that may be questionable now is sure to come with more BS that will complicate things for those who deal in the field.

That is almost as bad as those who try to evade software copyright laws, use a 3rd party decompiler, modify then install the software, saying they never read the ToS due to the fact that it doesn't exist...which it may not if they edited it before they initially installed... I have to agree with Skroo on this one, no judge in their right mind will allow that to fly, even if it is the case and was blatant abuse of a loophole.

Sidenote: Any hacker that is going to be playing with a honeypot, be it aggressive or not better have some skill and brass balls. They are nothing to fool with, and a big ego or god complex would get you arrested very quickly if one were to tamper with most of the businesses or institutions that have them actively deployed.

Qu|rk-

I agree with you that it would almost certainly be entrapment to attempt to prosecute someone for compromising a honeypot, but did have a semi-related thought.

Let's say that l33tskr1ptk1d 'cracks' the honeypot, then goes on a doorknocking expedition across the class C it sits on. He finds the Internet-facing IIS server used for web-based VPN clients to connect to, and figures out that it's exploitable. He cracks that one as well, and starts roaming around the company network. Boom, you now have an intrusion and can call the feds in.

It would seem to me that while he probably couldn't be prosecuted for cracking the honeypot, the logs from the honeypot might be useful in demonstrating his prior intent to crack the VPN server. I'm not personally aware of any cases where this has happened (or even if it's been tried), but may be useful in establishing a chain of evidence.

It's not a loophole at all. If you fail to accept or comply with the terms of a license of a given piece of software, you are simply not licensed to do anything with that software, period.

Using a 3rd party tool, decompressing the archive, editing, and removing all licensing and the ToS itself, then repackaging and installing...doing as you wish, and stating there was no ToS (due to the fact you removed it) isn't a loophole?

Qu|rk-

Copyright law states that *anything* you create automatically carries a copyright regardless of whether or not you've labeled it.

There's no "Terms of Service", software is subject to a licensing agreement (EULA) in which the copyright holder gives permission to others to use software under a given set of terms.

If you don't comply with those terms, you're in violation of the copyright. Simple as that.

If a copyrighted item is NOT filed with the Library of Congress the owner cannot sue for damages, however they can still demand a Cease and Desist.