Does anyone know if this kind of white hat stuff has been tested by law?
Because it seems in the realm of possibility that if a large botnet hits you and your responses crash a bunch of computers you could do serious time for trying it. I'm hoping there's precedent against this...
He's got a pretty good defence in that all he's really doing is filtering requests and serving up a really large file to some of them. No active agency, and no executable code. If merely loading a large file crashes a computer, that's arguably the fault of the browser and/or OS.
Probably his best defence is the fact that it's really unlikely that the attackers would ever swear a complaint or testify. Kind of a "robbing drug dealers problem". I'd be more worried about being targeted by a massive DDOS.
They have a term for that, its "vexatious litigant." If you do this enough, the court generally makes it hard to get counsel, will make you get your lawsuits approved by a judge ahead of time, and more.
They're probably already committing a felony accessing the computer. The scan is an intent to transmit malware. If that's true, you could make a pretty good fleeing felon argument.
> They're probably already committing a felony accessing the computer.
He bases this attack on IP addresses. IPv4 addresses are regularly shared between consumers. He's tossing a knife into a crowd because he thought he saw someone.
> you could make a pretty good fleeing felon argument.
In a nation that allows you to attack, not just restrain, a fleeing felon.
But his attack may hit a nation that doesn't allow that.
Self-defence is not normally an acceptable reason where technology and law collide.
Let's be frank.
He's serving up malware to potential users who hit too many 404s.
> Awesome! My production implementation of the bomb also looks at 404's and 403's per IP and if there are too many of those it will send the bomb. [0]
This could be exploited by a third party, which makes him complicit.
He targets IP addresses, and as the IPv4 world often shares those, he can attack innocent bystanders who happen to be in the same allocation as a miscreant.
Finally, self-defence is established as denial or dropped connections. As he's intentionally avoided established practice, and developed an attack instead, it becomes undue harm.
Let alone if he attacks someone in a nation that has an extradition treaty, but no concept of this sort of "fighting back".
In a perfect world, that's what he's doing. In reality, he's potentially being a big jerk to legitimate users and giving a tool that can allow malicious people to send victims his way. It'd be self defence to cut the connection, not to send harmful files.
That's a good point, although I think the innocuosness of the action would be at least a mitigating factor. I wouldn't expect MS to take any blame, but the "damage" being due to faults in the OS or browser would also be mitigating---a minor rearend collision on a Ford Pinto could cause it to explode because of a design flaw, but the driver of the other car wouldn't be charged with arson. (Afterthought: he might be if he rammed it deliberately, so I guess that supports your thesis rather than mine)
The UK (or English?) law about self defence is "back to the wall", i.e. you can invoke leathal force to defend your own life when your back is against the wall, when you have no other option, and no way to escape. In other words, if you can retreat from the situation, then you must retreat.
Some places in the USA have "stand your ground" laws. These say you aren't required to retreat, that you can "stand your ground", that you can use (legally) leathal force without requiring that your back is against the wall.
As I recall, stand your ground laws, based on castle doctrine, means that "but you could have fled your own home" does not invalidate self-defence. I think you are still required to retreat when on the street.
As for people running away, the only way I see self defence working is when they still pose an 'imminent threat to life' which seems rather hard to argue.
The castle doctrine is distinct from "standing your ground", though it is to some extent subsumed because most stand-your-ground laws say that you have no duty to retreat from a place that you have a legal right to be, which naturally includes your home.
Florida [1], for example, says:
> ... A person who uses or threatens to use deadly force in accordance with this subsection does not have a duty to retreat and has the right to stand his or her ground if the person using or threatening to use the deadly force is not engaged in a criminal activity and is in a place where he or she has a right to be.
In section 0776.013, the castle doctrine is also noted, but is more expansive, and includes the use of deadly force even if there is no threat of imminent harm.
Never say never, but it would be very rare for a fleeing person to pose immediate threat.
Examples would be people running for a gun, running to get help, running to kill someone else, or running for cover.
I think all of those cases are covered by any imminent threat clause, and thus do not need special exemptions. Just like there isn't an exemption that you are not allowed to shoot a retreating person. It simply follows because (with exceptions) retreating people aren't imminent threats.
It gets much harder to argue, but you'd have a case if they were, for example, running back to their car to get weapons. I'm sure you can think of a hundred other scenarios as well.
That isn't normal, though. It's likely that you were already feuding, and so the law will look askance at you for not bringing authorities into it much earlier.
What if they have stolen your property. Do you not have the right to get it back by force? Does the value of the property matter? If so, who gets to decide that in the moment?
The value of the property does not matter. They do not pose a lethal threat and therefor cannot be shot.
At least, that's how it should be, I don't know legally.
In Texas you may make use of your weapon to stop the execution of a crime if you yourself are not also engaged in criminal activity. It's far larger than castle doctrine because it applies anywhere.
I'm not arguing for actually using the law to shoot people: I don't ever want to be in that situation myself, but I'm saying depending on the situation you do in fact have the law on your side.
UK common law as it pertains to "duty to retreat" and "self-defence", is largely a question for the jury. There is no fixed legal standard other than whether the actions were reasonable given the person's knowledge of the situation at the time.
The US tends to be a little more prescriptive, leaving a situation where different jurisdictions have more specific requirements for defining what constitutes self-defense.
Juries in the UK tend to have significantly more responsibility for making judgments like these, leading to a system where evolving views of what is right and wrong can result in standards naturally evolving over time, rather than being fixed by what people thought was okay thirty years ago.
Yes, in Texas you can use lethal force to prevent a burglary, robbery or theft (at night) and can also use lethal force on someone fleeing with stolen property in order to recover it.
Most of those laws are self defence laws. The US & the UK have slight differences, but you're often allowed to use leathal force to prevent yourself being killed.
You're allowed to use equal force in the UK, as I understand it, which means if someone attacks you with fists, you can't shoot them in return. If you're in danger of being killed, then you'd be able to use lethal force.
A better outcome for an infected machine is complete failure than silent intrusion. The person then definitely knows something is wrong, AV software or not.
Moving your money between banks... (In different countries)
Buying stocks... (With insider knowledge)
A simple act doesn't spell the whole story, and fraud, computer crime, etc laws are written vaguely enough for a country to prosecute someone " sending large files."
Because it seems in the realm of possibility that if a large botnet hits you and your responses crash a bunch of computers you could do serious time for trying it. I'm hoping there's precedent against this...