Monday, October 18, 2010

War or just "good, clean fun"?

Over the weekend, I've gotten some serious pushback from a 19 year old hacker in the Netherlands. You might say my last posting (on the attack from China) had the same general effect on him as does a full moon on a werewolf (hats off to the late Hunter Thompson for the metaphor, which I plagiarized years ago for my own Web site). Besides being in a serous state of denial about any current state of cyber war, I got the impression that a vast body of so-called hackers view all IP addresses as fair game, kind of mountains to be climbed for recreation. Therefore my report of a China-based IP address taking a concentrated 83-shot volley against my Web server in just 12 seconds was nothing for me to be alarmed about. I should use better security and "change my SSH".


I'll talk in later blogs at some length as to whether or not we're really into a cyber war. Right now I need to draw my own line in the sand, with due respect to a rather large community of recreational cyber enthusiasts who regard the challenge of hacking into an IP address as good, clean fun. If you break into my house, pick the lock so to speak, I can legally employ lethal force. Such rights of self-defense do not exist in the cyber world. If you break into my computer and I burn you from my computer to your computer, I have some serious legal liability. I don't care whether or not you are some 300-pound bipolar sysadmin from the Netherlands out on a 48-hour manic marathon of cyber mountain climbing, or a Chinese government-sponsored agent mapping the US infrastructure and planting data bombs in utilities. You try to break into my computer, you're fair game for me. 


I haven't heard back from the Chinese IP contact in my last post, nor have I heard from the FBI to whom I reported the incident. I'll let you know when I do.


Now, to stay on message about the legitimate use for legally authorized privateers to (a) help fight cyber crime, and (b) help pay the US national debt, I refer you to an article in today's Computerworld about Zeus botnet targeting Charles Schwab accounts. Some serious thieves are at work here. So how about the US Congress issuing some Letters of Marque and Reprisal to … dare I say it … a few enterprising hackers who have the know how and patience to loot the accounts of Zeus thieves? How about we allow them to split the proceeds 50/50 with the US Government? It'll create jobs and help pay down the national debt.