My First Denial of Service Attack..... (fwd)

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <Pine.BSI.3.91.961007142537.18460A-100000 at fig.leba.net>, Tersian wri
tes:
> 
> > Here's a non-relevant anecdote you reminded me of:
> > 
> 
> Your anecdote reminded me of a story someone told me recently about AT&T.
> 
> I am not going to type it all out here, but I will summarize.
> 
> Company A hires Company B to do some trenching along the highway to 
> install new fiber for Company A. Company B's backhoe operator 
> accidentally cuts a major AT&T backbone causing serious outages. AT&T not 
> only sues the backhoe driver, but Company B and Company A, forcing them 
> both to declair chapter 11.
> 
> My point is here, if we start taking hackers to court, what happens in 
> this scenario:
> 
> 
> Hacker is from badguy.com telnets to compromised.jumpoff.com then SYN 
> floods att.com?
> 
> [Disclaimer: the hosts above were for demonstrative purposes only, the 
> hosts are fictional, bearing no direct correlation to any living or dead]
> 
> Who gets sued? Both providers, neither, or just the hacker?
> 
> It brings up some interesting questions. 
> 
> 
> Ben


It sort of depends on whether the providers contracted the hacker to
do the work on adjacent property (their computers) and strayed onto
AT&T property (AT&T's computers) and did damage as in the backhoe
case.  If so, you'd have a similar case.  An analogous case would be
something like provider.A hires consulting-firm.B and their programmer
attacks AT&T's network.  Companies need to have written "thou shalt
not hack" policies and take reasonable precautions to insure that
their employees or contractors are not hacking.

Back to your example.  IMO: The providers would be at a liability risk
if they did not provide reasonable measures to insure that they did
not contribute to the damages done to another party.  This is like
other liabilities where if someone is injured you are at risk unless
you did everything reasonable to prevent putting other people in harms
way.  Given this interpretation, compromised.jumpoff.com would be at
risk if they could be shown negligent in the administration of their
site.  If they left the door wide open to hackers, IMO they'd be at
risk.  If they were warned due to prior incidents and continued to
leave the door wide open, they'd be very seriously at risk.

#include <not-a-lawyer.std-disclaimer>

Curtis

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]