Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: If Lycos can attack spammer sites, can we all start doing it?
From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Dec 2004 12:19:02 -0500

On Wed, 01 Dec 2004 22:22:30 EST, KrispyKringle said:

The Computer Fraud and Abuse Act
(http://www.usdoj.gov/criminal/cybercrime/1030_new.html) forbids one to,
among other things, ``knowingly cause the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally cause damage without authorization, to a protected
computer,'' which pretty much covers viruses and other malware. This
would appear to apply to the Lycos software as well, given that it
``causes damage without authorization to a protected computer.'' So that
is the key point, one that has not, to my knowledge, been tested in court.

The point that Lycos is probably betting on is the "causes damage".  If their
rate-limiting works, they're *NOT* actually causing a DDoS - if the site is
still responding, claiming "damage to the computer" is quite the reach.

Damage to the bandwidth bill from your provider - that's something else.  Not
sure that's a criminal offense, but I'd not be at all surprised if the ISP
left holding the bag for the unpail bill (what - you think the spammer will
actually pay for the bandwidth? ;) might go after Lycos on the "your actions
cost me money" theory of civil tort.

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]