To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- At the HotBots conference back in april, we had several lawyers present and this question was brought up.
Unfortunately, it was the legal opinion that just jumping into a C&C IRC channel could be construed as illegal, much less controlling them. It's not *your* channel, and they aren't *your* bots. This issue seems to be completely divorced from what kind of activity the bots are doing. Needless to say, this was *not* well received, especially by the overwhelming academic contingent (who are accustomed to getting away with just about anything in the name of academic research ;-) I actually countered the point by stating that IRC is a public communication medium, but it didn't really matter much. After thinking about this further, I have come to the personal conclusion that if I was seen to have "reverse-engineered" the channel password, then I can see how a case would be made against me. If there was no channel password, then I think (IANAL) I can jump in the channel, but not do anything. Of course, I find this all completely ridiculous, but that was the opinion I heard. The lawyer wasn't all that thrilled about maintaining that point in front of that group of people either, but he did. As a counterpoint to this ridiculousity, I've had a couple conversations with SS folks who maintain that data collection is not illegal. This was in reference to participating in carding forums (specifically), but I wonder/think the analogy may hold for C&C channels. IMHO, there's no clear legislation that defines what you can't do in an IRC channel. If put to the test, you will probably be held to an outdated and imprecise premise that boils down to this: If it isn't yours, then you shouldn't be there. If you actually DO anything while there, that's even worse than being there. /me shrugs Don't shoot the messenger, I'm just relaying what I heard. If anyone has strong legal support for an opposing view, then, believe me, I'm all for it. -- S.f.Stover http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15FFC42A _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
