Hacker News new | ask | show | jobs
by Nacraile 4473 days ago
IANAL, but I've seen this discussion come up multiple times, and the problem is that the counterattack would technically be illegal. The fact that somebody else has already broken the law in order to compromise an innocent bystander does not give anybody else the right to do the same thing. Vigilantism is as illegal on the internet as it is in the real world.

This is a huge constraint for the people (e.g. at Microsoft) who work to identify and take down botnets: they expose themselves to significant legal/PR risk if they do anything harmful to the bots.
1 comments
ivanca 4473 days ago
But this could be considered self-defense which is granted by most law systems.
link
Nacraile 4473 days ago
Again, IANAL, but my understanding is that the concept of self-defense is specific to the use of force, rather than broadly applicable. You'll find it difficult to prove an immediate thread of physical harm from a DDoS.

And even if it were legal, you'd still have to deal with all of the "$SELF_DEFENDER broke my web site" PR unpleasantness from the innocent bystanders.

link
PeterisP 4473 days ago
Self-defense is granted only for a direct, immediate physical threat - for example, if someone is blackmailing you, defrauding you or extorting "fire insurance for your warehouse" then self-defense doesn't allow you to do anything to them; if you smash the computer of a blackmailer, it's just as any other computer-smashing.
link
mobiplayer 4472 days ago
This is like someone hitting you with someone else's arm while they're sleeping (attackers use compromised hosts/networks) and then you go back and burn the sleepy guy.

That doesn't sound like self-defense at all :)

link
ivanca 4472 days ago
That's probably the worst analogy I have ever heard; or is this killing with someone else hand something common... somewhere?
link
mobiplayer 4471 days ago
Well, that's not common anywhere as far as I know, but you didn't say why is it a bad analogy.

I any case let me clarify what was my purpose as it seems I'm not good at analogies. The point is that you're attacked using compromised computers so it is incredibly stupid to retaliate to the source of the attack.

Hope that clarifies!

link
ivanca 4469 days ago
Is incredibly stupid to assume you are not liable for what you own; that's the reason why the cardholders gets in trouble by lending his credit card to friends or not reporting it has been stolen. The same thing with cars; if someone else drives you car you are in big part responsible for what the car is being used for (i.e. a friend and a bank robbery)

Hope that destroys your absurd misconception!

link