Re: If Lycos can attack spammer sites, can we all start doing it?

[KrispyKringle <krispykringle () gmail com>]

n3td3v wrote:
> Could botnets actually become legal, as long as they only attack
> unsolicited mail, 

Not being a lawyer, I still think you've missed the point.

The defense Lycos is using is NOT that these are spammers sites, so this
is somehow legal--it would not be. Vigilantiism is never legal; you
would never be able to defend something that would otherwise be criminal
as legal simply because it is being done against a criminal. The defense
they are using is that it is a fundamental principle of the Internet
that one can visit a Web server, and that to visit the server many
times--even at risk of denying service--is not illegal.

The Computer Fraud and Abuse Act
(http://www.usdoj.gov/criminal/cybercrime/1030_new.html) forbids one to,
among other things, ``knowingly cause the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally cause damage without authorization, to a protected
computer,'' which pretty much covers viruses and other malware. This
would appear to apply to the Lycos software as well, given that it
``causes damage without authorization to a protected computer.'' So that
is the key point, one that has not, to my knowledge, been tested in court.

I'm actually unable to find anything more specific regarding DoS attacks
in the Computer Fraud and Abuse Act, but I don't know much more about
what laws govern these actions. The CFAA seems to be focussed on
unauthorized access, not denial of service.

Of course, there's also the civil common law issues, specifically
whether it is negligent of Lycos to distribute such a program.

IANAL.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html