Monday, January 11, 2010

It Wasn't Me, It Was the Seeder Worm

The media cartels like to hold the user of an IP address liable for any file sharing done through that IP. So if someone breaks into your WiFi and runs bittorrent it’s your fault. To some degree I believe that it’s the responsibility of the individual to secure their network that problem is basically intractable. At any rate, you could have DMCA invoked on you for whatever happens on your assigned IP address. I’m fairly sure the legality of this is debatable, especially looking at the response templates provided by the EFF for TOR users, but I’m a hacker not a lawyer.



Who’s liable if my server gets infected with Slammer or Conficker? It came to my system from some other system. Shouldn’t the owner of that IP be liable? I haven’t heard of any legal pursuit to that effect. It would seem that if you get infected with a worm it’s not your fault and you won’t be held liable.



To put this in perspective, if someone gains access to your network and uses it for file sharing you’re liable because you control the security of your network. If your system gets a worm and is infecting other systems on the Internet you’re not liable, even though you control the security of your server. Worms cost definite, calculable loss of revenue. File sharing may cause loss of revenue but no one’s really sure and there’s no way to know much.



What if the next big worm surreptitiously installs a minimal bittorrent client. It then randomly grabs one of the top 100,000 torrents from on of the top 50 torrent sites and runs it to seed? What if the next java plugin/flash/acrobat/Active X exploit did the same? What if this seeder tool was created as a Metasploit payload?



Are you liable for file sharing because you got infected with malware?

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.