Did Dutch police break the law taking down a botnet?
IDG News Service - Dutch police took unprecedented action in taking down a botnet on Monday: They uploaded their own program to infected computers around the world, a move that likely violated computer crime laws.
The program causes a computer's Web browser to redirect to a special site set up by the Netherlands Police Agency, where users are informed their computer is infected with Bredolab, a password-stealing malicious software program.
Dutch police did that by taking command of 143 Web servers used to control computers infected with Bredolab. The servers belong to LeaseWeb, one of the top hosting providers in Europe, which was informed in August of the problem by police and other computer security experts, said Alex de Joode, LeaseWeb's security officer.
"For us, it's the first time we've seen something of this magnitude," de Joode said. "It's also the first time the police are trying to actively warn people that their computer is infected."
Botnets are a thorny problem: The complex networks are designed to prevent authorities from easily tracing the perpetrators, and are responsible for the mass distribution of spam and malicious software across the Internet.
Botnets have been attacked by the good guys before, but end users were usually no better off: Their computers may still be infected with other malicious software, and PC owners may never know that their machines need to be scanned with security software. But many computer users are likely turning on their machines today and seeing the Web page from the Dutch police.
Most countries have laws that forbid unauthorized modification of a computer. In the U.K., the regulation is part of the Computer Misuse Act of 1990.
The action by the Dutch police is likely a breach of the Computer Misuse Act, said Struan Robertson, a technology lawyer with Pinsent Masons. Since the territorial scope of the legislation is wide, in theory it could be used against somebody in the Netherlands hacking into a U.K. computer, he said.
"There is no defense in the Computer Misuse Act for unauthorized access to another computer being for noble purposes," Robertson said. "That said, I think it is important to note it is unthinkable that anyone would prosecute for this," Robertson said. "They were making the best of a bad situation."
But in an era where fake Web pages are rampant, it begs the question of whether people will believe that the warning is legitimate. Fraudsters could also simply copy the Web page, set up a new domain and create a site that actually infects people's computers with Bredolab or other malware.
"I think the bigger challenge in this is getting a message to computer users that convinces the users that it comes from an authorized source and that it is really the police who is contacting them," Robertson said.
- 20 Best iPhone/iPad Games of 2013
- Google Chromebook Buyer's Guide
- 10 Signs You're Probably a Techie
- 8 Things Kindle Fire HDX Does That iPad Air Can't
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
Cloud has proven to be a sticky marketing term, even (especially?) among non-technical consumers. There is a growing consensus that “the cloud” promises a quicker and cheaper way of purchasing IT than the traditional, build-it-yourself model. This in turn has led to internal debates between application developers and infrastructure teams on the best approach for implementing “the cloud” within IT organizations. (And of course, IT architects know that when they hear management say, “We want to move to the cloud,” they will be the ones who have to figure out how to do it!)
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Bring Networks and Applications Closer--Cisco ONE
- A series of sweeping trends is placing new requirements on the tried-and-true network model--requiring network infrastructure and applications to communicate. Get the open...
- Lippis Research Reviews the Cisco Catalyst 2960-X
- In this Lippis Report Research Note, Lippis Research reviews the latest edition of the "most popular access switch on the planet" -- the...
- Design Guide--Scaling Up to a Campus-Wide LAN
- Is it time to scale your network environment to a campus wired LAN? Here's the framework you need to set up your LAN...
- Comprehensive Security: Cisco Catalyst 2960 Series
- With a rich and comprehensive set of security features, Cisco Catalyst 2960-X and 2960-XR Series Switches can help you address networking megatrends such...
- Be Energy Efficient--The Cisco Catalyst 2960 Series
- How much energy could be saved if all 230 million Layer 2 and 3 fixed managed switch ports sold in 2012 were as... All Government IT White Papers
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and...
- BlackBerry Enterprise Service 10 In Action Designed for business leaders, IT decision-makers and IT administrators, this webcast features organizations that have migrated to BlackBerry® Enterprise Service 10 - or...
- BlackBerry Enterprise Service 10 Implementation Solutions - BlackBerry Technical Services to Make your Deployment Fast, Effective and Robust Find out how BlackBerry® implementation and migration services can help you optimize your Enterprise Mobility Management infrastructure and ease your transition to BlackBerry®...
- BlackBerry Enterprise Server 5 to BlackBerry Enterprise Service 10 - Lifting The Hood This webcast takes a close look at the differences between BlackBerry Enterprise® Service 10 and BlackBerry® Enterprise Server 5. Learn how BlackBerry Enterprise...
- BlackBerry 10 Tips and Tricks from the Pros Find out how advanced users do more, faster, with their BlackBerry® 10 devices - with tips and tricks on using the swipe and...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 20, 2013.