I’ve never served on a jury, but isn’t the election of a foreman something that happens AFTER the judge has sent the jury out for deliberations?
After paying out $10000 in legal fees, $5000 on bail and having all your computers confiscated for evidence, Yeah, sure.:dubious:
Ok, but says it’s not Malware but just adware.
Not guilty.
I get way more of these calls than I care to think about. I sometimes have lurid fantasies about remotely destroying the robo-dialling machines, or redirecting them to call the Russian Mafia or something. Not as much as the fantasy about me, the Soviet swimming team, and a vat of chocolate syrup, but I do have them.
Regards,
Shodan
Yes, but picking one beforehand makes the fantasy work better.
Regarding boobytraps, I think the main concern is physical, not fiscal harm. Unless your worm makes the miscreant’s HDs over-rev like those Iranian centrifuges and explode, throwing shrapnel all over the place, there is little possibility of that.
Here’s how a Scanner destroys a computer
Wait -- you said destroy a *scammers* computer?[Emily Litella] Never mind [/Emily Litella]
As has been mentioned before 2 is certainly illegal because unauthorized access to a computer is almost universally so, even before you start trashing things.
In the case of 1, if the scammer gets the file any way other than through their own unauthorized access, you’re guilty of distributing malware. If you were foolish enough to write a worm that would attack computers connected to it, it’s possible you could still be prosecuted for creating/distributing malware if it got onto a system the US government cared about.
Just be sure to observe all local laws if you’re ever in India.
If they steal a file from your computer which destroys their computer, none of those analogies hold. There is no analogy, other than: if a burglar steals a watch from your house, and when he brings it home it in some magical way it destroys his living room, without exposing anyone to any possible injury… etc etc.
Screw them scammers. Hit em on all four!
No magic needed, someone could steal something in a shielded safe that’s radioactive and gets cancer. And Scenario 1 in the OP fits that scenario. I don’t see how that would get someone in trouble, the hacker brought it on themselves.
It’s Scenario 2 where you are actively acting to hack someone that you’re clearly breaking the law in a vigilante fashion.
How about a different scenario with the exact same payload: You’re an employee of Kaspersky or Webroot or some AV company, or maybe you’re just a person with a really weird esoteric collection of stuff. A burglar steals a USB stick from your briefcase that contains examples of active malware - and plugs it into his own machine…
Fun fact: technical support and IRS scams are so very common originating from India that TeamViewer will not allow an outbound connection from that country, so the scammers have to ask the victims to connect to their computers (so the connection begins with the victim having control of the scammer’s machine), then the scammers try to talk the victim through the ‘switch direction of control’ feature in Teamviewer - this affords rich opportunity for the mischief of the scambaiter.
It is still not legal. I get the no prosecutor would charge, no jury would convict, etc, but unless you could be really convincing that you possessed such a file, thereby endangering your own network and computer, then you would be guilty of setting a boobytrap (not the actual crime, but imperfect self defense to the computer hacking charge).
Well, that scenario isn’t as far-fetched as you might expect. I work supporting a security product, and sometimes that means that I have to get a sample from the customer into our system, and sometimes they send it to my personal account as well. Usually the A/V on my machine is clever enough to spot the offending file, sometimes it’s not. If someone got on my work laptop at the right moment (I don’t let those files stick around) and started opening stuff willy-nilly, there’s a good chance something nasty might pop up.
Yup. The company I work for was hit by ransomware. One of the things I did during the containment phase of the response plan was to capture samples. Of course, I labelled them very carefully, but I did that out of expediency, not obligation.
There are also products designed for disposal technicians that comprise a USB key that will boot to a very simple interface that, if left alone for 60 seconds without any user input, will find and securely wipe all installed drives in the machine - here’s an example: Wipe Any PC in 2 Minutes! - Redkey USB - YouTube - seems like a perfectly legit thing for a tech bod to own
I’ve been hit with ransomware a couple of times. I went to the task bar and clicked on task manager and closed the browser. That was a few years ago.
Florida passed the first computer crime-specific statute in the US in 1978, the Computer Crimes Act, codified at Chapter 815 of the Florida Statutes. The federal Computer Fraud and Abuse Act of 1986 is closely modeled on the Florida law, as are the computer crime laws of all the other states. The operative language is the “unauthorized access” provision, which says:
Obviously, this is very broad language. I wrote a law review article some years ago about whether this language prohibits joyriding or wardriving (accessing unsecured wi-fi networks), on the grounds that failing to password-protect one’s network could indicate it was available for others’ use. However, when there is a clear intent to access an otherwise secured computer there isn’t much doubt that a crime has been committed. The CFAA and corresponding state laws do not include “self-defense” provisions. At best, the “defending” computer user might be entitled to record the other person’s IP address and system information for provision to the authorities.
Stand your ground law could probably be stretched to fix this.
They’d both be illegal in the UK.