The Law of Government Honeypots Anthony V Teelucksingh

  • Slides: 17
Download presentation
The Law of Government Honeypots Anthony V. Teelucksingh Computer Crime and Intellectual Property Section

The Law of Government Honeypots Anthony V. Teelucksingh Computer Crime and Intellectual Property Section U. S. Department of Justice (202) 202 -514 -1026

Honeypots; Topics Legal Issues Search & Seizure Electronic Surveillance Charging Entrapment Collateral Damage

Honeypots; Topics Legal Issues Search & Seizure Electronic Surveillance Charging Entrapment Collateral Damage

Honeypots Generally Uncharted Legal Water Get Counsel Involved Pre-Development

Honeypots Generally Uncharted Legal Water Get Counsel Involved Pre-Development

Honeypots; Legal Issues Honeypot are Undercover Operations Search & Seizure & Electronic Surveillance n

Honeypots; Legal Issues Honeypot are Undercover Operations Search & Seizure & Electronic Surveillance n n Fourth Amendment Wiretap Act Pen Register/Trap and Trace Electronic Communications Privacy Act

Honeypots; The Constitution Fourth Amendment: Unreasonable Search and Seizure Collection of Electronic Communications can

Honeypots; The Constitution Fourth Amendment: Unreasonable Search and Seizure Collection of Electronic Communications can be a search and seizure Test: Reasonable Expectation of Privacy n n Hackers Do Not Have Such Expectation But Other Users on Honeypot May

Honeypots; The Wiretap Act Value Derived from Monitoring Activity of Would-Be Attackers To Legally

Honeypots; The Wiretap Act Value Derived from Monitoring Activity of Would-Be Attackers To Legally Intercept Communications, Exception to Wiretap Act Must Apply Consider These Exceptions Computer Trespasser Exception Party to the Communication or Consent of a Party to the Communication Exception Provider Exception (System Protection)

Honeypots; The Computer Trespasser Exception Government may monitor “trespasser” No contractual relationship or authority

Honeypots; The Computer Trespasser Exception Government may monitor “trespasser” No contractual relationship or authority to be on computer Use care if “advertising” honeypot; may imply authority to use Provider must authorized interception Government must do the monitoring Only trespasser’s communications intercepted Relevant to an ongoing “investigation”

Honeypots; Party and Consent of a Party Exception A party to a communication can

Honeypots; Party and Consent of a Party Exception A party to a communication can intercept or give consent to intercept Two ways this may help Banner the System (but is imperfect solution) The honeypot may be a party in some cases (but risky in other cases, e. g. , IRC)

Honeypots; The Provider Exception To Apply, the Monitoring Must be Done to Protect the

Honeypots; The Provider Exception To Apply, the Monitoring Must be Done to Protect the Provider’s Rights or Property May have Some Limited Application to Honeypots Helpful Facts: Separate Sys Admin Tasks from Investigatory Functions Honeypot Associated with Production Servers

Honeypots; Examples Suspicious Traffic Routed Hide Among Production Servers

Honeypots; Examples Suspicious Traffic Routed Hide Among Production Servers

Honeypots; Pen/Trap Monitoring only addressing information (to the exclusion of content), then the Pen

Honeypots; Pen/Trap Monitoring only addressing information (to the exclusion of content), then the Pen Register, Trap and Trace statute would apply If have exception to Wiretap Act to intercept communications, then have argument that ok to collect related info

Honeypots; ECPA Rules May Limit Voluntary Disclosure of Info Stored on Honeypot Process Necessary

Honeypots; ECPA Rules May Limit Voluntary Disclosure of Info Stored on Honeypot Process Necessary to Compel Production Do Voluntary Disclosure Limits Apply? Only if services offered “to the public” Not Clear what this Condition Means Avoid Rapid Collection of Info that, although in Stored State, has been Stored only Short Time; Looks Like Wiretap

Honeypots; Other Rules Other Laws May Apply Too E-Government Act of 2002 Rules on

Honeypots; Other Rules Other Laws May Apply Too E-Government Act of 2002 Rules on Use of Cookies Rules on Privacy Policies Internal Agency Regulations on Internet Resources Populating Honeypot with Contraband Make Sure You Know What Rules Apply and What Waivers are Available DOD-Specific Rules

Honeypots; Charges Know your Goal before Designing If Purpose to Prosecute n n Identify

Honeypots; Charges Know your Goal before Designing If Purpose to Prosecute n n Identify Charges of Interest Attempt (Impossibility) Other Victims Warez, etc. Consider Jury Appeal

Honeypots; Entrapment is a potential factor in any undercover To find entrapment in most

Honeypots; Entrapment is a potential factor in any undercover To find entrapment in most jurisdictions: The government induced the illegal conduct and The defendant was not predisposed to engage in the illegal conduct. Entrapment is unlikely a good defense in pure honeypot cases Still, keep it in mind Trappings of Honeypot (e. g. , promotion, password or vulnerability distribution) If core of charge is based on gov’t supplying necessary item available only through the government

Honeypots; Collateral Damage Do No Harm Potential lawsuits Downstream victims of intrusions Launch Pad

Honeypots; Collateral Damage Do No Harm Potential lawsuits Downstream victims of intrusions Launch Pad for Denial of Service Attack Drop or Distribution Site for Contraband Plan Ahead Evidence of Criminal Activity Evidence of National Security Breach Victim Notification Issues Can Take Significant Resources

Where To Get More Information Computer Crime Section: (202) 514 -1026 E-Mail: anthony. teelucksingh@usdoj.

Where To Get More Information Computer Crime Section: (202) 514 -1026 E-Mail: anthony. teelucksingh@usdoj. gov Computer Crime Section’s Web page:

Honeypots Building Honeypots Commercial honeypotsemulating services Specter HoneyedHoneypots Building Honeypots Commercial honeypotsemulating services Specter Honeyed
FIREWALL AND INTRUSION DETECTION SYSTEM Honeypots Honeypots HoneypotFIREWALL AND INTRUSION DETECTION SYSTEM Honeypots Honeypots Honeypot
The Caribbean EcoRegion Sonja Teelucksingh Ronald James SecondThe Caribbean EcoRegion Sonja Teelucksingh Ronald James Second
Whats happening in Tobago Sonja Teelucksingh Ronald JamesWhats happening in Tobago Sonja Teelucksingh Ronald James
Technology Taskforce Dev Anand Teelucksingh Judith Hellerstein OctoberTechnology Taskforce Dev Anand Teelucksingh Judith Hellerstein October
ENTERPRISE RISK MANAGEMENT ROBERT C TEELUCKSINGH ARM SRENTERPRISE RISK MANAGEMENT ROBERT C TEELUCKSINGH ARM SR
Deep See Club Denae Yeppez Jeslyn Teelucksingh ElisaDeep See Club Denae Yeppez Jeslyn Teelucksingh Elisa
Latin American Law Medieval law Canon law LawLatin American Law Medieval law Canon law Law
Latin American Law Medieval law Canon law LawLatin American Law Medieval law Canon law Law
COMMON LAW Common Law definition Judgedeclared law LawCOMMON LAW Common Law definition Judgedeclared law Law
INTERNET LAW BUSINESS LAW INTERNET LAW Internet lawINTERNET LAW BUSINESS LAW INTERNET LAW Internet law
Basic Law Criminal Law Civil Law Criminal LawBasic Law Criminal Law Civil Law Criminal Law
Honeypots Learning how attackers operate CS695 Host ForensicsHoneypots Learning how attackers operate CS695 Host Forensics
FORTHs Honeypots CIPSEC workshop Frankfurt 16102018 Manos AthanatosFORTHs Honeypots CIPSEC workshop Frankfurt 16102018 Manos Athanatos
HONEYPOTS PRESENTATION TEAM Ankur Sharma Ashish Agrawal EllyHONEYPOTS PRESENTATION TEAM Ankur Sharma Ashish Agrawal Elly
Honeypots and Honeynets Source The Honey Net ProjectHoneypots and Honeynets Source The Honey Net Project