October 14, 2008, 5:04 AM — An increasingly popular technique for detecting would-be intruders, a honeypot is a type of hacker mouse trap. Itâ€™s a system that sits on an organizationâ€™s network for no other purpose than to be hacked. The goal is to divert attackers away from the actual companyâ€™s valuable network site, while placing the hacker in a more closely monitored environment. Every keystroke can be analyzed.
â€œThere are some legal issues here, and they are not necessarily trivial, and theyâ€™re not necessarily easy,â€ said Richard Salgado, senior counsel for the Department of Justiceâ€™s computer crime unit, speaking at an RSA Conference in San Francisco.
But this monitoring is what U.S. federal criminal law calls â€œinterception of communications,â€ said Salgado, a felony that carries up to five years in prison. Fortunately for honeypot operators, there are exemptions to the Federal Wiretap Act that could be applied to some honeypot configurations, but they still leave many hacker traps in a legal danger zone.
One exemption permits interception of a communication if one of the parties consents to monitoring. To accomplish this, Salgado suggested that honeypots display a banner message warning the computer is being monitored. â€œYou can provide a warning on the honeypotâ€¦ and youâ€™ve got the argument that they saw the banner, continued using the system, and consented to monitoring,â€ he said. But most hackers donâ€™t penetrate a system through the front door. If they never see the banner, they havenâ€™t consented to monitoring. â€œItâ€™s not the silver bullet.â€ Read the rest of this article>>