Honeynets provide sweet temptations to hackers
- By William Jackson
- Jun 30, 2005
The concept of a honeypot or honeynet to lure intruders into an environment where they can be safely observed'and, perhaps, identified and caught'has been used for a number of years by the IT security community to gather information on hackers, vulnerabilities and exploits.
The Honeynet Project, a nonprofit consortium of security experts and companies, was established in 1999 as a clearinghouse for information and resources. The group has published a book on the subject, Know Your Enemy, now in its second edition.
Although the concept is not new, laws governing the use of honeypots still are evolving, said Richard P. Salgado of the Justice Department.
'Consult legal counsel before you set one up,' said Salgado, a trial attorney in the department's Computer Crime and Intellectual Property section.
Addressing an IT security conference, Salgado offered several legal caveats to those considering using the tool:
- Federal wiretap laws prohibit interception of electronic communications, including traffic monitoring across a network. There are exceptions for network protection, but Salgado said they are an uneasy fit for honeypots, which are set up with the expectation of being attacked.
- An operator might be held liable for damages if a compromised honeypot is used to launch an attack against a third party.
- A hacker charged with illegal activities involving a honeypot could argue entrapment, which Salgado said is a difficult de-fense that might not apply to passive honeypots that make no effort to attract intruders.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.