Quote

Now that researchers have reverse-engineered and potentially gained control of the Kraken botnet, the question becomes what to do next.

Their ability to control the infected computers gives them the power to redirect the computers and even send them updates through the Kraken protocol to remove the zombie. Some are in favor of the idea, while others question the ethics behind removing something, even malware, from someone's computer without their consent.

http://www.theregister.co.uk/2008/04/29/kraken_botnet_infiltrated/ <http://www.theregister.co.uk/2008/04/29/kraken_botnet_infiltrated/>

http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/ <http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/>

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081258&source=rss_topic17 <http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081258&source=rss_topic17>

Interesting ethical/legal question. Most folks I've talked to at my organization are on the side of the potential unintended consequences are too great, not to mention potential liability issues.

Quote from: Ryan Narine's eWeek article the CadillacGolfer referenced

Andrew Hay, product manager at Q1 Labs, a network security management company, said the concept of tampering with a user’s machine without consent, even if it’s to remove malicious software, is “ethically questionable.”

“I couldn’t in good conscience send any command to a machine without the user’s knowledge and approval,” Hay said. “Ethically speaking, we just can’t make that decision regardless of if it’s right or whether it’s the best thing to do for the good of the Internet.”

Andrew is a occasional contributor to EH-Net, and his blog can be found here (http://www.andrewhay.ca).

Ethical Hacker Community Forums

Resources => News from the Outside World => Topic started by: CadillacGolfer on May 09, 2008, 11:38:46 AM