lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20041202120251.A9470@subraumtor.thphy.uni-duesseldorf.de>
From: ansgar at thphy.uni-duesseldorf.de (Ansgar Esztermann)
Subject: If Lycos can attack spammer sites, can we all start doing it?

On Thu, Dec 02, 2004 at 08:57:24AM -0000, Adam Challis wrote:
> >The Computer Fraud and Abuse Act
> (http://www.usdoj.gov/criminal/cybercrime/1030_new.html).
> 
> Being based in Germany, wouldn't they be subject to German and EU law?
> 
> Does anybody know which German and EU laws are relevant to MLNS?

IANAL, but maybe Par. 303a StGB fits:

|Datenver?nderung
|
|(1) Wer rechtswidrig Daten (? 202a Abs. 2) l?scht, unterdr?ckt,
|unbrauchbar macht oder ver?ndert, wird mit Freiheitsstrafe bis zu zwei
|Jahren oder mit Geldstrafe bestraft. 

"Anyone who unlawfully deletes, suppresses, makes unusable or changes
data is subject to a prison sentence of up to two years or a fine."

Maybe a DOS counts as "suppressing data"

There is also Par. 303b:

|(1) Wer eine Datenverarbeitung, die f?r einen fremden Betrieb, ein
|fremdes Unternehmen oder eine Beh?rde von wesentlicher Bedeutung ist,
|dadurch st?rt, da? er
|
|  1.  eine Tat nach ? 303a Abs. 1 begeht oder
|  2.  eine Datenverarbeitungsanlage oder einen Datentr?ger
|  zerst?rt, besch?digt, unbrauchbar macht, beseitigt oder
|  ver?ndert,
|
|wird mit Freiheitsstrafe bis zu f?nf Jahren oder mit
|Geldstrafe bestraft.
         
"(1) Anyone who disturbs a computer system that is essential for a
company or an agency by
 
 1. committing a crime as set forth in Par. 303a (1) or
 2. destroying, damaging, making unusable, taking away, or changing a
 computer system or media [for data storage]

is subject to a prison sentence of up to five years or a fine."

In a way, a DOS attack does make a computer system unusable.
But then again, I don't know how a lawyer (or a judge) would see these
things.

BTW, in both cases, the attempt is also subject to punishment.


A.

-- 
Ansgar Esztermann
Researcher & Sysadmin
http://www2.thphy.uni-duesseldorf.de/~ansgar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041202/b1773954/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ