The Right to Keep and Bear Cyber Arms

Wednesday, August 29, 2012

Dan Dieterle


The Right to Keep and Bear Cyber Arms: The 2nd Amendment and CyberWar

There have been several articles floating around about “Cyber Militias”, and though I will probably regret it, I think it is time to talk about cyber weapons and the second amendment.

I’ve seen some interesting video lately, where two armed thugs enter a business and threaten everyone inside. An armed civilian defends himself and everyone inside by drawing his weapon and chasing the perps out of the business with some well aimed shots.

But what if your business, that you worked very hard to build with blood, sweat and toil, is targeted by cyber criminals, what can you do?

Well, right now, all you can legally do is contact the authorities. Even if you knew how, you can not take matters into your own hands and counter-hack the attackers. With all the media hype over Stuxnet, cyber war and cyber weapons – should US citizens be legally allowed to own and use these deadly weapons in accordance with their 2nd Amendment rights?

Okay, I am poking fun with the “deadly” thing, as so far no one has been officially killed by a “cyber weapon”. But Joel Harding has some very interesting points in his latest post on cyber militias. If Switzerland stays true to course, and hands out government made cyber code to home guard soldiers, shouldn’t American civilians have access to such weapons also?

Honestly, as the amendment is written and as code is being quantified as a weapon, why shouldn’t Americans be allowed to actively defend themselves against online electronic risks as well as physical threats?

Of course, I can foresee that a single user Denial-of-Service weapon would probably be given out without much ado, but there will probably be a ban on large capacity distributed DoS weapons. And of course their will be a 10 day waiting period on Stuxnet based threats.

Wouldn’t want someone blowing up a couple nuclear power processing plants in Iran just because they had a bad day at the office…

Alright, alright… All kidding aside, should the 2nd amendment apply to cyber weapons – what do you think?

Cross-posted from Cyber Arms

Possibly Related Articles:
Cyberwar Attacks Stuxnet DDoS Cyber Defense cyber weapon Cyber Militia Offensive Security Second Amendment
Post Rating I Like this!
Robert Whitney Of course we should. The internet at this point is like the wild west, its easier for us to take matters into our own hands considering the feds take forever to get to and read your report, if they ever do.
I say if someone is ddosing u and u know the location of their c&c u should be able to dos the c&c to mitigate further attacks on u and others.
Most ddos tools only run a given period of time so once th attack stops they wouldn't be able to restart the process until their c&c is back, and by that point u could have contacted the host to have the c&c shut down for good.

Call me crazy, but I think cyber weapons can be goof as long as they are in the right hands.
Robert Whitney Btw its bare arms... bear would be an animal. :P
Dan Dieterle Thanks for the comment Robert.

I know there is an American manufacturer that makes an automated system for the Einstein Program. This "box" detects incoming attacks and can respond in several ways including counter attack.

Last I checked the system was only available to government agencies.

I can see how a single user counter-attacking a system in a foreign country could cause "political" problems, especially if it hit the wrong IP due to spoofing, but what if the automatic detection and shunting was available to every American business and not just government?
Dan Dieterle It does look wrong doesn't it? I had to double check myself, but it actually is "bear arms". :)

Kinda funny, I posted once in a forum that "I fully support the right to keep and arm bears", which set off a flurry of anti-gun responses. I had to point out that I said "keep and arm BEARS..." :)
aleph If you are a legitimate institution, cyber weapons are wholly unnecessary for offensive capabilities. A phone call is all you really need to protect your business, what we should be focusing on is better communication between Authorities, Businesses and ISPs to locate and eliminate threats as they happen. DDoS is the biggest issue in my opinion, as even on-the-fly blacklisting isn't going to save you in the beginning of the attack.

That said, I wholly agree with the right to keep and bear arms, even distribute them. Hell, Backtrack's been giving Machineguns to Monkeys since 2006. I also support the right to arm cyber bears, their numbers are dwindling.
Jayson Wylie Everyone is asking for papers on cyber weapons and defense. Right or not it's the current state of affairs.
Robert Whitney To be perfectly honest, in order for a crime to have happened when it comes to "hacking" and ddos especially, a federal (including banking) system must be accessed, monetary damage in the amount of $5,000.01 or more must be done, and/or the victim must report the attack.
In my honest opinion, when someone attacks your computer network they are causing damage yes, but who's going to report you for a counter-attack and out themselves as being the ones to attack you?
I know if I launched a major Denial of service attack against Google and Google counter-attacked me in turn, I sure as frak am not going to tell a judge that they attacked me because I was launching a major DoS attack against them.
Robert Whitney Let me rephrase, I HATE the phrase "To be perfectly honest", or "In my honest opinion", it tends to mean the person saying it has not done their research and is usually spewing out bull shit.
Correct me if I'm wrong, but the last comment I left was from my current understanding of the Computer Abuse Act of 1986.
Once again, please don't quote me, I'm by far no lawyer and certainly no expert. Once again, please feel free to correct me if I am wrong.
Robert Whitney Sorry, a follow up, a quick summary to support my statements:

"The Computer Fraud and Abuse Act, first enacted in 1984 and revised in 1994, makes it certain activities designed to access a "federal interest computer" illegal. These activities may range from knowingly accessing a computer without authorization or exceeding authorized access to the transmission of a harmful component of a program, information, code, or command. A federal interest computer includes a computer used by a financial institution, used by the United States Government, or one of two or more computers used in committing the offense, not all of which are located in the same State. The Legal Institute provides Title 18 of the U.S. Code, which encompasses the Computer Fraud and Abuse Act."
Sourced from:
Michael Johnson Sometimes I wonder about the mentality of people who see security/admin tools as 'cyber arms'. Ten years ago, genuine hackers saw 'offensive security/malicious hacking (pretty much the same thing) as the preserve of those who got bullied at school.

Going down this road will open up a Pandora's Box, so to speak: Who's going to take the Computer Misuse Act seriously? What kind of people will this attract to the infosec profession? What sort of reputation would it give us? What overall effects would this have on the Internet? Would our politicians even be in a position to complain about 'hackers', if this behaviour is condoned?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.