Criminalized port scanning
Posted on 2008-10-14 15:44:45 EEST.
Finland's Supreme Court made a decision spring 2003 about port scanning. A teenager had scanned local banks network without finding any holes. He did not manage even to try to break in to bank's systems.
Court sentenced teenager about trying to break in bank's systems. Also compensation for the bank was sentenced. Compensation was based on the expenses for the banks security audition that they "had to" take in order to be sure that their firewall is secure enough.
One may first think that this was right for the script kiddie that tried to mess around. Same kiddies tend to ddos whole network block down if they want to drop someone from the IRC for example. And same time true business damage occurs.
But there's one problem with the sentence. If you walk through a shopping mall during night and try every door. All are locked. By that same logic that court used, you are obliged to pay for the shop owners if they want to run security audition.
Interesting field of problem. But luckily when you are consultant and do the same thing. Port scan a machine and you'll get paid. Of course if the machine that you port scan is your customer's
If you are interested of the case is available in the net (in finnish).
Court sentenced teenager about trying to break in bank's systems. Also compensation for the bank was sentenced. Compensation was based on the expenses for the banks security audition that they "had to" take in order to be sure that their firewall is secure enough.
One may first think that this was right for the script kiddie that tried to mess around. Same kiddies tend to ddos whole network block down if they want to drop someone from the IRC for example. And same time true business damage occurs.
But there's one problem with the sentence. If you walk through a shopping mall during night and try every door. All are locked. By that same logic that court used, you are obliged to pay for the shop owners if they want to run security audition.
Interesting field of problem. But luckily when you are consultant and do the same thing. Port scan a machine and you'll get paid. Of course if the machine that you port scan is your customer's
If you are interested of the case is available in the net (in finnish).