 We'll get started. This is legal aspects of active defense. I am always pleased when techies come and want to see how law intersects with technology. And years ago I mentioned that to Marcus Sachs, who is a SANS instructor in Verizon and all that stuff. I said, Marcus, I'm always amazed that the room will fill up and people will actually show up. And he said, yeah, the other rooms are all full and they don't have any place to go. So if you're here because you're interested in how they intersect, great. If you're here because all the other rooms have filled up and you couldn't go any place else, sorry about that, we'll try to get bigger rooms next time. So legal aspects of computer network defense, the agenda, the things we're going to talk about here as we go through to figure out what are those things that you need to do to be able to do computer network active defense. Disclaimer, aspect of things, I am here in a personal capacity. I represent no employer, entity, government organization, anything. So I hope to be informative to you and give you some information and yet still maybe a little bit entertaining. I have spoken at numerous black hats and deaf cons before and typically I have the only million dollar giveaway. And what that is is for any question or the best question, best comment or even best heckle, I usually will give away a $5, a $10 or a $25 chip under the million dollar giveaway. Now you have to take the chip and go out to the casino and parlay that into a million dollars on that. Now normally that's what I do, I'm going to apologize, that's been canceled due to sequestration. So if you want to, if you're pissed at your government for things, let me explain something. Talk to my wife about having 20% pay taken away. That's when you get pissed and you have to deal with that on the home front. There is a current topic out there that is quite pressing. It is ripe for comedy and they've been having fun with it. It involves the United States government. And while the United States government was founded on happiness, I think if you look at the Declaration of Independence in there, you will see that basically, you know, it is founded on happiness. We are the only happy country. You look at any of the other documents out there, the Magna Carter or anything, they don't mention happiness. With that said, I have spoken to sources familiar with the matter and they tell me that the government has no sense of humor on this topic. And so therefore we will not be making any jokes about that whatsoever. As we go along, I have an active defense scenario to talk about. A spoiler alert here. If you don't want to know how it comes out at the end, please turn away from the screens and look the other way because the way it ends, he's the bad guy. And if you're from my generation, actually, he's the bad guy. And I know we're not supposed to do any sponsorships or plugs, but because I'm a Chrysler kid from Detroit, Michigan, I can also get fine Corinthian leather from him. I'm that. This is the first year that I'm going to hand out a Robert Clark cyber security award. And I want, what what? Drink. Oh, okay, wait, drink. There was a different one last year, black at, they said anytime somebody says cyber, you're supposed to shout out something else. I can't stand the word cyber, absolutely hate it. I'm a computer network, you know, guy from the aspects of a decade. But if you want to have money thrown at anything, you've got to have the word cyber in it. If you wanted porta potties for DOD, you would say these are cyber porta potties and they would give you thousands of dollars for these things. And of course, you would say, okay, wait a second, what makes it a cyber porta potty? Well, there's a keypad and don't even go there. So I would like to give the first Robert Clark cyber security award to someone who has done something to advance the cyber security. So who should this possibly go to? Because you've got folks like, you know, Leo LaPorte out there doing stuff, Tom Merritt's doing good work. Yeah, I like Steve Gibson's aspect and I even like Patrick Gray and the Risky Business. All these folks are out there. And while I would like to kiss up to them to get onto their shows, I really actually want to kiss up to Steve and Colbert. Now, if you're wondering why, well, you know, he knows the technology. Now, granted, a couple years ago, it was very archaic. Of course, this might be the secure way to communicate these days. I can't see below the table to see if there's anybody in the middle, but you never know. But he knows the technology. I mean, he gets customized technology that he gets to use. One of the first users of a tablet into that, you know, virtualization aspects, even invented his own Google glasses. So from that aspect, you know, what more could you want from somebody? He knows the technology so much. He even advised Anthony Weider, aka Carlos Stanger, they should be using Snapchat. So, you know, the guy's there. He knows the web. He knows iTunes. He's got Google down. Bing. Twitter. Bitcoin even talks about an even Pal Talk. And if someone could come and tell me what Pal Talk is afterwards, I'd appreciate that. He knows the people. He's, you know, from Jobs to Schmidt and Gates and even knows Anonymous. As a matter of fact, he probably knows Anonymous a little too well and too closely. If that's not enough for this award, he's got a virtual presence. He's on the International Space Station and he's even in animation. So, you know, in my book, he deserves the first Robert Clark Cyber Security Award. And if this isn't enough to get me on his show, I really don't know what it's going to take. Because it's not going to be my intellect from that aspect of it. So, now getting on to things. Disclaimer, again, I am here in a personal capacity. All of the opinions are my own. Cyber education is a big piece. I am actually leaving the United States Army Cyber Command, which is not the same agency as the United States Cyber Command. I work for General Hernandez. This is my last day actually working for him. And tomorrow I start at the Naval Academy out in Annapolis on their faculty to educate. So, I'm a professor of law. This is sweet. To teach midshipmen on the non-technical content for cyber operations, the law and policy aspects on life. And so they have two core classes that every midshipman must take. And we're developing a cyber operations major. West Point also has an Army Cyber Center. So, I will mention that with my Army heritage. And then the other service has something they're doing too. But I have no affiliation with them. So, if I say something wrong, please by all means say you heard it from an officer at Army Cyber Command. And if I say something right, please say that this brilliant professor from the Naval Academy said, I'd appreciate that. When I go to a conference, I'm really hoping that I'm only taking away one or two golden nuggets of information. Because if I'm not, then I'm really stupid and I really should be studying a lot more. And so the one golden nugget I want to give right up front if you're interested in this area, the American Bar Association, their sub-security task force, is going to be coming out with a report that's supposed to be coming out soon on active defense. So I would say tuck this away if this is an area you're really interested in and go to their site down the road here and see if they have that coming out. Because they're going to talk about some beginning and some other aspects of it. So it might be something to tuck away in a back pocket as we're moving about talking about doing active defense. So, law and computer network operations. If you ask the same question to two attorneys, you will get a lot of, you'll get four answers and there's only two attorneys there. So the thing is, you know, I'm not your lawyer and please ask questions at any time, stand up, shout. We'll be glad to address them. The interaction is really what makes this thing go. But I would like to talk, if anyone was in Mark Weatherford's talk on the growing irrelevancy of U.S. government information sharing, he made a point about attorneys. He didn't say which ones. And he said that they were very risk-averse and didn't understand the technology. We'll get into Clark's law about dealing with your lawyers and technology a little bit here. The aspect about being risk-averse and what a lawyer's role is, and this is kind of for you. I provide advice. I give counsel. If it's something illegal, I'll say this breaks the law if it violates a policy. But I provide advice. The responsibility to act on that belongs to my client or the commander or the government. And it's their job to say, got it, okay. But you don't let your general counsel run your company from that aspect. And that's kind of an interesting take that I had a problem with with Mark Weatherford's comments. And it's not, I understand the scenario. Yes, senior leadership is not going to do anything unless their general counsel says, yes, you can do that. That's backwards. The senior leadership is supposed to listen to their general counsel. It's their attorney. But they make the decisions. And if they're not going to make the decisions, then they're the ones who are risk-averse. And so that's the aspect. And that's kind of the role. Because when the day's over, I'm going to go home and have a steak dinner. You guys might be let away with handcuffs on. But I'm going to go home and have a steak dinner on that one. Before we get started, there are a couple cases I always like to point out. The United States versus Proctner was the court's recognizing that computer security professionals are a special skilled group. Procter had the right to remain silent, but he didn't have the ability. And gave a nice detail confession to which the judge elevated his sentence and said, you've got special skills and the court's going to recognize that. So that's probably not a great thing on the computer security side. There's an interesting Wi-Fi case that came out. Now it's a civil case and it's one of them patent trolling cases. In-way, inovatio from this aspect. They're suing coffee houses and people that are using Wi-Fi. And it's that wonderful legitimate suit where, you know, basically you send the coffee house a note saying for $7,000 I'll go away or we're going to sue you. And they did it to 7,100 hotels, coffee shops on that. And they had a motion to enter how they were going about sniffing and grabbing the communications going across the Wi-Fi. And how it worked was they were using, you know, grabbing data packets going over the unencrypted Wi-Fi. Using things that are readily accessible to the general public. And that the sniffing protocol they were using again was available to the general public. And the court was basically saying it falls under the wiretap exception and so there is no problem with them doing this. You can have with the proper foundation this evidence can come in. So what they were doing is they were using a riverbed airpcap packet capture adapter for 700 bucks. Wire shark. So with the laptop software and the packet capture adapter they could get any, you know, communications as long as they were in range. You know, all these things are provided by commercial providers. And so it didn't violate the wiretap statute. Now this is kind of interesting meaning, you know, so back in the day and the technology being generally available to people, it came back out of a case called Kila where DEA was looking into a house using thermal imaging. And the court said no, no, no, that's not technology that's readily available to the public. They don't have their own helicopters with their own thermal imaging radar. So we're not going to let you do that. God, you know, what you folks are doing now in the technology that's available to the general public, it is a very interesting area where we're going into in terms of what you can sit there and sniff your holding, not a violation of electronic communication privacy act. And of course you said the public's lack of awareness of this was irrelevant. So it's an interesting civil case that's out there, it's not a criminal case out there, but it was kind of interesting. The Constitution, a pretty damn good document to run a country of 350 million people or so. You know written in 1787 and then what happened next for computers? Well, DOJ stood up the computer crime unit in 1991. There's a little gap there on that. And a little bit before that they did the computer fraud act on that. So how does this law stuff a play to we the geeks from that aspect? Now on the Constitution there is the article two powers out of the president's powers, so it's kind of an interesting aspect. There is a little known footnote in here that you got to kind of look for that Madison put in there. You know that he envisioned people like jobs inventing communication devices that were incredible. So according under the computer network operations he didn't because I don't know what a computer is but I'm sure it's going to be important in a couple of years and please keep an eye on the IRS for us. So legal aspects of computer network defense. We had a pre-conversation up front here. We were talking about some certain things and an important lesson learned which is very relevant to the area we're in right now. And this is very true. Bad legal advice put OJ in jail. It was interesting aspect where again he wanted his lawyer told him hey if you don't breach the piece, no don't use force, you can go get your property. And of course the facts of the cases were that he went there with a couple buddies that had guns breaching the piece and he's in jail. And so basically he kind of needs that number right there. If you are out there, I've seen some of the attendees doing things, this is a valid number. You may want to jot this down for the weekend on that. So again I am not your lawyer. When I try to come up with a topic for DEF CON, I want to make sure that it is relevant to what's going on. And this IP commission report just came out recently and it was interesting from the aspect of again DOJ had a chance to put in there that they say hey hacking back is illegal. So don't do it. The report was written by Dennis Blair who used to work was the first DNI director. And Huntsman who used to be the ambassador to China. And the report really said that hey if I can retrieve my digital property without damaging that person's computers, I should be able to do that. So we're talking about self defense. There are 21 state constitutions that say you have a constitutional right to defend your property on that. It is recognized in common law and goes back a long time that you have the right to defend yourself and your property from that aspect. And it kind of flows into this thing called trespass to channel. Now the Intel versus Hamadi case was that blasting of emails into Intel by Hamadi. And one thing the court said was we favor in this area trespass prevention over post trespass recovery. That's kind of the theme of what we're going to be talking about here. We're going to be talking about those things you do ahead of time so you don't have to do post trespass recovery. The active defense scenario obviously is going to be a post trespass recovery scenario as we go down there. Self defense you've got to be in a place you have the right to be, a whole bunch of other factors but you really got to be in that place that you have a right to be. It is not unlimited for property. You can't usually use deadly force to defend your property under certain circumstances. That actually will come back into play. So you've got to be in a place you have the right to be with all the factors that go in there. We were also talking earlier about if we were going to do this who are the experts we listen to. Stuart Baker, formerly of Steptoe and Johnson, is quite the advocate that you should be able to hack back. And I was at the ASEA conference in Maryland and he offered to represent anybody who did it and was prosecuted by DOJ for free. No, you can call him up and say, hey I heard from this guy and he might hang up on you but that's what I heard. Oran Carr who is a professor at George Washington University and writes the book on computer crime. His point blank said, I don't think there's a digital self help as the way things stand so I'm sorry to ruin that for you for where we're going to go with our scenario here with that spoiler alert but if it's me and I'm going to be prosecuted I'm going to get Jennifer Granick or Oran Carr to represent me. And both of them have said there's no digital self help, self defense here. Jennifer was on Patrick Gray's Risky Business podcast 272 talking about this extensively and again, she said there's no digital self defense. So what you've got to do is we're building that case of reasonableness, what are those things that you're going to do that are necessary and reasonable? So when we're building that case of reasonableness, you've got to think of what are those things you're doing to secure and defend and you know it's that aspect of technology, your open source and situation awareness and intelligence, your policies, your training, information control, active defense things you may need to do which might be deception, recovery operations, you know the most missing from all those slides that's extremely important to DOJ. Previous and ongoing coordination with law enforcement agencies. And why is this important? Because if you're planning on doing this in reality, why are you preparing for this? Because you're trying to convince DOJ not to prosecute you or any other type of law enforcement agency or prosecutorial office to prosecute you. One of the things I did ahead of time was the next step. Or worst case scenario, you're going to actually have to try to convince a judge or jury that you have a self defense claim. So the reality and the practicality of this is simply DOJ is always and has always been taking a hard look at this and a hard stance on this. Until the law is amended, they feel that this is a crime. Now don't blame DOJ. You don't beat the monkey if the organ grinder is not present. Because Congress is the one that's responsible to amend the law for that aspect of it. So the requirements for a self defense or a necessity defense require that there are no other lawful means available. Meaning you've gone to and seen LEA. All your remedies have been exhausted meaning no law enforcement. You know your civil lawsuits have been filed on that. And I go back to this prosecuting computer crimes manual again. You know doing so may be illegal regardless of your motive. The other aspect for you all that I've had conversations with some techies on it's the aspect of resource intensive. I say okay so if you've got this honeypaw with a bunch of fake documents in there and they say you know the big problem with this is my clients can't manage their real stuff and now you want them to have a bunch of fake stuff on there resource intensive from my perspective. So I don't think it's a mom and pop shop thing that they're going to be doing. I did government contract litigation and we had a lot of mom and pop third party suppliers. I can't see they're the ones doing this. It's going to be something that's got a lot of resources to dive into this. So building that case of reasonable that's the things I think you need to do so you can actually get to that active defense scenario. There's your firewalls, your intrusion systems, real time network awareness ssl proxy things, your logging your monitoring, you know and you've got some honeypots flowing from that aspect so you're doing all this and of course legally you can do this because to do this you've got to comply with the law which would be the wiretap statute so you're either getting consent of your users through your logins and your banners from that aspect on life or you're doing it in the service providers aspect in terms of that that says hey it's my property I can defend it. It's necessary to the defense of the property and these are the cases that came out of the blue box cases where they had to find out taking the captain crunch the whistle out of the captain crunch box and it's back in the day where they recorded the beginning of the conversations half of it and all of it and when the cases got to the court the judge said okay you recorded the front part of it that was tailored and you identified what the phone number was those are the prosecutor could prove or submit why they needed to record half of it those cases went forward and if they couldn't they were thrown out and pretty much where they recorded the whole thing the judge said you didn't tailor this at all we're throwing these out so now how do you tailor computer network defense how do you tailor your intrusion detection systems it's not like I can record the first part of the three-way handshake and kind of in my opinion it's like that means I'm going to run my app whether this sensor's overwritten in four hours or it stays on it for 30 days and when I get my alerts I can go back and grab the information and take a look at it to do my computer security so from that aspect that seems reasonable it's tailored and there really hasn't been an argument or debate on that aspect of it from the technology speaking aspect when I talk to techies I always ask one thing I'm like why aren't the crown jewels air gapped off and why aren't they encrypted and dead at rest thinking okay it's got to be expensive it's got to take time it's got to slow things down and you know I've actually had techies come back and go no not so much so if I'm wrong at that please tell me on that aspect of it but I'm always curious at why the crown jewels are of a company aren't separated off air gapped and there aren't things in place to protect them again steps that are reasonable to defend the information that you want to do I did mention beacons before I will note that DOJ has a again it's one of those aspects of the absurdities of law the way it's written if you're not an electronic service provider you can't do beacons it's a strange thing on that again that's something that I'm hoping that the ABA task force report will talk about as we go down the road. Pentesting and red teaming one of the things that you need to kind of be concerned about it actually is the land act it is a system for trademark registration to protect your trademarks from either consumer confusion or dilution and that means if you're using that mark and it reduces people's perception of it you could have a problem why would this come into this field so you have you go to your lawyer and go hey we want to do some spear fishing and Beyonce's concert is coming up so we want to send that out to our employees that for $45 here you can get $45 tickets front row to Beyonce is that a problem lawyer doesn't know much about technology is busy with other things go ahead so they go ahead and they set that out next thing you know they forwarded to two friends and they forwarded to friends and they forwarded to friends and it goes outside your network and now everyone sitting there going wow we can get Beyonce tickets for $45 and someone's Beyonce attorney comes knocking at your door going who the hell are you and what the hell are you doing you know so that's the aspect if you don't plan for these things and make them so they can't get released into the wild you could have a problem here now I am not a land of act attorney and before you blast me to the you know evaluation boards and everything you need to understand one thing you're going to go hire the law firm do we cheat them and how and they're going to give you your legal advice for what you need to do and there are a whole bunch people in this law firm and one of the branches you're going to have to go see is the land of act branch to talk to them about this and how to go about doing that so that's one situation in your law firm that you're going to have to deal with intelligence and situational awareness you got to know what's going on out there so you got your open source intelligence where you're going to have your bulletins from the US cert you're going to hire a commercial company to give you added intelligence on that because we know the government doesn't get anything first and so you're going to get that private information there you're going to do active business intelligence which you're going to step on the side of the economic espionage economic espionage so that's set up to protect trade secrets and information again enacted you know in the time of this high technology information age so you know a couple things it's getting that information without authority you know you kind of know when you got it without authority and then the trade secrets now good old dog and Kristen here kind of wrote an article dealing with looking at these aspects of economic espionage and it's a very broad topic and you got to kind of be aware of it you can get into trouble when you're doing this aspects of getting open source intelligence some lawful means of going out and grabbing information can in fact become misappropriation and so you got to be careful because that combination of all that public information could get you into trouble again this is kind of Doug and Kristen's you know take on this now there's a case out there that kind of said look open source or readily ascertainable information is clearly not espionage so you got some case law on your side there but Bill Bradford kind of again went down this path and was talking about the different aspects of economic espionage when he was looking at firms routinely getting this stuff and that practice of getting open source publicly available information for that so what are you talking about the desired information you're looking at you know research plans R&D things that nature strategies that are out there publicly ways to do this you know data mining I like the psychological modeling of rival executives I think that's kind of neat you know it's like that my wife wants me to have it done too you know so there's that areas that kind of raise some questions that he looked at when you're talking about ethical questions was interesting because he's like appropriating documents that are misplaced by rivals which gets into okay if I got an iPhone left behind you know if you go to your lawyer and say oh abandoned property hey it's abandoned there's no rights to that property anymore let's rip it apart okay well there might be that theory he talks about overhearing rivals executives I'm a fan if you come talk to me on this one it's going to be hey that's misplaced trust I mean that's the third party doctrine where if you're going to say something broadcasting it out you know again these are areas that could raise ethical questions you know not quite blank illegal hiring employees away from rivals and to plan that one you got to be careful on and I love the dumpster diving aspect on life because actually there's some court case out there once you put your trash up by the curb anybody can go diving into it as much as they want those areas that are clearly you know illegal yeah kind of stuff that you know y'all are really good at on that and so you know you got to be careful on those things again I am not an economic espionage lawyer so you're going to go to your law firm you're going to go up to the economic branch and say here's what I'm planning on doing on this you know what do you think and you got to take them through step by step those things that you're going to do ironically enough there was a case that came out just a while ago the Lenovkov case and a lot of times when you read facts or opinions on a case they kind of tell you where they're going as you go through them so Sergey was a computer programmer for Goldman Sachs and he was responsible for one of their important aspects and it did market development it was proprietary information and he was one of 25 programmers in the highest paid at $400,000 and this is where the facts get fun and he's going to be hired at a competitor for a million bucks so we can kind of see where things are going especially when the court says on his last day of employment and then it gets better just before his going away party decided to give himself a little gift which was 500,000 lines of code and he sent that off to Germany and then downloaded it later from Germany and of course he deleted everything that he did and of course he's surprised when he has a who farted look when they come to arrest him oh you're kidding and he ends up getting convicted of economic espionage for stealing the source code well he appeals this and on the appellate court held that this was not a violation of the economic espionage act so before you think about going and doing that it's been modified and amended to take into consideration so don't go do that the next area of reasonableness and things you need to do prior to going and hacking somebody's computer your information insurance policies and training and the big aspect on this is having them in place being consistent with them noticing them when something goes wrong so especially with the insider threat aspect if you're going to do a civil suit for computer fraud and abuse we're employees being disciplined for violating these different procedures so you want to make sure that you're enforcing these policies and you're actually on top of them information control it's the stuff you all know about it's the access list encryption digital rights management again another step for reasonableness so if I've got to be in front of a judge I had to actually go and retrieve my property the deception piece is a very interesting aspect when you get a bunch of lawyers sitting around just talking this stuff around somebody in very little bring something up like hey did anybody ever think about the SEC and you're like what the hell does the SEC have to do with a deception plan for this aspect but companies have responsibilities to actually do reporting and thank to good old Reed Hastings and Netflix the SEC said we can come out and we can investigate anything we want that we think is a possible violation of the SEC laws now I'm not an SEC attorney and I don't want to be an SEC attorney so you're going to go over to do each item and how and go to the SEC branch to start getting their advice now the disclosure piece on this becomes a very interesting aspect when you're in this area so you want to do a deception plan so you're going to have things out there internal to your network that's not going to be out there it's going to be an erroneous that are deception so it's no intent you're not going to make this public then they're stolen and they're leaked to the media alright and is this a disclosure that you've made I know they're stolen, they're leaked to the media you know is this an SEC violation or not I really don't know tell me how that works out when you run that past your SEC attorneys because when you're talking about deception plan or deception examples you're putting out there request for proposals now those could be your request for proposals that you're putting out to your suppliers or they could be request for proposals that you've received as you're doing your bid preparations so you're putting false information out there on there to be grabbed by your competitors so they don't know what you're doing blueprints and designs minor defects we went back and we said so a minor defect or a major defect you know are you going to cause harm if it's a product that has engineering aspects of it if it's computer code and somebody looks it and downloads it and melts their servers are you liable if it's a car and the brakes don't work are you liable these are all things that you need to talk to your folks about when you're planning on doing this business plans and financial records again you sit around I'm not a mergers and acquisitions guy Mergers and acquisitions you've got information about other people's real companies in here and if that's stolen and leaked to the media that could harm them what if they come knocking on your door saying this was your document it's not true I've suffered a harm I want some money from you now your lawyers are going to say again being risk adverse I don't want to invite litigation in from this aspect so you're going to have to be very specific as you go through this you know how you're going to protect this from happening joke because I need a thinking break so NSA is going to store a whole bunch controversial so all these little aspects of terabytes zetabytes so I was wondering what's a zetabyte well I dated a zeta at Michigan so talk to me afterwards about that a petabyte this is the cleanest image you can actually put in a conference like this so I guess that's a petabyte and obviously the yoda bytes easy you got that yoda byte and if that's not enough they'll get a stream all over so I don't have a sponsor so active defense actually I did have a sponsor but I don't want to get in trouble ask me afterwards active defense recovery operations the Kobayashi Maru I do like the new Star Trek I like the old one there is a certain aspect of a no win situation when you're dealing with this so I had colleagues ask are you going to talk about Clark's law that nobody has ever heard of and I'm like yeah I am Clark's law, get your attorneys involved early and often explain the technology to them at a third grade level so they can understand it because they're going to have to turn to a judge, jury or leaders and explain it at a first grade level so it is very important now lawyers are and you're all smart so you're going to hire good lawyers that have been very well trained to be analytical to be able to ask the right questions and that's what lawyers should be trained to do be analytical and ask the right questions and so when you're explaining the technology to them you're walking them through that at that third grade level and they should be able to ask the questions and really understand it there's another aspect I'm going to say of Clark's law because my active defense scenario I am not a PowerPoint ranger so I have some very simplistic graphics to kind of go through our active defense scenario so we got our tuner, he's going through that innocent third party over to the victim he's going to ex fill some information over to an open FTP server and he's got his other hop in point and he's going to download the information from there and have our scenario for our active defense scenario aspect on life so what can I do the aspects of logging we can log to the cows come home so you can log that third party coming in you're going to kind of look see has this third party touched me before what have I got for my records so log on stuff that's a piece of cake from that aspect the FTP server do you log see the ex filtration of data going out I'm getting ahead of myself because I'm going to knock off the door but they went to my R&D shop and got all the documents and took out a terabyte of stuff I have got to go after it and get it alright fine then your lawyer needs to ask a question you saw them do that when they ex fill the documents what were the documents and most of the time we're finding out that they've encrypted them so you have no clue what was taken now you do have a file which was probably just nothing like but social security numbers and personal information who cares about that this is the company over here so from that aspect the age of circumstances and having to go after it it's kind of a challenge on that but you see on your logs they went to the FTP server and you get that from your logs now can you see the intruder on the FTP server it's open FTP server now this is a part one when Marcia Hoffman was black at and she said the computer front abuse act is kind of vague when it starts getting into that aspect of without authority or in excess of your authority yes the computer front abuse act is vague but I hate to go to the definition that I use for my children you know what the right choice is are you in a place that you have a right to be I mean it kind of comes down to that if you're in that gray area you're going to want to make sure that you have the right to be so that FTP server when you get in there if it's open and you can log on there go ahead hop on there see where your files are from that aspect now I'm not aware that logs of somebody else logging into the FTP server is usually something you can see so usually you're going to have to elevate your privileges to see those logs from the FTP server to get to the intruder now if that's the case then you've probably exceeded your authorities in the access that you had we're going to cruise along here because I want to talk about deleting data so can you delete the data on an FTP server so if I'm on an open FTP you can log in, I can log in you can log in, anybody can get on I think if we're all in agreement that I'm in a place I have a right to be would that be correct okay there are files on there they're available I can open them up and look at them you can open them up and look at them I can download them, I can upload them can I delete files that are uploaded by somebody else on there yes or no if the answer is both then say both but to my world it's typically no now this is probably one of the stupidest silliest things my files have been stolen uploaded there by somebody else it's my property that was taken I'm in a place I have a right to be can I delete those files logic says hell yeah they're my files, yes I don't have that authority to delete files on that server arguably I don't have that authority what am I going to do go talk to your attorney don't tell me so from that aspect it's an argument whether I can delete that information or not can I go over to the intruder and delete that information that I've seen him take off of there, close protected computer I got no authority to be on that box from that so from that aspect like I said talk to your attorney from that part and see how that works what if that's an innocent third party over there and what if you go to your attorney's and say once the FTP server our documents went out they're being stored by that party box can I get the logs from that can I go touch that box now in this innocent third party they don't even know it's there how do you know it's not there because they've got terabytes of data there there's a bunch of movies on there let's just go in there take our stuff off and away we go well again the best way to do this contact the third party and get consent anytime you get consent hey great let's go anytime you get consent that's the way to go for it when you're talking about that can you go back and trace them back now say you got an innocent third party they let you have their logs and you get back over to that intruder there again we're still in that same situation where we're stuck fast enough in that aspect if it is a protected box typically I cannot go there and get that information deleting the data I want to move to if it's a closed FTP server if this is a closed FTP server and you see what the login information is from your logs can you go hop on it yes or no I hear some no's so when we listen to NSA and EFF up here in Maryland that's that case where when I give my phone record to the phone company I've exposed it to a third party I got no expectation of privacy in that if I give you my login information what's the difference here's the aspect so you've got the logon information it was exposed to you I now know it why can't I use it so you borrow you loan to your neighbor can you go to their house and they've got a cypher lock on their door now they gave you that code because your kid had to take care of their cat so you had the authority to go in and take care of the cat and use it do you have the authority to go to your neighbor's house to get your base vomit back by using that cypher code at that particular time no typically you don't you're in your post-trespass recovery phase from this aspect of it that's the OJ Simpson don't breach the piece you're going to say here's the information I've got anybody can log into it using this information why can't I log into it using this information and go do it these are all these gray areas this is the great part on providing the advice because then you get to make the decision and if it's wrong you're out of wedding handcuffs and I'm having a steak dinner and I won't have you as a client anymore but at least I had my steak dinner so clearly when we're talking about these areas they're very fact specific and you know so it's kind of difficult sometimes to get the questions on if a fact changes it changes what you can and cannot do so you need to get involved with your attorneys as you're walking through this and you know obviously doing this requires good computer network exploitation in terms of your attribution and the logins that you've got there for this you know there's an aspect we always get to as far as stopping the pain when you're dealing with a first tack the part that I would say you really want to look at for this is DOJ has done the core flood botnet take down and the documents are all publicly available and the steps that they go through to be able to do this kind of gives you a blueprint for how to legally do this and of course they are doing it with the courts involved in that aspect so if you're curious about doing that part of it the DOJ documents that are available publicly available out there are a good starting point to take a look at that because I mentioned before the IP commission report talks about a lot of different areas that you may want to do this and the American Bar Association is going to be coming out with their report down the road here's the big thing and Jeff Moss talks about this down the road if you're going to do stuff like this you need to get a good team of lawyers Jeff is actually a fan I've been at talks where he's like we need more lawyers who do this to advance this and not that anybody really likes lawyers you're really going to need a good team of lawyers to do this or if you're really going to do this you just need one really good lawyer on that so with that said I will be going to a Q&A session I got three minutes for questions right now from what I understand so if there's any questions I will be hanging out up here thank you for coming I hope you got a golden nugget out of this if not I hope there was a joke you laughed at