Well, the Head of Year responsible for the student is (hopefully) going to give the student in question a good scare. I've printed off the relevant sections of the Police and Justice Act 2006 and given them to him. Section 37 of Chapter 47 is the most interesting. It's an offense just to obtain the software with intent of using it on a network without permission let alone actually plug the HD in to the school network and boot it up!
I've got a meeting with my line manager in the next few minutes were the subject will come up. I'm still toying with the idea of some after school activity for those interested after Christmas.
Now for a more interesting question, are the developers of Back Track 3 in breach of section 37, chapter 48 of the Police and Justice Act 2006 for making this software available for download?
did some law not just get passed here that using security tools is now illegal? Im sure I read that somewhere, I will have a look for the source.
I think that that law is suitably vague as to allow for people to use the defense of them being legitimate network security tools. For example, Nmap, Ping or even simply Windows XP could be said to fall within the remit of that law, so a judge would be forced to draw a line as to what would actually be the purpose of the law.
If a court case ended up causing issues, it can always end up referring back to Hansard, where the intent is clearly outlined.
Its all about the intent, otherwise they'd no longer be able to run CEH courses in this country and penetration testing would be illegal itself.
So, really, it is one giant grey area - as with much of the law in the UK.
With a url of 'remote-exploit.org' and a previous release name of 'WHAX'. I can't help get the feeling of being released under the guise of a security suite. Just because it's designed for bad things, doesn't mean it can't be used for good?Back Track is released as a security suite - not a hacking suite. Just because it can be used for bad things, doesn't mean it always will be...
My understanding is the penalty was set at two years so offenders could be liable for extradition? Don't know how that could play out though...As they are not in the UK I think they won't care if they are.
And this is why I think it's an interesting question. My reading of the law in question is that they are making this distribution freely available knowing that it could be used to commit acts under previous sections of the Act. Thus they fall fail of the law. If it is supposed to be a security package rather than a hacking tool should they not provide some kind of control as to who can download the software?'Intent' under the eyes of the law doesn't mean the same as normal usage though... Intent in law means 'knowing, or likely to know that the action could be, or would be, used for' whatever that particular law is referring to
It just struck me when I was researching the law in this area, to pass the correct details to the head for this case, that it's easy for a group of individuals - such as those maintaining this release - to unwittingly commit an offense under that section of the law.
Could it be argued that by making the software freely available and easily downloadable from the net that authors of such software as 'ping' are now committing an offense?
This is what makes british law such an interesting area! The fact is, until there are a few test cases to clarify the intent of the law it's open to argument. The great thing with our legal system is that ultimately it comes down to how to opposing lawyers, 12 individuals (possibly) and a judge interprets parliaments intent when the bill was passed.
Most laws are written in a language that means you and I can argue till the cows come home over opposing interpretations of any given Act.
But to answer your question...Yes! MicroSoft are guilty! If only because releasing Windows is a criminal act in itself
I missed the mention of BackTrack3 in the thread earlier but I just downloaded the iso of it yesterday after seeing some video of it and it's awesome.
If anyone you know runs wep which I hope is not the case get them to change it
With regard to alternative methods - Pete Wood from First Base Technologies is a pretty good speaker on Penetration Testing - the stories he can tell! Not sure how much he charges though.
First Base Technologies
I'd also look at getting someone from the police in - not sure if you'd find anybody with enough of a technical background to answer some questions or give a good talk on it - and somebody who wasn't too sure on what they were talking about could have a negative effect.
Forces are supposed to have an e-crime unit though.
There are currently 1 users browsing this thread. (0 members and 1 guests)