Monday, July 23, 2012

The End of DarkComet RAT - Part 3: Could the creators of RATs (or similar software analogues) be prosecuted (law)

And now, on to the finale - could DarkCoderSc be prosecuted for creating, supporting, and distributing the DarkComet RAT.

NO (in the United States)

First, DarkComet RAT can be easily distinguished from Mariposa and Blackshades, on the following grounds:

1. DarkCoderSc never sold what he made - there was no profit motive, and thus one could argue, no intent to defraud.

2. As far as I know, DarkCoderSc was never affiliated with any illicit group as the Blackshades RAT creator was - which would make that person liable for numerous charges, not the least of which would be conspiracy under the CFAA.

3. At least with respect to Mariposa, DarkComet RAT had legitimate uses. You could use it for remote administration, to monitor your kids, and for legitimate purposes not otherwise specified. On the other hand, it is hard to argue legitimate uses for a botnet such as Mariposa.

Second, as many readers have pointed out, there is the "what about Metasploit and Backtrack argument." Namely, those two tools, combined, have probably pwned more computers than DarkComet RAT, yet the creators of those tools (who do have a profit motive) are not prosecuted for such activity. Circumventing these types of arguments would be a prosecutor's nightmare; I would love anyone's possible argument around those, or a different way to distinguish DarkComet/DarkCoderSc.

As I mentioned in the previous post, an interesting argument could be made along the lines of MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005) - specifically, that a tool that had no legitimate legal uses could be a violation of XXX law. I say XXX law, because the Grokster case was based on the Lanham Act (and a judicially created standard of contributory infringement). However, as stated above, this sort of law might be used to prosecute other software creators - but because DarkComet has legitimate uses (see above), even this law would be ineffective. But, is law XXX, making it illegal to create illicit hacking tools off the table? I don't think it should be. 

In fact, it is the law in other countries - Germany's "Anti-Hacking Law" Section 202c of the StGB states "[w]hosoever prepares the commission of an offence under section 202a or section 202b by producing, acquiring for himself or another, selling, supplying to another, disseminating or making otherwise accessible… (2) software for the purpose of the commission of such an offence" is subject to prison time up to a year.  See this document describing the law a little further with recommendations for security professionals. As the article states, the regular use of penetration testing tools does not fall within the ambit of the law, as long as the purpose is legal, and everything is above board. The law is aimed at those tools that are developed or aimed at perpetrating cybercrime.

Such a law for the United States, to return to a normative argument for a second, should be considered. It would immunize Metasploit, Backtrack, etc., but go after those who create the software solely for criminal intentions.

To see the earlier parts of this series follow the links below:

The End of DarkComet RAT - Part 1: The Introduction
The End of DarkComet RAT - Part 1: The Introduction - Update
The End of DarkComet RAT - Part 2: Should the creators of RATs (or similar software analogues) be prosecuted (ethics)
The End of DarkComet RAT - More Technical Details

1 comments: