Given the infected folks in question likely had their machines involved in illegal activity, I'm not sure I'd want to test it. If someone starts running a meth lab out of your unlocked cellar, at what point do you become culpable for not knowing?
And are you really going to try to sue the police for shutting down the lab and locking the door on their way out?
> And are you really going to try to sue the police for shutting down the lab and locking the door on their way out?
If the police enter your property without a warrant then sure. The potential presence of illegal activity does not grant the police special powers to skirt judicial process (unless there’s imminent danger to someone’s life or something, obviously). If the police unduly lock you out of your own property on the way out then doubly sure.
Obviously most people will be relieved that their machine no longer has malware on it (save willing participants, which is a different question altogether…). What would piss me off is not being notified, and not being given the chance to remediate myself (what if the police damage other pieces of property on the way and I could avoid the damage if I’m simply made aware), etc.
So let’s go back to the meth lab example: do you think it’s okay for the police to show up on your property unannounced in the middle of the night while you’re sleeping to silently shut down the meth lab without notifying you that they’re trespassing and then slap a lock on your basement door behind which you store your emergency cash, medical supplies, prescription drug refills, personal protection equipment, defensive firearms, etc. without leaving the keys or so much as a word?
Edit (two more things):
1. It’s possible someone might have been running a copy of the botnet for research purposes, so presumably this copy is not engaged in illicit activity and only installed on lab hardware. I wonder if the FBI’s program considered this scenario. Maybe they only targeted IPs involved in actual DDOS attacks? That’d be cool.
2. You can question something without implying it’s wrong. One can both believe the FBI is acting in a responsible and just way while also being curious how this would play out in court. The fervor in your responses seems slightly out of place considering the comment you’re responding to is simply raising a question.
Now, are judges sometimes too easy with warrants? Certainly. But this is definitely not the same as entering your house without a warrant, because the FBI did get a warrant. The warrant involves them promising to a judge under penalty of perjury that the Qakbot Uninstaller they are using makes no further changes and collects no additional data on any of the victim computers they are running on.
So, the FBI is aware of your concerns and is taking steps to alleviate them. Does that make you feel better?
> Oh hey, look at that (…) Does that make you feel better?
What? Why such snide?
I am aware of what happened in this case. I was responding rhetorically to GGP since they were presenting an abstract scenario where the police show up and shut down the meth lab in your basement and then lock you out of your property on the way out… My goal was to highlight the cases where it is and isn’t okay for the police to do whatever they want. It’s not clear if GGP is aware that there are in fact restrictions on what the police can do on your private property in the US. And that even with a warrant there are limits on how the warrant is conducted.
Police can legally enter private property unannounced and shut down a meth lab if it presents an imminent safety hazard. This isn't trespassing. They will not be liable for any loss you suffer as a result as long as their actions are judged to be "reasonable". There is an extensive body of case law on this (at least regarding physical places, not computers).
>If the police enter your property without a warrant then sure. The potential presence of illegal activity does not grant the police special powers to skirt judicial process (unless there’s imminent danger to someone’s life or something, obviously).
So like a computer system actively participating in ID theft and DDoS attacks?
>If the police unduly lock you out of your own property on the way out then doubly sure.
But patching a system doesn't lock the owner out...
>What would piss me off is not being notified, and not being given the chance to remediate myself (what if the police damage other pieces of property on the way and I could avoid the damage if I’m simply made aware), etc.
So you're volunteering your tax dollars for the FBI to track down hundreds of thousands of people across the globe to let them know their systems were patched? I'm not. If this upsets you: don't put unpatched systems on the internet?
>So let’s go back to the meth lab example: do you think it’s okay for the police to show up on your property unannounced in the middle of the night while you’re sleeping to silently shut down the meth lab without notifying you that they’re trespassing and then slap a lock on your basement door behind which you store your emergency cash, medical supplies, prescription drug refills, personal protection equipment, defensive firearms, etc. without leaving the keys or so much as a word?
You're taking the analogy to a place you know doesn't exist. The police don't have a way to notify everyone that's infected, expecting them to do so before shutting down a major botnet is just silly and arguing for the sake of arguing.
Nobody said they were adding a lock, I said they were locking the door on their way out: the lock is already there, you already have the key. When they patched these systems it didn't somehow make the owner unable to login.
> You're taking the analogy to a place you know doesn't exist. The police don't have a way to notify everyone that's infected, expecting them to do so before shutting down a major botnet is just silly and arguing for the sake of arguing.
I don’t think I am. If the FBI can remotely execute code on my machine then they could certainly drop a notification with a link to a page explaining the situation and how to remediate. Or they could use any number of emergency alert systems to make people aware of a potentially harmful botnet. Or they could email the owner of the machine instead of running their own malware.
Anyway as I’ve stated I don’t really disagree with the outcome here. I just don’t think your “let the police do whatever they want to people’s property it’s for the greater good” mentality is healthy, especially not in the US where we very carefully limit the power we grant over violence because we recognize property and privacy rights.
I’m not arguing for the sake of arguing. I think it’s fair to ask: “could this have been conducted in a manner where people were aware and could have provided consent or intervened if necessary and still achieved a similar result”?
(Misunderstood you about the lock part, thought you were saying they were locking the premises because it was a crime scene or something and not notifying you.)
>I don’t think I am. If the FBI can remotely execute code on my machine then they could certainly drop a notification with a link to a page explaining the situation and how to remediate.
You're making a ton of leaps of faith that a user is going to both read and follow the instructions.
>Or they could use any number of emergency alert systems to make people aware of a potentially harmful botnet.
So... you want the FBI to reach out to all of the world's governments and have them issue an "emergency alert" to get people to patch their computers? And you think that's a reasonable stance to take?
>Or they could email the owner of the machine instead of running their own malware.
And they're getting these email addresses how?
>I just don’t think your “let the police do whatever they want to people’s property it’s for the greater good” mentality is healthy, especially not in the US where we very carefully limit the power we grant over violence because we recognize property and privacy rights.
And I think you're arguing for the sake of arguing. Literally nobody said "let the police do whatever they want with people's property". The machines in question were ACTIVELY PARTICIPATING IN ILLEGAL ACTIVITIES. This isn't some philosophical debate.
I’m literally telling you I’m arguing in good faith because this intrigues me. Some day you’ll cool off and have a more level head about you. Then we can continue the conversation.
If the police enter your property without a warrant then sure. The potential presence of illegal activity does not grant the police special powers to skirt judicial process (unless there’s imminent danger to someone’s life or something, obviously).
> If someone starts running a meth lab out of your unlocked cellar, at what point do you become culpable for not knowing?
The problem with analogies is that they assume they are correctly "analogous" but 9/10 times they really describe an entirely different situation, making them unhelpful if not misleading
The problem with analogies is that people who disagree tend to just say "X is not Y" instead of "X is different from Y in this context due to Z". I'm not sure whether that is just a social behavior or if saying the second thing is especially hard.
A duck is not a horse due to... it not being a horse. You can macroexpand Z to "not having four legs", etc., but incomparable things will end up being different just based on their very essence.
"Why can't I pull a small wagon with a team of ducks? I can pull a large wagon with a team of horses."
Useful answers: Ducks are not as intelligent as horses and aren't as easy to train. There is not a good way to strap a harness onto a duck for this task. Ducks waddle and this introduces turbulence. Ducks have substantially less pulling power. etc.
Useless answer: A duck is not a horse because a duck is different from a horse.
The person making the analogy knows that it is an analogy; it is not the source of confusion.
It's not especially hard -- the burden of proof just isn't on the listener. Saying "X is not Y" is just saying "I'm not convinced, you must do better with your analogies". With enough context, one can infer as much
Letting someone run a meth lab in your cellar is pretty obviously not the same as "letting" some malware run on your box, for crying out loud
You're saying that it would be easy to address the point directly, but you won't because it is not your responsibility to do so? I'm not in love with that line of reasoning, but, taking it as fact, surely the analogy is not unhelpful (it successfully conveyed to you why the other person's mental model is wrong) and instead your response is (you do not feel obliged to pass that information along).
"I'm not convinced, you must do better with your analogies" is exceedingly unhelpful if you actually know what the issue is. What do you imagine is the correct response to that? Are they supposed to keep guessing at analogies while you say "Nope!" until they read your mind? Just because the important differences are obvious to you doesn't mean that they're obvious to them (and the fact that they used the analogy suggests very strongly that they are not).
"Obviously not the same thing" is generally applicable to all analogies, valid or otherwise.
Choosing not to say what's wrong with the analogy is veiled criticism that the analogy is worse than just "not applicable" -- it's shit.
It expresses repulsion in addition to expressing rejection.
And, yes, they'll have to guess what's wrong... But the argument my veiled criticism is making is that their analogy is so objectively bad that it won't take them more than half a second to figure out what's wrong with it. I refuse to waste my time explaining because I value my time more than that (even if, perhaps ironically, I don't mind explaining to you why I chose not to explain myself to them)
It sounds like we're in agreement about the facts here (though I am not convinced this is a good thing to do).
For the record, it has been a day and I have not figured out what you believe is wrong with the analogy. Everyone else in the thread seems to be going along with it, except for one person who correctly points out that the 'lock the doors' aspect is irrelevant. I'm not really invested in the answer (my aim was just to defend the usefulness of analogies), but that feels like a data point I should pass along.
Making sure someone is not using your cellar to cook meth requires nothing other than working eyes or a sense of smell one can reasonably expect the average person to have
Making sure you do not have malware in your computer requires specific knowledge that the average person likely doesn't have. Sure, you can take precautions, use antivirus, etc. but those are not foolproof and often involve specific tradeoffs like wasting CPU cycles, unlike the methlab in cellar scenario. They also require knowing you should take precautions to not be infected to begin with, which is rarely the case
The wine cellar exists in the physical world for which we evolved to inhabit. Malware does not.
This does require that the resident of the house is aware that they, in this example, have a cellar to check. Of course, if you aren't aware you have a cellar, you won't have stored anything personal or of import in it that could get damaged either.
I can personally attest that having a working sense of smell is not a reliable method for knowing what something novel-to-you is and it can be easy to misattribute. Decomposition of flesh has a very unique smell in my experience, but it was only through that experience that I now know that that smell is flesh decomposition (and not related to nearby farmland work).
It is pretty amazing (and horrifying) to me that there are also some people who discover that someone else has been secretly living in their home with them. I can only imagine how intrusive that would be and the paranoia that would set in after such a discovery, even if they moved to a new house. I wonder if this has become even less prevalent given the use of internal cameras?
I think this actually rather reinforces your point, even if it contradicts the assertion in the leading sentence. How much can you expect people to know their computer has been co-opted, which might be an almost completely alien environment to them, if it is possible to co-opt someone's home (an environment they are intimately familiar with)?
[As an aside, this is my first post here on HN. If anything I have written above is not in line with the desired tone/content of comments, could someone spare the time to point it out and explain what and how it could be improved, so I can adjust? Thank you!]
Your comment got was marked "dead", so I went ahead and vouched for it + upvoted, which I think now has marked it with the proper respect it deserves. You can vouch for comments after you reach a certain karma level (there are various unlocks for various levels of karma, but nothing that changes your experience here, really)
> "Obviously not the same thing" is generally applicable to all analogies, valid or otherwise.
This feels like nitpicking / grasping at straws / being needlessly obtuse but I'll follow the guidelines and quote-unquote "Assume Good Faith" -- fine, rephrase my comment as "obviously not analogous" rather than "obviously not the same as"
There's plenty of room for security researchers running infected machines to monitor for behavioral and developmental changes in the malware to be more than a little irritated by the notion that the FBI or anyone else abused the malware servers to remove the infection surreptitiously.
>If someone starts running a meth lab out of your unlocked cellar, at what point do you become culpable for not knowing?
Are you implying that the property owner is liable because they neglected to lock the cellar, or because they weren't aware a crime was taking place there?
If the former, isn't that as clear an example of victim blaming as telling people to carry firearms/protection if they don't want to be sexually assaulted?
In a civil society, it is not the responsibility or duty of the victim to set up security measures to prevent themselves from being victimized. It is the responsibility and duty of the culprit to not commit those unlawful crimes in the first place.
Bringing the analogy back to security - who is guilty of a crime when a ransomware attack happens, the victim, or the criminal (who obtained unauthorized access, and used that access to perform extortion)?
>or because they weren't aware a crime was taking place there?
If someone is running a meth lab out of your cellar for a year, and you don't notice the smell, the power bill, the people coming and going, at what point are you no longer able to claim ignorance? If your answer is: you can claim ignorance indefinitely, what is preventing someone from just letting a meth lab be run from their basement and taking cash on the side? If the police can't find the cash, you're just not guilty?
>It is not the responsibility of the victim to set up security measures to prevent themselves from being victimized.
It is ABSOLUTELY the responsibility of the "victim" to not create an environment that FACILITATES crime. If you leave a gun unsupervised and unlocked on your front step, and a neighbor kid "steals" the gun off your front steps and proceeds to shoot and kill their friend, you are going to jail despite you being the "victim" of theft. Your internet connection in this instance is the loaded gun when your systems are being used in DDoS attacks.
With this statement you’re arguing past the person you’re responding to. If you are taking cash on the side to feign ignorance when the DEA comes squawking about the meth lab in your basement then you are clearly in the know.
Nobody is talking about negligence here. Your rebuttal is essentially “well victims can be blamed if they’re being negligent”. Yeah, sure, by definition they’re not just a victim, they’re a negligent individual. (I mean I’d even argue they can be blamed for less—I’m not one of those 100% the victim is always innocent types, but that’s a different topic.)
The original question is if you are honestly unaware (and not negligent) that your property is being used to commit a crime, are you culpable for the crime? The answer is a resounding “no”.
If someone hacks your PC and installs botnet software, and it evades your OS antivirus heuristics and protections because it’s a sophisticated root-kit, then no, you’re not culpable.
>With this statement you’re arguing past the person you’re responding to. If you are taking cash on the side to feign ignorance when the DEA comes squawking about the meth lab in your basement then you are clearly in the know.
Ironic that you're doing what you accused me of. I didn't say the person was taking cash, I asked WHEN op would consider the person to be culpable. You literally took an entire discussion and clipped four words then made up a bunch of stuff I didn't actually say or even imply.
>The original question is if you are honestly unaware (and not negligent) that your property is being used to commit a crime, are you culpable for the crime? The answer is a resounding “no”.
That was NOT the original question. The original question was whether or not someone could sue the police for removing malware and patching their system. My example was the cops shutting down a meth lab and locking the door.
Be my guest attempting to sue, and be prepared to have to defend yourself in a court of law that you were truly unaware. That's going to be a VERY expensive proposition - so who in their right mind would even start down that path?
Yes, and there’s plenty of case law to support that -
In fact, one of the most popular TV shows of all time had its finale specifically addressing the fact that a law needed to be made to discourage “bystanders” from actively ignoring crime.
Landlords can indeed be liable is many ways for some kinds of illegal activity that take place on their property (especially if it involves drugs.) There are a variety of local and federal laws that enable this.
The first sentence of the article describes it as a "multinational operation" and the title credits both FBI and "partners". That makes it pretty clear it wasn't just a US agency operating with the authority of a US warrant.
I must have missed it, but does the article mention that those servers were all located inside the US? (where I supposed FBI has jurisdiction for stuff like this).
> As part of the operation, the FBI gained lawful access to Qakbot’s infrastructure and identified over 700,000 infected computers worldwide—including more than 200,000 in the U.S.
"Lawful access" is doing a lot of heavy lifting, but at least they specified it.
