home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud465a.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
5KB
|
104 lines
Date: Mon, 7 Dec 1992 22:48:06 +0000
>From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 1--DOJ Authorizes Keystroke Monitoring
CA-92:19 CERT Advisory
December 7, 1992
Keystroke Logging Banner
The CERT Coordination Center has received information from the United
States Department of Justice, General Litigation and Legal Advice
Section, Criminal Division, regarding keystroke monitoring by
computer systems administrators, as a method of protecting computer
systems from unauthorized access.
The information that follows is based on the Justice Department's
advice to all federal agencies. CERT strongly suggests adding a
notice banner such as the one included below to all systems. Sites
not covered by U.S. law should consult their legal counsel.
+++++++++++++++++++
The legality of such monitoring is governed by 18 U.S.C. section
2510 et seq. That statute was last amended in 1986, years before
the words "virus" and "worm" became part of our everyday
vocabulary. Therefore, not surprisingly, the statute does not
directly address the propriety of keystroke monitoring by system
administrators.
Attorneys for the Department have engaged in a review of the
statute and its legislative history. We believe that such
keystroke monitoring of intruders may be defensible under the
statute. However, the statute does not expressly authorize such
monitoring. Moreover, no court has yet had an opportunity to
rule on this issue. If the courts were to decide that such
monitoring is improper, it would potentially give rise to both
criminal and civil liability for system administrators.
Therefore, absent clear guidance from the courts, we believe it
is advisable for system administrators who will be engaged in
such monitoring to give notice to those who would be subject to
monitoring that, by using the system, they are expressly
consenting to such monitoring. Since it is important that
unauthorized intruders be given notice, some form of banner
notice at the time of signing on to the system is required.
Simply providing written notice in advance to only authorized
users will not be sufficient to place outside hackers on notice.
An agency's banner should give clear and unequivocal notice to
intruders that by signing onto the system they are expressly
consenting to such monitoring. The banner should also indicate
to authorized users that they may be monitored during the effort
to monitor the intruder (e.g., if a hacker is downloading a
user's file, keystroke monitoring will intercept both the
hacker's download command and the authorized user's file). We
also understand that system administrators may in some cases
monitor authorized users in the course of routine system
maintenance. If this is the case, the banner should indicate
this fact. An example of an appropriate banner might be as
follows:
This system is for the use of authorized users only.
Individuals using this computer system without authority,
or in excess of their authority, are subject to having
all of their activities on this system monitored and
recorded by system personnel.
In the course of monitoring individuals improperly using
this system, or in the course of system maintenance, the
activities of authorized users may also be monitored.
Anyone using this system expressly consents to such
monitoring and is advised that if such monitoring reveals
possible evidence of criminal activity, system personnel
may provide the evidence of such monitoring to law
enforcement officials.
++++++++++++++++++++
Each site using this suggested banner should tailor it to their
precise needs. Any questions should be directed to your
organization's legal counsel.
++++++++++++++++++++
The CERT Coordination Center wishes to thank Robert S. Mueller, III,
Scott Charney and Marty Stansell-Gamm from the United States
Department of Justice for their help in preparing this Advisory.
If you believe that your system has been compromised, contact the
CERT Coordination Center or your representative in FIRST (Forum of
Incident Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
------------------------------
Downloaded From P-80 International Information Systems 304-744-2253