8.12. A Few Words on Ethics


Not all problems are best solved by legal action. Our world operates because most of us agree on many ethical principles and normally act according to those principles. Should we not apply those principles just as much to our cyber behavior as our realworld behavior? Doing so would have a couple of implications concerning DDoS. We do not presume to provide moral answers here, but we would like to bring up a few questions.

First, if one ascribes to the ethical principle that it is wrong to needlessly harm others, one should consider if it is ever right to launch a DDoS attack against anyone, whether it be an offensive or defensive act. You will do them harm. You may very well do harm to third parties who you did not intend to strike. Is that right?

When viewed from the perspective of someone wishing to use DDoS as an offensive tool, there is no ethical justification. Even when viewed from a defensive perspective, as a countermeasure to an attack on you, DDoS is still hard to ethically justify.

Second, if you believe that it is unethical to offer assistance to another who is doing wrong, is it ethical of you to leave your computer in a state that makes it easy for a DDoS attacker to compromise? This is not a simple or trivial point. How much effort do you need to take to secure your computer? What if fixing a known problem requires crippling functionality that you rely on? This issue can be resolved only by considering one's own personal morality and circumstances, but we urge all readers to spend a moment or two thinking about whether they are doing enough to protect their own computers, not just for selfish reasons, but to make it less likely that your computer assets will be used to perform a DDoS attack on another site.

There will always be people who have morality that allows them to perform actions like DDoS attacks without compromising their principles, and those who do not care for morality at all. So relying on morality to stop DDoS attacks is unrealistic. But perhaps applying a bit more simple morality to the cyberworld might stop a few attacks or make DDoS attacks a bit harder to perpetrate.

The ethical issues surrounding self-help options are covered in more depth in the same article, "Active Response to Computer Intrusions," in the forthcoming Handbook on Information Security [Bid05] mentioned earlier, as well as in articles by the

University of Washington professor Kenneth Einar Himma ("The Ethics of Tracing Hacker Attacks through the Machines of Innocent Persons," [Him04a] and "Targeting the Innocent: ActiveDefense and the Moral Immunity of Innocent Persons from Aggression" [Him04b]).



Internet Denial of Service. Attack and Defense Mechanisms
Internet Denial of Service: Attack and Defense Mechanisms
ISBN: 0131475738
EAN: 2147483647
Year: 2003
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net