14 DAY TRIAL // Agents from the Federal Bureau of Investigation paid a visit to Jonathan Hall, the white hat hacker who revealed at the beginning of the week the attack targeting servers from Yahoo and a couple of other important companies.
Hall uncovered an ongoing attack performed by Romanian hackers trying to build a botnet leveraging infrastructure belonging to Yahoo, WinZIP and Lycos. They were trying to find machines vulnerable to the Shellshock bug.
As soon as he found traces of the malicious activity, Hall proceeded to notify both the affected companies and the FBI, multiple emails being sent. Responses came late from all parties, but the matter was solved in the end.
Feds come knocking
As a result of his attempts to contact the administrators of the servers and law enforcement, agents from the Federal Bureau of Investigation paid him a visit on Tuesday, seeking more information about the incident and the steps he took to contain the situation.
In a blog post published on Wednesday, Hall explains that the visit from the feds was not surprising, considering the sensitive nature of the matter and the fact that he had shot two emails to them and had called three times.
However, he does not believe prosecution would follow his actions, although he did execute commands on a machine not owned by him; this was done without criminal intent, though, in order to terminate the malicious program running on the server.
“So, yes. The FBI visited me. That’s sorta what happens when you email them two times and call them three, then publicly announce that you’re very disappointed in the reachability and response time.”
Unauthorized access of a computer is punishable by law
There are laws for digital trespassing, Computer Fraud and Abuse Act (CFAA), but they are not crystal clear as far as accessing a computer without authorization is concerned, especially when it is a public server.
On top of this, security researchers often scan Internet-facing servers in order to find flaws or learn about their state of security after a major vulnerability has been discovered. Searches for systems vulnerable to Heartbleed, the security bug in OpenSSL crypto-library, are still carried out, half a year after it has been uncovered.
Research is exactly what Hall said he was doing when he saw traces of what appeared to be a Shellshock-based attack. Only he decided to intervene and stop the malicious activity before alerting the admins responsible for the safety of the machines.