[iwar] FW: Just Sue It - Nike runs into legal troubles after getting hac ked


From: St. Clair, James
To: 'iwar@egroups.com'
From: jstclair@vredenburg.com
To: iwar@egroups.com

Wed, 3 Jan 2001 08:11:11 -0500


fc  Wed Jan  3 05:12:08 2001
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Wed, 03 Jan 2001 05:12:08 -0800 (PST)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Jan  3 13:07:58 2001)
X-From_: jstclair@vredenburg.com  Wed Jan  3 07:07:13 2001
Received: from fk.egroups.com ([64.211.240.232]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id HAA12354 for ; Wed, 3 Jan 2001 07:07:10 -0600
X-eGroups-Return: sentto-279987-877-978527476-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by fk.egroups.com with NNFMP; 03 Jan 2001 13:11:17 -0000
X-Sender: JStClair@vredenburg.com
X-Apparently-To: iwar@egroups.com
Received: (EGP: mail-6_3_1_3); 3 Jan 2001 13:11:15 -0000
Received: (qmail 12121 invoked from network); 3 Jan 2001 13:11:14 -0000
Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 3 Jan 2001 13:11:14 -0000
Received: from unknown (HELO restonpo.vredenburg.com) (199.79.173.5) by mta2 with SMTP; 3 Jan 2001 13:11:14 -0000
Received: by restonpo.vredenburg.com with Internet Mail Service (5.5.2650.21) id ; Wed, 3 Jan 2001 08:11:13 -0500
Message-ID: 
To: "'iwar@egroups.com'" 
X-Mailer: Internet Mail Service (5.5.2650.21)
From: "St. Clair, James" 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Wed, 3 Jan 2001 08:11:11 -0500 
Reply-To: iwar@egroups.com
Subject: [iwar] FW: Just Sue It - Nike runs into legal troubles after getting hac ked
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


Just Sue It - Nike runs into legal troubles after getting hacked,
raising the question: Who's responsible for security?

Company Business and Marketing 
By K. C. Swanson, ASAP, 12/29/2000
No URL available.

Talk about a double-whammy: nike may soon become the first company to
get slapped with a lawsuit just because it was hacked. FirstNet Online
(Management) Limited, an Edinburgh, Scotland-based
startup that offers Net connectivity and Web hosting, is lodging the
suit to collect on services rendered when Nike was in a jam. Back in
June, hackers used FirstNet's servers to reroute Nike's Web traffic to
s11.org, the site of an Australian activist group that was organizing a
protest at a World Economic Forum meeting. The problem took nearly two
days to fix, but FirstNet says Nike isn't the only one that suffered. At
Nike's request, FirstNet agreed to redirect traffic back to Nike's
servers. As a result, FirstNet's server traffic skyrocketed by 1,800
percent, crashing the company's own servers seven times and cutting off
service to clients. While acknowledging that the hackers themselves must
bear some blame,
FirstNet says it was Nike's inadequate security that allowed the hacking
to take place, and asked Nike for reimbursement and compensation. Says
FirstNet's managing director Greg Lloyd Smith. "They asked [for help],
we delivered, and we invoiced." But Nike's in no hurry to pay. "Nike is as
much a victim here as anyone
else," says Vada Manager, Nike's director of global issues management.
"It's not Nike that requested that its domain name be changed, which in
turn re-routed traffic." And Nike isn't the only one to be targeted by
this particular form of hacking, he says. FirstNet's argument doesn't find
much support among security experts,
either. "I think it is a crazy claim to make," says John Vranesevich,
founder of AntiOnline, a Beaver, Pennsylvania, computer security
research group. "You're attempting to sue the victim instead of the
person responsible for the damage." Vranesevich offers this analogy: Say
a sniper stood atop a Sony music store because it offered a good vantage
point to shoot at people. Then, instead of pursuing the sniper himself,
the families of his victims sued Sony. In the same way, he suggests,
Nike has been unfairly made a scapegoat. Aside from issues of fairness,
FirstNet's actions could set a precedent
disturbing to many Internet companies. Because there's no generally
accepted minimum standard for security, any company could be open to
charges of poor security, and likewise be vulnerable to lawsuits. "As
soon as some new technological fix is announced, it immediately becomes
a cause for the hacker world to figure out how to get into it," says Jim
Butler, a lawyer specializing in the Internet at the Atlanta office of
Arnall, Golden & Gregory. "What is the duty of a company in that very
dynamic situation to keep ahead of the curve?" "Companies will use criminal
statutes [against hackers] to protect their
back door, while using insurance to help prevent them from losing a lot
of money," he says. Meanwhile, FirstNet is preparing its claim for a
Scottish court, while managing director Smith is working to broadcast
his version of events, posting details to a Web site, Shameonnike.com. Smith
says he wants to help companies avoid similar troubles and
counsels them to contact a lawyer before agreeing to help out during a
hacking. "Require advance payment, indemnity against liability, and
opt-out clauses where applicable. Then and only then do you consider
helping," he writes on his site. But in a footnote, Smith urges,
"Actually, ignore that comment, and do what you can for them."

------------------
http://all.net/