Liability
A third legal issue relative to honeypots is downstream liability. If a honeypot is compromised and then used to attack other systems in another organization, could the honeypot operator be held liable in a suit brought by downstream victims? Although the harm was inflicted by the intruder rather than the operator, if the honeypot had been secure, then the intruder would not have been able to use it to inflict damage on others. Note that liability, if any, is a matter of state, not federal, law. That means you will need to work with legal counsel who know the law at least of the state(s) in which your organization is located and in which your deployed honeypots are located. The task of your legal counsel may be even more complicated ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
