Double Jeopardy?
Monitoring the network is a disciplinary offence under University rules
Investigating the hacker’s system is arguably a criminal offence (Computer Misuse)
Being spotted by a hacker also carries risks
But we did everything openly and with frequent reports to JANET CERT, to resist accusations of underhand activities.
Notes:
As the seriousness of the situation had become apparent only late on Friday, we had been unable to get the necessary contacts, and were left pretty much to our own ingenuity through the weekend.
The University’s rules for network use state that monitoring the network is a disciplinary offence, except for properly authorised members of the computing service: we were neither, but in the circumstances we felt we had no alternative.
Also, it could be argued that when we spotted that the hacker had an anonymous FTP server, we had been given no permission to access it, so our attempting to do so counted as Computer Misuse - a criminal offence.
Finally, we had to keep in mind that the hacker could well be watching for activity, and would then concentrate their attention on our specific system. (In the event, however, their interest in the Particle Physics server seems to have been awoken in a different way).