Re: [ISN] ICSA employes an undercover hacker spy.

From: mea culpa (jerichot_private)
Date: Sun Jul 05 1998 - 22:30:24 PDT

  • Next message: mea culpa: "Re: [ISN] Signs of Insecurity in Cyberspace - Analysis"

    Forwarded From: "Jeffrey F. Lawhorn" <jefflt_private>
    >LOL.  Well, seeing as how they pass me the information and I make the call
    >to the companies and tell them, for free, I guess that would make it
    >*before* they front us any money.  And I don't ask for money, that
    >tantamount to extortion.  I make the calls for two reasons, to protect my
    >guys' identities and to anticipate social engineering alarms at the other
    >end.  It's pretty easy to check me out either by web search, or in paper
    >directories like American Society for Industrial Security or International
    >Association of Chiefs of Police.  Only if the customer asks about any of
    >our services do I refer them to Sales.  If they don't bring it up, they
    >won't get a second call.  Indeed, if I can find a PGP key for an Admin or
    >Security type, I even don't call 'em.  A couple months ago I encrypted and
    >sent a password file to an ISP.  The file had been posted to a web site.
    >Turned out it's a bait file they return when they get a phf probe, but it's
    >a good example of a no-sales-call notification.
    Seeing as how I'm that ISP, let me make a comment.  David contacted us via 
    the phone first.  About 6 weeks after a script kiddy had spent a considerable 
    amount of time trying to break into our network from local competing ISPs 
    dialups.  After talking to David, he did send me a copy of a password file 
    that I send out in response to several well-known password probes.  When 
    David found this out, he lost all interest in talking to me.  He would not 
    provide the name (or handle) of the twerp attempting to break in to our 
    network.  He would not tell me the web page where the twerp was bragging 
    about having broken into us.  Basically he wouldn't tell me anything other 
    than he believed we'd be broken into.
    I appreciate that ICSA calls sites that have been potentially broken into.  
    However, the call I received felt and smelled like a sales call.  It would be 
    nice however, for them to provide information about the hacker that did the 
    deed when asked to.
    >Dave Kennedy CISSP
    >International Computer Security Assoc
    >Protect what you connect.
    >Look both ways before crossing the Net.
    Jeffrey F. Lawhorn                       |Internet Consulting, Custom
    Software Design Associates, Inc.         |Connectivity Solutions, and
    jefflt_private       619-679-5900 voice |CGI programming. 619-679-2327 fax   |T1's for $630/month
    ISP/C Director Technical Services
    Finger jefflt_private for PGP Public Key.
    Insist on Quality! WANet.Net is an ISP/C Member -
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:00 PDT