[ISN] Re: rt66.com and 1.8 million

From: mea culpa (jerichoat_private)
Date: Tue Aug 18 1998 - 14:33:07 PDT

  • Next message: mea culpa: "[ISN] rt66.com Attackers blamed for 1.8 million in damages"

    [Moderator: This was originally made to other lists carrying the
    Reply From: mea culpa <jerichoat_private>
    Time to debunk the bull again..
    > From: Carolyn Meinel <cmeinelat_private>
    > Subject: HHD for 8/17
    >         Have you been wondering about our Web site and War Game? Patience,
    > please, we'll be up again!  The hacker war against us has escalated to epic
    > proportions. Because our opponents are unable to intimidate us, they have
    > resorted to attacking the ISP, Rt66 Internet, that serves us, and also are
    > attacking our ISP's customers.  In an Aug. 8, 1998 attack, these criminals
    > caused over $1.8 million in damage against those they held hostage to their
    > demands that no one give us access to the Internet.  On August 14, the FBI
    > publicly announced it is pursuing our assailants.
    1.8 million eh? Now, we know that rt66.com staff are most likely on
    salary, so lets factor in a few months of their work first of all. Say
    they are completely stupid and needed 5 of them rubbing heads for 3 months
    to work on this, we can guess that brings the bill up to 30,000 or so, but
    hell, lets round up. 50,000 is what it cost in man hours to deal with this
    (remember, we are saying *3* months, more than the benefit of the doubt). 
    Equipment. Lets say they went out and bought top of the line hardware
    based sniffers, new machine for shell usage, and more. Another 50,000
    bucks. This figure is based on them going hog wild on new equipment, party
    expenses, and everything else.
    Now.. changing credit card numbers. That is a service provided by the
    credit card companies. IF she or RT are claiming this as part of the
    damage, lets figure that in. Rough.. 5000 or so customers? 2500 with
    credit cards? Takes roughly 10 minutes to call in and change it. Time +
    material + helpdesk should realistically go for 5 bucks per card or so. 
    (we don't play the bullshit inflation game). 5 * 2500 = 12,500
    Hrm... what else? Ahh. I bet they hired some consultants to come fix it!
    If so, first, fire them if the machine got broken into again.
    Now.. lets see what we have here. 50,000 + 50,000 + 12,500 = 112,500
    subtotal. 1,800,000 - 112,500 = 1,687,500 left that needs explaining.
    Lets say they hire some top notch (cough) security consultants that bill
    themselves out at 500/hr, mind you 150/hr is average.
    1,687,500 / 500 = 3375 hours. 3375 / 40 = 84.3 weeks if they use one
    So now.. for that 1.8 million.. they had 5 of their own people working 3
    months on this, along with a consultant who worked 84 weeks (well over a
    year), and that is how they can explain 1.8 million dollars.
    Seems to me that the staff of RT66.com is a bit undertrained, and has no
    concept of security. Further, it seems that they have no clue on
    intelligent spending to maintain a sane budget. 
    I have this strange feeling that they have recently read two books...
    _Idiots Guide to Spending on Stupid Things_, and _The Happy Hacker_.
    >         We need volunteers who specialize in gathering forensic evidence.
    > Is there anyone whose company sells computer security products that would
    Carolyn.. you and rt66 need more than that. You need a clue and a wake up
    >         Those who are assaulting the customers of Rt66 Internet are the
    > worst terrorists in the history of computer crime.  If they get away with
    Can we leave a bit of the drama out? What about the 100,000 customers of
    netcom during Mitnick? Seems that is a BIT bigger than your little pond on
    the net.
    > they succeed, the whole world will know that a gang of computer criminals
    > now has the power to force their will on anyone who wants to use the Internet. 
    Its amusing that you release this when no widespread public statement was
    made by the terrorists. I monitor almost 100 mailing lists, I received
    copies of two pieces of mail from the last hack (i assume), and saw no
    terrorist demands. There were no threats leveled at the customers of
    rt66.com, nor the staff. So.. that in mind, could you share their demands
    so that we know you aren't making that up too? It is more than obvious you
    are making up the 1.8 million figure.
    Lying to the FBI about an investigation is a crime Carolyn. But hell, you
    knew that. Not the first time you have lied to FBI agents is it?
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:01:21 PDT