Re: Who's liable?

From: Jay D. Dyson (jdysonat_private)
Date: Sat Oct 13 2001 - 15:33:35 PDT

  • Next message: Alvin Oga: "Re: Who's liable? - fbi"

    On Sat, 13 Oct 2001, Michael F. Bell wrote:
    > Lets say you are a small realty agency, and you provide internet access
    > to your employees and one of your employees hacks into the Whitehouse
    > website from your internal network.
    > Who is liable??  What can the FBI do at this point? 
    	No liability is identified at the time.  But I guarantee you that
    the FBI will confiscate all machines on site and send them off for
    forensics evidence gathering.  Don't bother objecting that it will cause
    your business undue hardship.  LEAs don't care.  Period.
    > Lets change the victim from a Goverment agency to a private one.  Lets
    > say that EBAY got hacked and they launched the same sort of
    > investigation with the same findings..  What can be done from a legal
    > /financial standpoint if an attack is detected from your company network
    > and there is no proof on exactly who did it?  Can the victims take legal
    > action against you, or is there some sort of protocol from a legal
    > standpoint that hinders this? 
    	Depends on the damages.  If they reach a certain amount, the FBI
    will be called in and we're back to situation one as described in the
    earlier part of my reply.  If the damages are minimal and don't warrant
    FBI involvement, then eBay will simply absorb the loss, (hopefully) make
    appropriate updates to their security policies, practices and procedures,
    and mush on.
    	In the final analysis, any system that can't do even basic
    auditing and accountability on their networks will -- at the very least --
    wind up on many an admin's firewall blacklist.  I've been doing as much
    with abuse-friendly networks since the '90s.  At most, the FBI will be
    called in and will (in the name of the law) rip that network's systems
    down to the wires. 
    - -Jay
      (    (                                                         _______
      ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    = |-'
     `--' `--'  `-- Peace without honor is life without living. --'  `------'
    Version: 2.6.2
    Comment: See for current keys.
    -----END PGP SIGNATURE-----
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Sat Oct 13 2001 - 15:51:47 PDT