Re: Who's liable? - fbi

From: Alvin Oga (alvin.secat_private-Consulting.com)
Date: Sat Oct 13 2001 - 15:59:52 PDT

Next message: Jensenne Roculan: "Dead Thread - Who's Liable?"

Previous message: Jay D. Dyson: "Re: Who's liable?"
In reply to: Jay D. Dyson: "Re: Who's liable?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi ya

out here ( san jose area ) ... the agencies out here are
fairly lenient and good about investigating computer crimes...

they ( fbi )  get involved when "it" becomes a felony across
interstate lines or gov't property... ( think a felony is anything that
was $10,000 or more in damages ... forgot .. "a small amount"

think they did confiscate some smurf attacker's PCs..
( can't get confirmation etc...since it was under investigation at the time
- told um the sites that maintains potential smurf amplifiers sites etc
	
- took a month or so of "watching the smurfing going on" ....but dont
  think the smurf'ers been back since

have fun linuxing/securing..
alvin


On Sat, 13 Oct 2001, Jay D. Dyson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 13 Oct 2001, Michael F. Bell wrote:
> 
> > Lets say you are a small realty agency, and you provide internet access
> > to your employees and one of your employees hacks into the Whitehouse
> > website from your internal network.
> <snip>
> > Who is liable??  What can the FBI do at this point? 
> 
> 	No liability is identified at the time.  But I guarantee you that
> the FBI will confiscate all machines on site and send them off for
> forensics evidence gathering.  Don't bother objecting that it will cause
> your business undue hardship.  LEAs don't care.  Period.

...
 
> 	Depends on the damages.  If they reach a certain amount, the FBI
> will be called in and we're back to situation one as described in the
> earlier part of my reply.  If the damages are minimal and don't warrant
> FBI involvement, then eBay will simply absorb the loss, (hopefully) make
> appropriate updates to their security policies, practices and procedures,
> and mush on.
> 
> 	In the final analysis, any system that can't do even basic
> auditing and accountability on their networks will -- at the very least --
> wind up on many an admin's firewall blacklist.  I've been doing as much
> with abuse-friendly networks since the '90s.  At most, the FBI will be
> called in and will (in the name of the law) rip that network's systems
> down to the wires. 
> 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jensenne Roculan: "Dead Thread - Who's Liable?"
Previous message: Jay D. Dyson: "Re: Who's liable?"
In reply to: Jay D. Dyson: "Re: Who's liable?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 13 2001 - 16:06:45 PDT