RE: Monkeybrains.net and badtrans compromise information

From: Ken Pfeil (Kenat_private)
Date: Fri Jan 04 2002 - 12:49:45 PST

  • Next message: Michael Graham: "RE: Monkeybrains.net and badtrans compromise information"

    Here's a little snippet from the site. Any legal experts in the crowd?
    
    
    "Individuals
    MonkeyBrains is doing these requests for information for free for individual
    users. The software, time, energy, and the whole site is run by one person:
    me! So, if you utilize this service, then feel free to donate $10 (or more,
    or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy
    me a plane ticket, give me some $$$ and I'd love to work for you for a
    couple of days or weeks. Traveling is fun!
    
    Corporations
    If you are on the security team for an isp or corporation, and wish to have
    a list of all the compromised accounts and email addresses, you must
    contribute at least $10 for me to email you domain wide results. I was doing
    this for free, but after about 100 requests, I noted: "Fark, this is taking
    up a lot of my time. These corporatations have the money and will not mind
    parting with a little, so I am going to charge them for my time." Also,
    while this service was free, I received ZERO donations, so now, this free
    service is a pay-for service. Now, you may wonder, who the heck would use
    this service from some random guy; well, these domains have used this
    service:
    .nasdaq-online.com
    .prudential.com
    .motorola.com
    .etrade.com
    .saic.com
    .mmm.com
    .bp.com
    .mil
    (organized by number of charaters)
    
    Also, I am forcing good policy on corporations:
    
    abuseat_private must be a valid email address at your domain. Results
    are only sent to that address for requesting domains. This ensures that
    sensitive information is not sent to joe_schmooat_private Furthermore,
    as an ISP operator, I get highly annoyed when domains do not have abuse
    accounts set up.
    Microtransactions between large companies and users of the Internet are
    encouraged by making PayPal the payment method for this service.
    
    $1 - Thanks!
    $5 - This site is great
    $10 - Send me the info!
    $20 - Take a coffee break and walk the dog!
    $50 - Fancy dinner with girlfriend
    $100 - This site helped me patch up a bunch of compromised accounts!
    In closing, I don't want to sound like a money grubber, but I am self
    employed and received $0 to make this website. Help out if you like, and if
    you don't want to, that is fine too.
    
    - Rudy (badtransat_private)"
    
    > -----Original Message-----
    > From: van Wyk, Ken [mailto:Ken@para-protect.com]
    > Sent: Friday, January 04, 2002 2:38 PM
    > To: incidentsat_private
    > Cc: focus-virusat_private
    > Subject: RE: Monkeybrains.net and badtrans compromise information
    >
    >
    > Jon Williams writes:
    > > I've got to admit, I was suspicious when I got the same
    > message, but when
    > I
    > > tried getting the information and was told essentially "You've got
    > > compromised passwords, but you have to pay us to find out which," it
    > sounds
    > > more like extortion than good cyber citizenship.
    >
    > I'd just like to point out a couple things briefly:
    > 1) We have no affiliation whatsoever with monkeybrains.net;
    > 2) We were unaware of their intent to charge for this information;
    > 3) After scanning for ":443" in their database/web site and seeing > 2000
    > compromised SSL-encrypted sessions, we started alerting our customers;
    > 4) We alerted a number of companies whose employees, customers, etc., were
    > in that database, however there was no obligation or fee to any of those
    > companies for our alerts;
    > 5) Had we known of monkeybrains.net's intention to charge for
    > releasing the
    > information, we would have noted so in the alerts that we sent to
    > companies
    > that we found in their database.
    >
    > Cheers,
    >
    > Ken
    >
    > Kenneth R. van Wyk
    > CTO & Corporate Vice President
    > Para-Protect, Inc.
    > www.para-protect.com
    >
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 12:53:58 PST