RE: Monkeybrains.net and badtrans compromise information

From: Brian McWilliams (bmcwat_private)
Date: Fri Jan 04 2002 - 14:02:05 PST

  • Next message: Nick FitzGerald: "RE: Monkeybrains.net and badtrans compromise information"

    This article may explain a few things:
    
    Badtrans Victim Database Goes Commercial
    SAN FRANCISCO, CALIFORNIA, U.S.A.,
    04 Jan 2002, 3:20 PM CST
    http://www.newsbytes.com/news/02/173402.html
    
    Brian
    
    
    
    At 04:29 PM 1/4/2002, Slighter, Tim wrote:
    >There are numerous articles available online concerning this opertation and
    >how it evolved.  More or less brought into existence as the result of FBI
    >requests, I cannot accurately state where to draw the line from a financial
    >or legal perspective.  From a simple approach, it appears that the invidual
    >managing this site is rendering a non standard service and is most likely
    >entitled to charge for these services.  One possible loophole would be if
    >these services were mandated by the FBI and a legal entity that required the
    >site to provide these services to the public.
    >
    >
    >
    >-----Original Message-----
    >From: Ken Pfeil [mailto:Kenat_private]
    >Sent: Friday, January 04, 2002 1:50 PM
    >To: van Wyk, Ken; incidentsat_private
    >Cc: focus-virusat_private
    >Subject: RE: Monkeybrains.net and badtrans compromise information
    >
    >
    >Here's a little snippet from the site. Any legal experts in the crowd?
    >
    >
    >"Individuals
    >MonkeyBrains is doing these requests for information for free for individual
    >users. The software, time, energy, and the whole site is run by one person:
    >me! So, if you utilize this service, then feel free to donate $10 (or more,
    >or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy
    >me a plane ticket, give me some $$$ and I'd love to work for you for a
    >couple of days or weeks. Traveling is fun!
    >
    >Corporations
    >If you are on the security team for an isp or corporation, and wish to have
    >a list of all the compromised accounts and email addresses, you must
    >contribute at least $10 for me to email you domain wide results. I was doing
    >this for free, but after about 100 requests, I noted: "Fark, this is taking
    >up a lot of my time. These corporatations have the money and will not mind
    >parting with a little, so I am going to charge them for my time." Also,
    >while this service was free, I received ZERO donations, so now, this free
    >service is a pay-for service. Now, you may wonder, who the heck would use
    >this service from some random guy; well, these domains have used this
    >service:
    >.nasdaq-online.com
    >.prudential.com
    >.motorola.com
    >.etrade.com
    >.saic.com
    >.mmm.com
    >.bp.com
    >.mil
    >(organized by number of charaters)
    >
    >Also, I am forcing good policy on corporations:
    >
    >abuseat_private must be a valid email address at your domain. Results
    >are only sent to that address for requesting domains. This ensures that
    >sensitive information is not sent to joe_schmooat_private Furthermore,
    >as an ISP operator, I get highly annoyed when domains do not have abuse
    >accounts set up.
    >Microtransactions between large companies and users of the Internet are
    >encouraged by making PayPal the payment method for this service.
    >
    >$1 - Thanks!
    >$5 - This site is great
    >$10 - Send me the info!
    >$20 - Take a coffee break and walk the dog!
    >$50 - Fancy dinner with girlfriend
    >$100 - This site helped me patch up a bunch of compromised accounts!
    >In closing, I don't want to sound like a money grubber, but I am self
    >employed and received $0 to make this website. Help out if you like, and if
    >you don't want to, that is fine too.
    >
    >- Rudy (badtransat_private)"
    >
    > > -----Original Message-----
    > > From: van Wyk, Ken [mailto:Ken@para-protect.com]
    > > Sent: Friday, January 04, 2002 2:38 PM
    > > To: incidentsat_private
    > > Cc: focus-virusat_private
    > > Subject: RE: Monkeybrains.net and badtrans compromise information
    > >
    > >
    > > Jon Williams writes:
    > > > I've got to admit, I was suspicious when I got the same
    > > message, but when
    > > I
    > > > tried getting the information and was told essentially "You've got
    > > > compromised passwords, but you have to pay us to find out which," it
    > > sounds
    > > > more like extortion than good cyber citizenship.
    > >
    > > I'd just like to point out a couple things briefly:
    > > 1) We have no affiliation whatsoever with monkeybrains.net;
    > > 2) We were unaware of their intent to charge for this information;
    > > 3) After scanning for ":443" in their database/web site and seeing > 2000
    > > compromised SSL-encrypted sessions, we started alerting our customers;
    > > 4) We alerted a number of companies whose employees, customers, etc., were
    > > in that database, however there was no obligation or fee to any of those
    > > companies for our alerts;
    > > 5) Had we known of monkeybrains.net's intention to charge for
    > > releasing the
    > > information, we would have noted so in the alerts that we sent to
    > > companies
    > > that we found in their database.
    > >
    > > Cheers,
    > >
    > > Ken
    > >
    > > Kenneth R. van Wyk
    > > CTO & Corporate Vice President
    > > Para-Protect, Inc.
    > > www.para-protect.com
    > >
    > >
    >
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management
    >and tracking system please see: http://aris.securityfocus.com
    >
    >---
    >Incoming mail is certified Virus Free.
    >Checked by AVG anti-virus system (http://www.grisoft.com).
    >Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02
    >
    >
    >---
    >Outgoing mail is certified Virus Free.
    >Checked by AVG anti-virus system (http://www.grisoft.com).
    >Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02
    >
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management
    >and tracking system please see: http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 14:08:12 PST