This article may explain a few things: Badtrans Victim Database Goes Commercial SAN FRANCISCO, CALIFORNIA, U.S.A., 04 Jan 2002, 3:20 PM CST http://www.newsbytes.com/news/02/173402.html Brian At 04:29 PM 1/4/2002, Slighter, Tim wrote: >There are numerous articles available online concerning this opertation and >how it evolved. More or less brought into existence as the result of FBI >requests, I cannot accurately state where to draw the line from a financial >or legal perspective. From a simple approach, it appears that the invidual >managing this site is rendering a non standard service and is most likely >entitled to charge for these services. One possible loophole would be if >these services were mandated by the FBI and a legal entity that required the >site to provide these services to the public. > > > >-----Original Message----- >From: Ken Pfeil [mailto:Kenat_private] >Sent: Friday, January 04, 2002 1:50 PM >To: van Wyk, Ken; incidentsat_private >Cc: focus-virusat_private >Subject: RE: Monkeybrains.net and badtrans compromise information > > >Here's a little snippet from the site. Any legal experts in the crowd? > > >"Individuals >MonkeyBrains is doing these requests for information for free for individual >users. The software, time, energy, and the whole site is run by one person: >me! So, if you utilize this service, then feel free to donate $10 (or more, >or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy >me a plane ticket, give me some $$$ and I'd love to work for you for a >couple of days or weeks. Traveling is fun! > >Corporations >If you are on the security team for an isp or corporation, and wish to have >a list of all the compromised accounts and email addresses, you must >contribute at least $10 for me to email you domain wide results. I was doing >this for free, but after about 100 requests, I noted: "Fark, this is taking >up a lot of my time. These corporatations have the money and will not mind >parting with a little, so I am going to charge them for my time." Also, >while this service was free, I received ZERO donations, so now, this free >service is a pay-for service. Now, you may wonder, who the heck would use >this service from some random guy; well, these domains have used this >service: >.nasdaq-online.com >.prudential.com >.motorola.com >.etrade.com >.saic.com >.mmm.com >.bp.com >.mil >(organized by number of charaters) > >Also, I am forcing good policy on corporations: > >abuseat_private must be a valid email address at your domain. Results >are only sent to that address for requesting domains. This ensures that >sensitive information is not sent to joe_schmooat_private Furthermore, >as an ISP operator, I get highly annoyed when domains do not have abuse >accounts set up. >Microtransactions between large companies and users of the Internet are >encouraged by making PayPal the payment method for this service. > >$1 - Thanks! >$5 - This site is great >$10 - Send me the info! >$20 - Take a coffee break and walk the dog! >$50 - Fancy dinner with girlfriend >$100 - This site helped me patch up a bunch of compromised accounts! >In closing, I don't want to sound like a money grubber, but I am self >employed and received $0 to make this website. Help out if you like, and if >you don't want to, that is fine too. > >- Rudy (badtransat_private)" > > > -----Original Message----- > > From: van Wyk, Ken [mailto:Ken@para-protect.com] > > Sent: Friday, January 04, 2002 2:38 PM > > To: incidentsat_private > > Cc: focus-virusat_private > > Subject: RE: Monkeybrains.net and badtrans compromise information > > > > > > Jon Williams writes: > > > I've got to admit, I was suspicious when I got the same > > message, but when > > I > > > tried getting the information and was told essentially "You've got > > > compromised passwords, but you have to pay us to find out which," it > > sounds > > > more like extortion than good cyber citizenship. > > > > I'd just like to point out a couple things briefly: > > 1) We have no affiliation whatsoever with monkeybrains.net; > > 2) We were unaware of their intent to charge for this information; > > 3) After scanning for ":443" in their database/web site and seeing > 2000 > > compromised SSL-encrypted sessions, we started alerting our customers; > > 4) We alerted a number of companies whose employees, customers, etc., were > > in that database, however there was no obligation or fee to any of those > > companies for our alerts; > > 5) Had we known of monkeybrains.net's intention to charge for > > releasing the > > information, we would have noted so in the alerts that we sent to > > companies > > that we found in their database. > > > > Cheers, > > > > Ken > > > > Kenneth R. van Wyk > > CTO & Corporate Vice President > > Para-Protect, Inc. > > www.para-protect.com > > > > > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02 > > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02 > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 14:08:12 PST