Security Incidents mailing list archives
Re: Who's liable?
From: Alvin Oga <alvin.sec () Mail Linux-Consulting com>
Date: Sat, 13 Oct 2001 15:28:14 -0700 (PDT)
hi ya interesting problem.... think that law enforcement folks wanna get the "right hacker/cracker" if someone trys to put up roadblocks... than they might find themself becoming suspect ?? - they just want the cooperation to get those responsible most small biz cannot afford a "security expert" or security-anything - hackers know it.... so these small biz and users on dsl lines at home are prime candidates for staging machines to attack their target victims not an easy solution/problem ... since now everybody has a pc on their desk at home and work and around the world to do productive things or equally mischeivous things -- dont worry about them .... "fix your own network" as best as you can given the time, budget, experience, knowledge one has... - security is kinda like backups... you know you should get it done before something(disks) breaks -- if you maintain networks for small biz.... securely logg everything... have fun alvin http://www.Linux-Sec.net On Sat, 13 Oct 2001, Michael F. Bell wrote:
These are fictional scenarios that I am SURE that other people would like to discuss. Lets say you are a small realty agency, and you provide internet access to your employees and one of your employees hacks into the Whitehouse website from your internal network. You do not have any logging going on from your SOHO firewall and the FBI shows up at your door one day with a warrant to search your computers for evidence of hacking into the Whitehouse website. The FBI searches all 10 computers in your network and comes up without any hard evidence from these 10 machines linking them to the the hack into the Whitehouse website. Your company is not doing any firewall logging and you do not have any public servers that could have been hacked so someone could have remotely launched the attack? All that the FBI has is your publicly NAT'ed firewall address. Who is liable?? What can the FBI do at this point? The above scenario is all fictional from my standpoint. I could imagine that this is someones reality though... Lets change the victim from a Goverment agency to a private one. Lets say that EBAY got hacked and they launched the same sort of investigation with the same findings.. What can be done from a legal /financial standpoint if an attack is detected from your company network and there is no proof on exactly who did it? Can the victims take legal action against you, or is there some sort of protocol from a legal standpoint that hinders this?Michael Bell mike_b () rhinobyte com---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Who's liable? Michael F. Bell (Oct 13)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? macdaddy (Oct 14)
- RE: Who's liable? Dom Genzano (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 14)
- Re: Who's liable? macdaddy (Oct 14)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? Jay D. Dyson (Oct 13)
- Re: Who's liable? - fbi Alvin Oga (Oct 13)
- Re: Who's liable? Alvin Oga (Oct 13)
- RE: Who's liable? Chris Mason (Oct 13)
- RE: Who's liable? Liam Burrow (Oct 13)
- RE: Who's liable? Russell Berry (Oct 13)
- RE: Who's liable? Brian Taylor (Oct 14)
- Re: Who's liable? Frank (Oct 14)
- RE: Who's liable? Michael Conlen (Oct 14)
- <Possible follow-ups>
- RE: Who's liable? Rob Keown (Oct 13)
- Re: Who's liable? Kelly Martin (Oct 13)
- Re: Who's liable? Doug Foster (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 13)