Security Basics mailing list archives
RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: "mike.h" <mike.h () stemik com>
Date: Fri, 30 May 2003 14:35:00 -0400
If the messages are, in fact, illegal threats AND CREDIBLE, then do not delay contacting law enforcement. Even if the sender is in the US, spoofing headers is relatively easy, so there's no guarantee that the message can be traced by that method. A lot depends upon the technical sophistication of the sender. In other words, even if Yahoo cooperates in the investigation, that alone may not be sufficient to discover the sender's identity. It may be possible to back trace through the log files of the various systems through which the mail passed. The writers of some viruses have got themselves caught this way. Typically, log files are not kept very long, and only a law enforcement agency would have the authority to demand them from the owners. This is a lot of work, and there's no guarantee of success, so it's rarely used in such cases. If the threats are targeting someone who is not "in the public eye", it's very probable that the recipient knows the sender. Any respectable investigator would begin with the "disgruntled" employees, "jilted" boyfriend, or other classic "hate crime" candidates known to the sender. It would be nice to think that people smart enough to be sophisticated hackers would also be smart enough not to engage stupid or illegal behavior, but unfortunately, technical skill and emotional maturity are independent qualities. mike.h -----Original Message----- From: Shawn Duffy [mailto:pakkit () codepiranha org] Sent: Thursday, May 29, 2003 1:49 PM To: Jay Woody Cc: stephenbbaker () hotmail com; security-basics () securityfocus com Subject: Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail You need to get the original headers from the recipient of the message. That will have the sender's IP address. From there you can send the headers to Yahoo's abuse department (don't know the address offhand). Who knows if it will actually be addressed by them but that is all you can do. If they ARE life-threatening then your best bet is to contact your local law enforcement agency, give them the headers and the emails, and they will submit a subpoena or search warrant to Yahoo for user records. Yahoo HAS to respond to those. However, if the offending user is outside the US, there still may ne nothing they can do. Though Yahoo will close the account. Either way, you will never know the identity of the real sender, at least from this... the law enforcement agency won't tell you who it is once they have the records, nor should they, and neither will Yahoo. Shawn Duffy, CCNA CCSE email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit gpg key: http://codepiranha.org/~pakkit/pakkit.asc gpg fpr: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html On Wed, 28 May 2003, Jay Woody wrote:
Send them an e-mail telling them they have won $1,000,000 and you need their name and address. JayW P.S. We just went through this too and there is basically nothing. We started blocking mail from that address, but they can just get another one if they are really persistent. We changed the person's e-mail address also, from John.Smith to John.X.Smith or something like that too for external mail. About all you can do is get the police or FBI involved. Sorry."steve baker" <stephenbbaker () hotmail com> 05/27/03 11:38AM >>>One of our users has received questionable and possibly life threatening emails from a yahoo account that was created recently. They have approached us to find out as much as we can pertaining to the person sending it. Of course, we are not YAHOO so we cannot determine anything about the mail other than the content. How can we find out who sent this? _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Shawn Duffy (Jun 01)
- <Possible follow-ups>
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail mike.h (Jun 01)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Greg Francis (Jun 01)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Jude Naidoo (Jun 02)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Juan Velasquez (Jun 04)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail David Gillett (Jun 04)
- Re: Distressing, possibly life threatening emails from free accounts Aj Effin Reznor (Jun 04)