Re: Recent Attacks

[Ryan Russell <ryan () securityfocus com>]

> > Hang on now, that's too easy an example.  I'm not THAT
> > lenient.  What I'm saying is that if Amazon normally
> > does 1M$/day, and on the day od the DDoS attacks,
> > they only do 800K$... but then do 1.2M$ the next day..
> > were there damages beyond investigative costs?
> And E-trade, where *timing* matters a lot to their customers?
>
>               --Steve Bellovin

For E-trade, it makes a lot more sense that business would be lost that
would happen then and only then (well, mostly... I'm sure some folks will
still sell even after the stock dropped below what they meant to sell at.)
It makes sense to punish the attacker exta on behalf of the customers of
E-trade *IFF* E-Trade does something along those lines for normal outages.
(I think they've had some, and I don't think they did anything for the
customers, did they?  Hmm..lesse, our click-wrap agreement says "Screw
You.")

All I want is for prosecutors, judges, and law enforcement to put some
intelligent thought into what the damages really were.  I still say the
attacker couldn't have done 1.2B in damages, and that's the "crucifixtion"
dollar amount.   

If someone decides that mapping out the Internet to produce nice-looking
graphs constitutes a criminal port-scanning attack, you would want to have
someone force the prosecutors to name reasonable damages, right?  You
wouldn't want some idiot fed saying "This guy attacked every single
machine on the Internet for severl years, and caused trillions in
damages."  

                                        Ryan