Re: Source of attack: Russian nuclear facility?

[Richard_Bartlett () SW2000 COM]

I had the very same problem writing our companies Incident Response Procedure.
My local police station had no idea what I was talking about, and I had to go to
the Metropolitan Police to get any useful information.  They did know my local
contact, but also said if I had any trouble contacting him to call the
Metropolitan Police Service Computer Crime Unit on 0171 230 1177, (or out of
hours 0171 230 1212) and report the incident to the Duty Inspector.

Locally I think you have no chance of a meaningful response in the UK, but as a
large percentage of the traffic goes through LINX anyway I think the Met are the
best port of call as the attack will probably have gone through their
jurisdiction, and they are both better qualified and happier to help.

Richard Bartlett
Security Officer - Software 2000 Ltd

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Doug Winter
Sent: 10 August 2000 15:05
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Source of attack: Russian nuclear facility?


> On Mon, 7 Aug 2000, JLNelson wrote:
>
> > Bryan,
> >
> > > Who do you contact in situations of foreign based intrusion
> > > such as this?
> >
> > Contact your local FBI field office. You can find this at
> > www.fbi.gov/contact/fo/fo.htm.
>
> Provided you're in the US. If not you may want to contact
> your National
> FIRST Team for more information. I suspect at the least they
> can tell you
> who the appropriate law enforcement agencies are.
>
> A list of FIRST Teams is available via:
>
> http://www.first.org

Apologies for the slightly parochial question, but I've been trying to find
out who to contact in the UK for incident response.

You'd think it would be easy to discover, wouldn't you?

I believe it must be Scotland Yard's Computer Crime division, since we
appear to have no CERT, but nobody at Scotland Yard has replied to my emails
(I assume they're all out on the beat ;-).

Does anyone out there in our little Isle know who and what I should list in
our Incident Handling policy?

Regards,

Doug Winter
Chief Technology Officer
Doug,

I had the very same problem writing an Incident Response Procedure.  My local
police station had no idea what I was talking about, and I had to go to the
Metropolitan Police to get any useful information.  They did know my local
contact, but also said if I had any trouble contacting the local contact to call
the Metropolitan Police Service Computer Crime Unit on 0171 230 1177, (or out of
hours 0171 230 1212) and report the incident to the Duty Inspector.

Locally I think you have no chance of a meaningful response in the UK, but as a
large percentage of the traffic goes through LINX anyway I think the Met are the
best port of call as the attack will probably have gone through their
jurisdiction.

If anyone else has better information than this please mail it in.

Richard Bartlett
Security Officer - Software 2000 Ltd

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Doug Winter
Sent: 10 August 2000 15:05
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Source of attack: Russian nuclear facility?


> On Mon, 7 Aug 2000, JLNelson wrote:
>
> > Bryan,
> >
> > > Who do you contact in situations of foreign based intrusion
> > > such as this?
> >
> > Contact your local FBI field office. You can find this at
> > www.fbi.gov/contact/fo/fo.htm.
>
> Provided you're in the US. If not you may want to contact
> your National
> FIRST Team for more information. I suspect at the least they
> can tell you
> who the appropriate law enforcement agencies are.
>
> A list of FIRST Teams is available via:
>
> http://www.first.org

Apologies for the slightly parochial question, but I've been trying to find
out who to contact in the UK for incident response.

You'd think it would be easy to discover, wouldn't you?

I believe it must be Scotland Yard's Computer Crime division, since we
appear to have no CERT, but nobody at Scotland Yard has replied to my emails
(I assume they're all out on the beat ;-).

Does anyone out there in our little Isle know who and what I should list in
our Incident Handling policy?

Regards,

Doug Winter
Chief Technology Officer