Re: Who's liable?

[<hvdkooij () vanderkooij org>]

On Sat, 13 Oct 2001, Michael F. Bell wrote:

> Lets change the victim from a Goverment agency to a private one.  Lets
> say that EBAY got hacked and they launched the same sort of
> investigation with the same findings..  What can be done from a legal
> /financial standpoint if an attack is detected from your company network
> and there is no proof on exactly who did it?  Can the victims take legal
> action against you, or is there some sort of protocol from a legal
> standpoint that hinders this?

We know (or should know) that IP addresses can and will be faked in case
of a real attempt and are not enough to

So once a trace is so clearly pointing to you they must have some hard
evidence from your uplink. At this point the evidence is allready there
and it would be a matter of sorting out the small number of employees.

The likelyhood someone is not having any telltale sing is quite remote. At
this point 1 cleaner disk then the other N ones would be enough lead to
turn on the thumbscrews on this person.

Anyone have trouble hiding his/hers IP number isn't more then a slight
inconvinience. (Untill proper handling of spoofed IP's is done more
seriously.)

All in all I fail to see why this would be a likely scenario. I can think
of some others and less friendly ones that are much more likely.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com