Security Incidents mailing list archives
Re: Who's liable? - fbi
From: Alvin Oga <alvin.sec () Mail Linux-Consulting com>
Date: Sat, 13 Oct 2001 15:59:52 -0700 (PDT)
hi ya out here ( san jose area ) ... the agencies out here are fairly lenient and good about investigating computer crimes... they ( fbi ) get involved when "it" becomes a felony across interstate lines or gov't property... ( think a felony is anything that was $10,000 or more in damages ... forgot .. "a small amount" think they did confiscate some smurf attacker's PCs.. ( can't get confirmation etc...since it was under investigation at the time - told um the sites that maintains potential smurf amplifiers sites etc - took a month or so of "watching the smurfing going on" ....but dont think the smurf'ers been back since have fun linuxing/securing.. alvin On Sat, 13 Oct 2001, Jay D. Dyson wrote:
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 13 Oct 2001, Michael F. Bell wrote:Lets say you are a small realty agency, and you provide internet access to your employees and one of your employees hacks into the Whitehouse website from your internal network.<snip>Who is liable?? What can the FBI do at this point?No liability is identified at the time. But I guarantee you that the FBI will confiscate all machines on site and send them off for forensics evidence gathering. Don't bother objecting that it will cause your business undue hardship. LEAs don't care. Period.
...
Depends on the damages. If they reach a certain amount, the FBI will be called in and we're back to situation one as described in the earlier part of my reply. If the damages are minimal and don't warrant FBI involvement, then eBay will simply absorb the loss, (hopefully) make appropriate updates to their security policies, practices and procedures, and mush on. In the final analysis, any system that can't do even basic auditing and accountability on their networks will -- at the very least -- wind up on many an admin's firewall blacklist. I've been doing as much with abuse-friendly networks since the '90s. At most, the FBI will be called in and will (in the name of the law) rip that network's systems down to the wires.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Who's liable? Michael F. Bell (Oct 13)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? macdaddy (Oct 14)
- RE: Who's liable? Dom Genzano (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 14)
- Re: Who's liable? macdaddy (Oct 14)
- Re: Who's liable? hvdkooij (Oct 13)
- Re: Who's liable? Jay D. Dyson (Oct 13)
- Re: Who's liable? - fbi Alvin Oga (Oct 13)
- Re: Who's liable? Alvin Oga (Oct 13)
- RE: Who's liable? Chris Mason (Oct 13)
- RE: Who's liable? Liam Burrow (Oct 13)
- RE: Who's liable? Russell Berry (Oct 13)
- RE: Who's liable? Brian Taylor (Oct 14)
- Re: Who's liable? Frank (Oct 14)
- RE: Who's liable? Michael Conlen (Oct 14)
- <Possible follow-ups>
- RE: Who's liable? Rob Keown (Oct 13)
- Re: Who's liable? Kelly Martin (Oct 13)
- Re: Who's liable? Doug Foster (Oct 14)
- Re: Who's liable? Kelly Martin (Oct 13)