RE: Monkeybrains.net and badtrans compromise information

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

There are numerous articles available online concerning this opertation and
how it evolved.  More or less brought into existence as the result of FBI
requests, I cannot accurately state where to draw the line from a financial
or legal perspective.  From a simple approach, it appears that the invidual
managing this site is rendering a non standard service and is most likely
entitled to charge for these services.  One possible loophole would be if
these services were mandated by the FBI and a legal entity that required the
site to provide these services to the public.



-----Original Message-----
From: Ken Pfeil [mailto:Ken () infosec101 org]
Sent: Friday, January 04, 2002 1:50 PM
To: van Wyk, Ken; incidents () securityfocus com
Cc: focus-virus () securityfocus com
Subject: RE: Monkeybrains.net and badtrans compromise information


Here's a little snippet from the site. Any legal experts in the crowd?


"Individuals
MonkeyBrains is doing these requests for information for free for individual
users. The software, time, energy, and the whole site is run by one person:
me! So, if you utilize this service, then feel free to donate $10 (or more,
or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy
me a plane ticket, give me some $$$ and I'd love to work for you for a
couple of days or weeks. Traveling is fun!

Corporations
If you are on the security team for an isp or corporation, and wish to have
a list of all the compromised accounts and email addresses, you must
contribute at least $10 for me to email you domain wide results. I was doing
this for free, but after about 100 requests, I noted: "Fark, this is taking
up a lot of my time. These corporatations have the money and will not mind
parting with a little, so I am going to charge them for my time." Also,
while this service was free, I received ZERO donations, so now, this free
service is a pay-for service. Now, you may wonder, who the heck would use
this service from some random guy; well, these domains have used this
service:
.nasdaq-online.com
.prudential.com
.motorola.com
.etrade.com
.saic.com
.mmm.com
.bp.com
.mil
(organized by number of charaters)

Also, I am forcing good policy on corporations:

abuse () yourdomain com must be a valid email address at your domain. Results
are only sent to that address for requesting domains. This ensures that
sensitive information is not sent to joe_schmoo () yourdomain com. Furthermore,
as an ISP operator, I get highly annoyed when domains do not have abuse
accounts set up.
Microtransactions between large companies and users of the Internet are
encouraged by making PayPal the payment method for this service.

$1 - Thanks!
$5 - This site is great
$10 - Send me the info!
$20 - Take a coffee break and walk the dog!
$50 - Fancy dinner with girlfriend
$100 - This site helped me patch up a bunch of compromised accounts!
In closing, I don't want to sound like a money grubber, but I am self
employed and received $0 to make this website. Help out if you like, and if
you don't want to, that is fine too.

- Rudy (badtrans () monkeybrains net)"

> -----Original Message-----
> From: van Wyk, Ken [mailto:Ken () para-protect com]
> Sent: Friday, January 04, 2002 2:38 PM
> To: incidents () securityfocus com
> Cc: focus-virus () securityfocus com
> Subject: RE: Monkeybrains.net and badtrans compromise information
>
>
> Jon Williams writes:
> > I've got to admit, I was suspicious when I got the same
> message, but when
> I
> > tried getting the information and was told essentially "You've got
> > compromised passwords, but you have to pay us to find out which," it
> sounds
> > more like extortion than good cyber citizenship.
>
> I'd just like to point out a couple things briefly:
> 1) We have no affiliation whatsoever with monkeybrains.net;
> 2) We were unaware of their intent to charge for this information;
> 3) After scanning for ":443" in their database/web site and seeing > 2000
> compromised SSL-encrypted sessions, we started alerting our customers;
> 4) We alerted a number of companies whose employees, customers, etc., were
> in that database, however there was no obligation or fee to any of those
> companies for our alerts;
> 5) Had we known of monkeybrains.net's intention to charge for
> releasing the
> information, we would have noted so in the alerts that we sent to
> companies
> that we found in their database.
>
> Cheers,
>
> Ken
>
> Kenneth R. van Wyk
> CTO & Corporate Vice President
> Para-Protect, Inc.
> www.para-protect.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.313 / Virus Database: 174 - Release Date: 1/2/02
 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com