Security Incidents mailing list archives

Re: hacked server, DDoS bin installed

From: RonaldJW <ronaldjw () inreach com>
Date: Wed, 07 Dec 2005 11:48:32 -0800

Actually, the FBI will not take the case depending on where the incidentis occuring because each field office (56 of them) has a declinationlevel, based on loss, that they get from the US Attorneys Office in theFederal Judicial District that they are in. The $ amount of loss willbe different from office to office. It is also a function of the amountof resources available to that office.Thus I would still check with the local FBI office and if the CyberCrime Supervisor can not help, ask for a referral to a local agency ortask force that will work the case.


ron wilczynski

Jay D. Dyson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Dec 2005, naptime () gmail com wrote:
a customers server got hacked.. binary in tact, seems like they wereDDoSing.. strings brings up the irc server, channel name, key.. whereis the fbi address where i can send this information to?
The FBI will not take the case unless you can provide concreteevidence that your customer suffered more than $10,000 in losses due tothe intrusion. Failing that, there's nothing the FBI will do unlessyour customer is very well-connected politically.
I recommend using this this incident as an object lesson indeveloping and implementing policies and procedures for intrusionforensics for your customer. That way, when (not if) the day comes thatyou qualify to haul in the FBI, the evidence chain will be unassailable.
- -Jay

   (    (                                                       _______
   ))   ))  .-"There's always time for a good cup of coffee."-.  >====<--.
 C|~~|C|~~| \------ Jay D. Dyson - jdyson () treachery net ------/ |    = |-'
  `--' `--'  `-- The only real 'exit strategy' is victory. --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFDlxi5dHgnXUr6DdMRAqdPAKDBKJpD+m2EN7jRBuuXqLnvrjNxSwCbBxMw
gluKaQIUAkWUwlBXOPn/H00=
=iEWj
-----END PGP SIGNATURE-----

Current thread:

hacked server, DDoS bin installed naptime (Dec 07)
- Re: hacked server, DDoS bin installed Val Kaelin (Dec 07)
- Re: hacked server, DDoS bin installed Andrew Sledge (Dec 07)
- RE: hacked server, DDoS bin installed J B (Dec 07)
- Re: hacked server, DDoS bin installed Jay D. Dyson (Dec 07)
  - Re: hacked server, DDoS bin installed Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Dec 08)
  - Re: hacked server, DDoS bin installed RonaldJW (Dec 08)
  - Re: hacked server, DDoS bin installed Paul Robertson (Dec 12)
- RE: hacked server, DDoS bin installed richardcg (Dec 08)
- Re: hacked server, DDoS bin installed -- To put it another way... Ron (Dec 08)
  - RE: hacked server, DDoS bin installed -- To put it another way... richardcg (Dec 12)
  - Re: hacked server, DDoS bin installed -- To put it another way... Thorsten Holz (Dec 12)
  - Re: hacked server, DDoS bin installed -- To put it another way... Rembrandt (Dec 12)
    - Re: hacked server, DDoS bin installed -- To put it another way... Christine Kronberg (Dec 14)
  - Re: hacked server, DDoS bin installed -- To put it another way... Paul Robertson (Dec 12)
    - Re: hacked server, DDoS bin installed -- To put it another way... Ron (Dec 12)
    - RE: hacked server, DDoS bin installed -- To put it another way... Tim Hollebeek (Dec 12)

(Thread continues...)