Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hacked server, DDoS bin installed

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 7 Dec 2005 09:15:27 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Dec 2005, naptime () gmail com wrote:
a customers server got hacked.. binary in tact, seems like they were DDoSing.. strings brings up the irc server, channel name, key.. where is the fbi address where i can send this information to?
The FBI will not take the case unless you can provide concrete evidence that your customer suffered more than $10,000 in losses due to the intrusion. Failing that, there's nothing the FBI will do unless your customer is very well-connected politically.
I recommend using this this incident as an object lesson in developing and implementing policies and procedures for intrusion forensics for your customer. That way, when (not if) the day comes that you qualify to haul in the FBI, the evidence chain will be unassailable. 

- -Jay

   (    (                                                       _______
   ))   ))  .-"There's always time for a good cup of coffee."-.  >====<--.
 C|~~|C|~~| \------ Jay D. Dyson - jdyson () treachery net ------/ |    = |-'
  `--' `--'  `-- The only real 'exit strategy' is victory. --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFDlxi5dHgnXUr6DdMRAqdPAKDBKJpD+m2EN7jRBuuXqLnvrjNxSwCbBxMw
gluKaQIUAkWUwlBXOPn/H00=
=iEWj
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: