Security Incidents mailing list archives

Re: hacked server, DDoS bin installed

From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Wed, 07 Dec 2005 11:29:55 -0800

Well... though..... Got California folks in that database?  Identity info?

You are require to inform them under SB1386 of an intrusion.

Some industries also require notification to law enforcement bodies.

What agencies like the FBI do though is track such things. Thereforeeven if the event goes 'nowhere' the fact that you are now a statistichelps the rest of us to prove to our bosses that we should do things.

Don't just blow this off. As Jay says use this as a lesson to build anincident handling process [www.sans.org has links to samples ofchecklists and what not].




Jay D. Dyson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Dec 2005, naptime () gmail com wrote:
a customers server got hacked.. binary in tact, seems like they wereDDoSing.. strings brings up the irc server, channel name, key.. whereis the fbi address where i can send this information to?
The FBI will not take the case unless you can provide concreteevidence that your customer suffered more than $10,000 in losses dueto the intrusion. Failing that, there's nothing the FBI will dounless your customer is very well-connected politically.
I recommend using this this incident as an object lesson indeveloping and implementing policies and procedures for intrusionforensics for your customer. That way, when (not if) the day comesthat you qualify to haul in the FBI, the evidence chain will beunassailable.
- -Jay

   (    (                                                       _______
)) )) .-"There's always time for a good cup of coffee."-.>====<--.C|~~|C|~~| \------ Jay D. Dyson - jdyson () treachery net ------/ | =|-'
  `--' `--'  `-- The only real 'exit strategy' is victory. --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFDlxi5dHgnXUr6DdMRAqdPAKDBKJpD+m2EN7jRBuuXqLnvrjNxSwCbBxMw
gluKaQIUAkWUwlBXOPn/H00=
=iEWj
-----END PGP SIGNATURE-----

--

Letting your vendors set your risk analysis these days?http://www.threatcode.com

Current thread:

hacked server, DDoS bin installed naptime (Dec 07)
- Re: hacked server, DDoS bin installed Val Kaelin (Dec 07)
- Re: hacked server, DDoS bin installed Andrew Sledge (Dec 07)
- RE: hacked server, DDoS bin installed J B (Dec 07)
- Re: hacked server, DDoS bin installed Jay D. Dyson (Dec 07)
  - Re: hacked server, DDoS bin installed Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Dec 08)
  - Re: hacked server, DDoS bin installed RonaldJW (Dec 08)
  - Re: hacked server, DDoS bin installed Paul Robertson (Dec 12)
- RE: hacked server, DDoS bin installed richardcg (Dec 08)
- Re: hacked server, DDoS bin installed -- To put it another way... Ron (Dec 08)
  - RE: hacked server, DDoS bin installed -- To put it another way... richardcg (Dec 12)
  - Re: hacked server, DDoS bin installed -- To put it another way... Thorsten Holz (Dec 12)
  - Re: hacked server, DDoS bin installed -- To put it another way... Rembrandt (Dec 12)
    - Re: hacked server, DDoS bin installed -- To put it another way... Christine Kronberg (Dec 14)
  - Re: hacked server, DDoS bin installed -- To put it another way... Paul Robertson (Dec 12)
    - Re: hacked server, DDoS bin installed -- To put it another way... Ron (Dec 12)

(Thread continues...)