Re: [PEN-TEST] Implications for "Looking around?" [FBI confiscation of allegely curious student]

[Bill Pennington <billp () SUBDIMENSION COM>]

I read this last night and must admit I am in a bit of a quandary.

First off "if" the RIP student's story is correct I do not believe anything
he did was illegal, however I can see why the FBI would think that it was
suspicious. From the FBI point of view they feel that they need to track
down the person that committed the defacement and bring him/her to justice.
The RIP student certainly put himself into the suspect category by his
actions. I do not think people would have a problem with the FBI in this
case if they would have come in, done an interview and gathered forensic
evidedence and left. I am sure you could do a hard drive dump, burn copies
of CDs and an interview in a few hours. Then this student could go back to
working on getting an education and if he proves to be innocent then no harm
is done other than wasting everybody's time.

One thing that keeps entering my mind is the confiscation of his CD's that
contained MP3s and porn. The FBI stated that they needed to check it for
kiddie porn. OK that's great but what does kiddie porn have to do with the
yankees.com defacement? I get scared when the FBI can get a search warrant
on a person when it "appears" that they have done nothing illegal, then use
that warrant to dig through their stuff and find something they have done
wrong. I thought search warrants where supposed to be narrow in focus? Am I
wrong?

On another note when did web site defacements become a federal crime worth
this much investigation? I was told by an FBI officer that the FBI will not
get involved until the monetary lose goes above 10k. I can't see how a web
site defacement can cost that much. Smells like a publicity grab to me.

Note: I did not see the defacement I only assume that it is like the 900
other defacements that get posted everyday to attrition.org. A simple file
copy and you are back in business. It seems like the FBI could be very busy
if it monitored attrition.org and went after every web site that gets
defaced in the US.

I feel for the FBI guys I really do. They are between a rock and a hard
place. Then are way outgunned when it comes to technical expertise and
therefore have to trample all over people to get anything done. I think the
readers of this list could probably develop a system that would make the
FBI's job a lot easier (as far as evidence gathering for computers) and make
everyone feel "a little" better after a search, at least they could still
have their computer.

Sorry for the rant I have not had my coffee yet. :-)

-Bill


----- Original Message -----
From: "DA Smith" <deb () sandstorm net>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Wednesday, November 01, 2000 8:09 AM
Subject: Implications for "Looking around?" [FBI confiscation of allegely
curious student]


> This has been posted to Slashdot and I saw one very good comment on
> Nanog about this.  It bothers me, on the PEN-TEST level as many of us
> started out by simply looking around.  And, from reading posts here
> and on Bug-Traq, still do.  (The person in question details exactly
> what he did).
>
> "FBI confiscates computers of "curious" RPI student in aftermath
> of the yankees.com hack: Sounds like Operation Sundevil all over
> again (that one having gone down under SS direction):" from the Nanog
> post.
>
> http://www.kuro5hin.org/?op=displaystory;sid=2000/10/31/0481/1037
>
> The comments on Slashdot can be found at:
>
> http://slashdot.org/articles/00/10/31/025228.shtml
>
> It also reminds me of Steve Jackson's problems a few years ago.
>
>
> -Deb
> (Of course it's soley my opinion, and no one else's whom I may work
> for or associate with, etc.  Sheesh. Who's opinion could it be?)