Re: How do you become a Cyber Bounty Hunter?

[Jimi Thompson <jimit () myrealbox com>]

All,

Without access to the zombie carrying out the actual attack, you have 
exactly 0% chance of backtracking.  Even with access to the zombie, 
you still need a LOT cooperation from the ISP that the zombie is 
living on and you had better hope that their logging, etc. is in 
order.  In all probability, the zombie you are back-tracking from 
will just point back to another zombie, ad nauseam.

Microsoft is exactly right in the approach.  Most of the people brag 
about what they "accomplished", and this is precisely how they get 
caught.  Offering a bounty will give financial incentive to those who 
have been bragged to, to make a phone call.  I wonder how much gear 
you can buy with the bounty for Blaster?

Jimi

At 11:09 PM +0000 11/6/03, C Ryll wrote:
> After a discussion with some people regarding Microsoft's two posted 
> bounties, I understand that cyber bounty hunters are actually 
> available for hire by companies. I am curious what knowledge base, 
> or experience, this type of independent position would require. 
> Where would you obtain this form of security knowledge? Given that 
> MAC and IP can both be spoofed, and that victim systems are often 
> used to launch some attacks, how do you actually get back to the 
> original source?
>
> Note that I am not talking about fundamental security knowledge 
> (I.e., how to secure a system, or determining if/what was on the 
> system), but how to trace back to the origin of the attack while 
> knowing that the IP and MAC are most likely spoofed and/or attacks 
> rerouted.
>
> Respectfully,
> Carolyn.
>
> _________________________________________________________________
> Frustrated with dial-up? Get high-speed for as low as $26.95. 
> https://broadband.msn.com (Prices may vary by service area.)
>
>
> ---------------------------------------------------------------------------
> Network with over 10,000 of the brightest minds in information security
> at the largest, most highly-anticipated industry event of the year.
> Don't miss RSA Conference 2004! Choose from over 200 class sessions and
> see demos from more than 250 industry vendors. If your job touches
> security, you need to be here. Learn more or register at
> http://www.securityfocus.com/sponsor/RSA_pen-test_031023
> and use priority code SF4.
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------