[lug] Reporting an Intrusion

D. Stimits stimits at comcast.net
Tue Sep 13 11:47:59 MDT 2005


...
> Anyway, now I'm pissed off. I can report the intrusion with evidence from 

I don't blame you at all...I report people to their ISP if they even 
attempt to get into my system (and ISP's do respond to this).

> my logs to the ISP, but I'd like to use a little more force. Since 
> breaking into a computer is a federal crime, is there a law enforcement 
> agency I should report this to, like maybe the FBI? Before I go off 
> half-cocked, what's the proper procedure in terms of reporting and 
> collecting evidence so that there's a chance of getting a conviction 
> should I be able to get any authority to do anything about this?

One thing you probably should be aware of...a lot of the attacks are 
launched from other rooted machines which were unsecured. Even if the 
evidence does lead to the machine which did the break-in, you might only 
be looking at another victim. Let's suppose that you can't get a 
conviction out of this, possibly because the attacker is relaying via 
another victim that can't be tracked: You still provide data to track 
the site of the original attack, each machine that is tracked down 
provides data to point at the real attacker. So you might just get their 
ISP to shut them down for being hacked and a threat, but the data will 
go towards finding whoever really is responsible (assuming more people 
turn in data that can be cross-referenced). If you get someone with a 
cracked machine to stand up and take notice that they're part of a 
crime, you'll have just improved the Internet by making someone see the 
need for better admin.

D. Stimits, stimits AT comcast DOT net



More information about the LUG mailing list