[lug] Reporting an Intrusion
D. Stimits
stimits at comcast.net
Tue Sep 13 11:47:59 MDT 2005
...
> Anyway, now I'm pissed off. I can report the intrusion with evidence from
I don't blame you at all...I report people to their ISP if they even
attempt to get into my system (and ISP's do respond to this).
> my logs to the ISP, but I'd like to use a little more force. Since
> breaking into a computer is a federal crime, is there a law enforcement
> agency I should report this to, like maybe the FBI? Before I go off
> half-cocked, what's the proper procedure in terms of reporting and
> collecting evidence so that there's a chance of getting a conviction
> should I be able to get any authority to do anything about this?
One thing you probably should be aware of...a lot of the attacks are
launched from other rooted machines which were unsecured. Even if the
evidence does lead to the machine which did the break-in, you might only
be looking at another victim. Let's suppose that you can't get a
conviction out of this, possibly because the attacker is relaying via
another victim that can't be tracked: You still provide data to track
the site of the original attack, each machine that is tracked down
provides data to point at the real attacker. So you might just get their
ISP to shut them down for being hacked and a threat, but the data will
go towards finding whoever really is responsible (assuming more people
turn in data that can be cross-referenced). If you get someone with a
cracked machine to stand up and take notice that they're part of a
crime, you'll have just improved the Internet by making someone see the
need for better admin.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list