×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Getting Law Enforcement Action for a Large-Scale Hack?

Cliff posted more than 10 years ago | from the oh-my!-who-do-you-call dept.

Security 721

HeelToe asks: "Two nights ago, I sat down to do a few chores with finance websites and check my mail. To check my mail, I use an ssh connection and read it via mutt. I had already hit Slashdot for my semi-hourly dose of content, but then noticed my ssh client complaining about a difference between its cached copy of the server key and the server key presented, so I started investigation. After figuring out what was going on, I contacted the tech support line for my service provider (Charter Communications) to no avail, as well as the FBI and NIPC, again, both to no avail. There are all these laws and all this hype about enforcing these computer crime laws - what must an end user do to get some enforcement done? Read on for more, much more..." Update: 06/21 19:13 GMT by C :As it turns out, the issue wasn't a hack at Charter but a particularly nasty form of Spyware. Stll, the question is valid, and some of the suggestions already given, have been real informative. Keep 'em coming!

"So I determined that I was connecting to xxx.p5115.tdko.com instead of xxx. I started looking at dns settings. Of course, under Windows, the default is to accept the default dns domain specified by a DHCP server for the PC's ethernet connection. There are settings to disable this, but I hadn't thought about it until now. It turns out, Charter Communications' DHCP servers were infiltrated and were providing p5115.tdko.com as the 'Connection-specific DNS suffix', causing all non-hardened Windows (whatever that means in a Windows context) machines to get lookups from a hijacked subdomain DNS server which simply responded to every query with a set of 3 addresses (66.220.17.45, 66.220.17.46, 66.220.17.47).

On these IPs were some phantom services. There were proxying web servers (presumably collecting cookies and username/password combos), as well as an ssh server where the perpetrators were most likely hoping people would simply say 'yes' to the key differences and enter in their username/password.

Has anyone else seen this type of attack before? Pretty sneaky. I bet it would slip by most people that don't use anything but a web browser. This makes me want to step up my plans to put an OpenBSD firewall in place and allow it as little trust of the outside world as possible, providing more trusted DNS/DHCP services to the hosts on my network. It would be nicer to be able to boot the thing self-contained-and-configured off read-only media and have no writable access to anything from the operating system to totally prevent break-in/tampering.

With respect to the law enforcement issues. I first called Charter, and after 10 minutes on hold was told to submit a report to their abuse account. I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server. I hadn't yet reconfigured my Windows systems because I wanted to collect as much information as possible while the attack was still live. The long and short from the tech support rep was they'd look at it, but couldn't do anything with respect to responding to me about it unless I submitted that report.

I moved on to calling the FBI. The after hours person had no idea what evidence collection procedures I should follow, nor if their office would even be interested in investigation. I was told to call back during business hours. I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. I was told it would be reviewed in the NOC quickly and a decision made about further investigation. The rep answering the phone said to collect any and all information I could think of regarding the attack. I got a response later this morning that their NOC personnel had evaluated the report and decided not to investigate further.

I called the FBI back this morning, only to be told they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars. To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?

With respect to getting some action on any future attacks - what should I do? Who should I call? I'm not a h/\x0r, and I have reasonable investigation skills, but aren't there professionals doing this to uphold the law? What's the point of all those federal laws anyway? Monitoring of third party communications, without the consent of either party; unauthorized access to Charter's systems - the list can go on a lot further depending on the activity happening at those proxying servers. Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?

I found this situation and particular method of attack interesting... hopefully this was fun to read. If you have suggestions for what I should do in the future to handle attacks, I'd love to hear about it!"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

721 comments

frosty (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6255508)

mmmmm

i do it wrong!

Call tech support, but (5, Informative)

aridhol (112307) | more than 10 years ago | (#6255515)

If you can't get the tech support to help, try escalating and turboing [macwhiz.com] the problem. Eventually, you'll talk to someone at the ISP who can or will do something. If not, it's time to get a new provider.

It sucks that the law-enforcement agencies won't help private individuals; however, since it's a company that's being hacked, they should be able to put their resources on it.

Re:Call tech support, but (5, Insightful)

Otter (3800) | more than 10 years ago | (#6255715)

(Wow, 32 comments and no one has told him it's his fault for using Windows?!?)

It sucks that the law-enforcement agencies won't help private individuals; however, since it's a company that's being hacked, they should be able to put their resources on it.

The problem here seems to be this: the company has been hacked and it's the customer researching the problem and trying to get help. The FBI isn't particularly interested in hearing some guy talk about a compromise of someone else's server -- hopefully Charter is dealing with them and the agents shouldn't be keeping you informed of the status of an investigation to which you're basically a bystander.

Sorry, HeelToe, you're being a good guy and did the best you could. Now, it's between you and the ISP.

Study: Females get aroused by both sexes (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6255518)

SUMMARY: A new study confirms what researchers have suspected for some time -- women may prefer to date one gender or the other, but they get sexually aroused by both.

It's no surprise that lesbians like to watch lesbian pornography. But the big news in a new study is that they also get turned on by watching heterosexuals and gay men have sex.

And straight women? They like it all, too.

The findings confirm what researchers have suspected for some time -- women may prefer to date one gender or the other, but they get sexually aroused by both.

Men, on the other hand, aren't nearly as flexible. Straight men like to watch women have sex, and gay men like to watch men. Case closed.

"This may well be relevant to the flexibility of female sexuality. I wouldn't be surprised if this is one reason why women transition more between sexual identities than men," said study co-author Michael Bailey, chairman of the psychology department at Northwestern University and author of "The Man Who Would Be Queen: The Science of Gender-Bending and Transsexualism."

In his study, completed over several years, Bailey and colleagues recruited 69 men and 52 women, both heterosexual and homosexual, to watch two-minute snippets of X-rated movies in a laboratory.

The men hooked themselves up to a rubber-band-like device that detected erections by measuring the thickness of the penis. The women used a small device that shines a light into the vagina and detects reflected light. According to Bailey, the vagina becomes darker during arousal.

The videos featured various types of sex (vaginal, oral and anal) and various types of partners (male-male, female-female, male-female).

The researchers will report their findings in an upcoming edition of the journal Psychological Science. They released an early report this month.

Heterosexual men were most stimulated by watching lesbian sex, followed by heterosexual sex. The gay men responded most to male erotica.

But the women -- straight or lesbian -- tended to enjoy watching all the types of partners have sex. Only 63 percent responded most to sex involving their preferred gender, a much lower number than among the men.

The study findings confirm the experiences of many women who find themselves suddenly developing a new sexual orientation, said Lisa Diamond, an assistant professor of psychology at the University of Utah.

"With women, the experience of sexual attraction doesn't revolve around the gender of the partner as it does around other things," she explained. "Women say, 'I didn't think I was attracted to women , and then all of a sudden, boom!' This fluidity does not appear to be as common among men."

The next step, Bailey said, is to study sexual arousal among bisexuals. Initial research suggests that bisexual men share something in common with straight and gay men -- they're significantly aroused by one gender more than the other.

http://story.news.yahoo.com/news?tmpl=story&cid= 10 1&ncid=1755&e=2&u=/po/studyfemalesgetarousedbyboth sexes

arg! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6255533)

fp!

nothing at all (1)

intermodal (534361) | more than 10 years ago | (#6255539)

My friend was a victim of identity theft last year, and the FBI wouldn't touch it unless he'd been screwed for at least $20,000. Good luck, man! Hope it goes better for you than it did for him.

well, duh! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6255604)

It's a Republican administration.

Re:well, duh! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6255742)

Yeah, a democratic president would have been too busy giving his intern a mouth full to give a rats rear axle about terrorists.

At least our republican president fought the good fight and won. No, he can't talk, and no, he can't spell, but he's doing what it takes, isn't handing our nuclear secrets to the chinese, and has better things to do with his time. Even if he can't ride an idiot proof scooter.

Post it to Slashdot (5, Funny)

ites (600337) | more than 10 years ago | (#6255545)

Which will do two things:

1. you will get realtime help. OK, there are better ways but this is a _big_ audience you have here.

2. post a link to the offending server, and the /. effect will wipe it out.

Re:Post it to Slashdot (1)

tuanjim_2001 (534921) | more than 10 years ago | (#6255638)

Ok that shouldn't be modded as funny. Once you have collected a large chunk of data then post the link to the offending server to /. and let the magic of the /. effect happen.

You don't need the fuzz, baby... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6255546)

You need the black private dick that's a sex machine to all the chicks.

Here's a hint baby: the man's been to my house!

NIPC (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6255547)

you should just called the NIPC http://www.nipc.gov/ and not the FBI.

Re:NIPC (0)

Anonymous Coward | more than 10 years ago | (#6255711)

Read the article. It's right there in the 1st and 6th paragraphs...

In the first:
"After figuring out what was going on, I contacted the tech support line for my service provider (Charter Communications) to no avail, as well as the FBI and NIPC, again, both to no avail. "

In the sixth:
"I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. "

Busted (1, Funny)

Anonymous Coward | more than 10 years ago | (#6255549)

Stoopid P2P Terrorist. It was probably the FBI watching you and you were dumb enough to blab to them that you had spotted their tap. Get ready to drop the soap in the near future.

Money == attention (5, Insightful)

Whammy666 (589169) | more than 10 years ago | (#6255550)

It has been my experience that unless there is some large monetary losses involved, then you're going to have a hard time getting law enforcement to do much of anything. Generally, for simple break-ins, they expect you to handle it yourself (typically contacting the ISP of the hacker).

Are you a large multinational corporation? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#6255559)

Because if not, you're out of luck. These laws were bought to protect monied interests, not the likes of you.

semi-hourly {:-/ (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6255561)

did you mean half-hourly?

This is giving me the cold sweats (5, Interesting)

Glyndwr (217857) | more than 10 years ago | (#6255563)

I bet an attack of this nature turns up an absolute shedload of valuable, confidential information, and I bet there are plenty of pissant ISPs in the world with poorly configured DNS servers too. How often has this kind of attack been found? I'm suddenly real glad I run my own DNS server behind my firewall.

"No financial losses" my ass. Lets see what Visa's customers have to say about that when the logins for half a million credit card e-banking systems get compromised. Hmm, almost makes me wish I could detect a similar attack so we could see what the UK police would do. "Intarweb, sir? Nah, not on our patch, you seee...."

Re:This is giving me the cold sweats (1, Interesting)

Anonymous Coward | more than 10 years ago | (#6255657)

Credit card companies never cared, currently don't care, and never will care until their major customers actually stop doing business that is based on e-commerce security snake oil.

Re:This is giving me the cold sweats (1)

GoofyBoy (44399) | more than 10 years ago | (#6255730)


Off topic and stuff, but how does one go about protecting one from things like this?

If you can't trust your ISP DNS, then how can you even trust your own?

VISA would have been my next call. (5, Insightful)

garyrich (30652) | more than 10 years ago | (#6255734)

*They* will certainly care about a hijacked proxy achiving account numbers and sniffing passwords. Now, when they call your ISP - I bet they would take immediate notice.

No you were running spyware! (2, Flamebait)

Anonymous Coward | more than 10 years ago | (#6255571)

There is spyware which changes your default domain ( overrides DHCP). It's by a company from the UK I can't remember their name. It's your own fault for using IE.

Re:No you were running spyware! (0, Flamebait)

Anonymous Coward | more than 10 years ago | (#6255602)

It's your own fault for using IE.

Shut up, ass.

Re:No you were running spyware! (0)

Anonymous Coward | more than 10 years ago | (#6255677)

Now Now who doesn't love arbitrary code being run on their computer w/o their permission?

Re:No you were running spyware! (0)

Anonymous Coward | more than 10 years ago | (#6255647)

http://www.infotech.siu.edu/csc/howto/windows/spyw are.html

If You're Not Corporate, You're Little People (3, Insightful)

Master Bait (115103) | more than 10 years ago | (#6255572)

...called the FBI back this morning, only to be told they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars.

I really don't know what to say, except what I put in the subject line. The subject was lifted from the famous line in Blade Runner, "If you're not cop, you're little people." These days, money incurrs rights and protection granted by the government. Odd how things have turned out, eh?

Re:If You're Not Corporate, You're Little People (3, Insightful)

realdpk (116490) | more than 10 years ago | (#6255648)

Well, sure, but it's not like the FBI has unlimited resources either. I don't think it's necessarily right to expect them to investigate every little SSH key popup you get, or SSL cert change, etc.

If someone really did hijack Comcast's DNS servers, Comcast ought to be the ones calling, in any case. If you're worried that someone else's DNS servers will be compromised, host your own locally.

use of SSL/SSH (0)

stonebeat.org (562495) | more than 10 years ago | (#6255576)

I use SSH/SSL for only non-sensitive communications. for everthing, i go in person. and that is the most sensibl things to do, after hearing all these stories about identity theft.
we are just NOT there yet! :)

Who did you talk to? (3, Informative)

arcsine (541576) | more than 10 years ago | (#6255578)

I'm not sure if you came off the right way. You may have wanted to ask to talk to a manager at an ISP and explain to them that it wasn't *your* problem, but *their* problem.

Most of the tech support people are used to handling stupid people with simple problems, and probably didn't believe, or realize how bad the actual problem was.

good luck (1)

burninginside (631942) | more than 10 years ago | (#6255583)

but it's not real surprising that law enforcement won't do anything...hell i had my car stolen by a tow company did all the research presented it to the cops & they wouldn't do crap
also as far as law enforcement is concerned cars are still worth more than money

hopefully you'll be able to get something done but honestly i wouldn't hold your breath

Domain suffix fun.. (4, Interesting)

wfberg (24378) | more than 10 years ago | (#6255588)

The domain suffix on windows is fun. It uses the domain name in your hostname as a domain suffix to search as well. One day, I'd set up my windows box as mybox.mydomain.com. Then my ISPs DNS servers stopped working. So when I went to cnn.com, it went to cnn.com.mydomain.com - and I got my very own homepage, even though the address bar in the browser said cnn.com (since *.mydomain.com resolves to mydomain's webserver's IP address..)

I also have my webserver set up so that if you surf to a hostname that doesn't exist, it serves up the google I'm Feeling Lucky page for the hostname.. "Collecting ancient art? Why, I happen to have a website on that, just go to collecting.ancient.art.mydomain.com."

Re:Domain suffix fun.. (0)

Anonymous Coward | more than 10 years ago | (#6255681)

There's an option in the TCP/IP Advanced properties to remove the suffix. Try that.

Re:Domain suffix fun.. (2, Funny)

Jellybob (597204) | more than 10 years ago | (#6255696)

The address doesn't work.

I just get a bunch of stuff about buying domains.

Ratchet the wench some more. (1)

Dark Coder (66759) | more than 10 years ago | (#6255590)

Looks like you are on your own.

There is always DNS-SEC that you (or you brain-dead ISP) can implement

And don't forget the following: POP3S, IMAPS, HTTPS, SSH with AES-512, SMTP/SSL and last but not finally, FreeNet (and definitely not KaZaA).

There's your problem... (5, Funny)

Anonymous Coward | more than 10 years ago | (#6255591)

You called Chater tech support?

It's a wonder they didn't tell you to reboot your modem, reboot your PC and verify that the network card is listed in Device Manager.

That's about all I've ever gotten out of them.

They've got to have some guidelines... (4, Insightful)

TopShelf (92521) | more than 10 years ago | (#6255593)

To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?

So many reasons, it's hard to count! But here's a couple for starters:

1) Your Mitnick example was how evidence was used in court to determine guilt and sentencing. That is a different animal than investigatory guidelines as to which cases should be pursued.
2) The Mitnick thing was years ago, and activity is so much higher now that they might have set the bar higher in terms of what cases to pursue.

Show me the money (1)

jimmcq (88033) | more than 10 years ago | (#6255594)

Unless you can prove that there was over $5,000 in damages, I doubt that you're going to get law enforcement agencies interested in this.

speaking of law enforcement and other agencies... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6255597)

Friday, June 20, 2003 Posted: 12:23 PM EDT (1623 GMT)

PONTIAC, Michigan (AP) -- A city firefighter has been accused of pointing a gun at his wife when she tried to stop him from watching Internet pornography.

Lavoisier D. Washington, 38, of Pontiac, was arraigned Thursday on charges of felonious assault and carrying a concealed weapon. He was released on $5,000 bond.

Fire Chief Wilburt McAdams told The Oakland Press he suspended Washington without pay following the alleged incident on Wednesday morning and will try to fire the eight-year veteran of the department.
Daughter calls police

Reached by telephone Friday, a woman who identified herself as Washington's mother said her son didn't want to comment.

Oakland County Chief Deputy Prosecutor Deborah Carley said Washington's wife confronted him after finding him viewing a pornographic Web site for the second time in as many days.

---------------
"She was especially upset because he was accessing the site while the children were asleep in the same room," Carley said. "She told him she was going to cut the cable to the computer and went to get scissors.
---------------

"He got a gun and pointed it at her temple."

Weapon found
-------------

Carley said the children, who range in age from 11 to 17, awoke during the confrontation and tried to help their mother. A daughter left the house and called police.

Carley said Washington then went to his mother's Pontiac home and tried to hide the gun there. Officers, who arrested him as he walked outside, found a loaded semiautomatic handgun inside.

Re:speaking of law enforcement and other agencies. (-1, Troll)

Jim_Hawkins (649847) | more than 10 years ago | (#6255714)

Haha. Why do I get the feeling that you have been waiting for the first opportunity to post that story. ;-)

Funny shit, man. Guess it goes to show...porn and wives don't mix. (Or porn of wives for that matter...)
wives4fun.com [wives4fun.com]

Escalation? (2, Informative)

kjs3 (601225) | more than 10 years ago | (#6255598)

Did you try to get escalated to a higher support tier or to a supervisor? I've found that generally works as long as you are persistent.

Level 1 support at most ISPs don't have any technical skills. They walk through a series of scripted interactions and weed out the 99% of calls that are simple to solve. Good for the ISP, but bad for the 1% highly technical callers.

It's also possible that there is a specific security group that you could contact. You might have to be persistent to find them, however.

Re:Escalation? (1)

sirdude (578412) | more than 10 years ago | (#6255716)

I would suggest logging EVERYTHING. Give your ISP a chance to rectify matters. Follow their advice to the letter. Push them a bit-urge them a bit.

If you still aren't satisfied, inform them that you will be contacting the press, and ask them cordialy to prepare tehmselves for some negative publicity.

Then call up 10 newspapers, and computeresque magazines and ask tehm if they would be interested in hearing your story. Get some cheap webspace and put everything up there.

*shrug* Most ISPs don't move their arses unless their arses are at risk :P

laterz....

Re:Escalation? (2, Insightful)

taverngeek (88949) | more than 10 years ago | (#6255748)

What you needed to do was ask for the ISP's security dept saying that their systems had been compromised and that their systems were now being used to attempt to compromise your and presumably other customers data.

The laws are tools.... (0, Flamebait)

raehl (609729) | more than 10 years ago | (#6255599)

To protect corporations from having to spend money on real security.

semi-hourly dose of content ? (0, Flamebait)

Rosco P. Coltrane (209368) | more than 10 years ago | (#6255611)

I had already hit Slashdot for my semi-hourly dose of content

It takes your half an hour to find the content in Slashdot ?

Re:semi-hourly dose of content ? (0)

Anonymous Coward | more than 10 years ago | (#6255745)

I had already hit Slashdot for my semi-hourly dose of content
It takes your half an hour to find the content in Slashdot ?


Since when is there content at Slashdot?

Well, you have done some good here already. (4, Insightful)

OwnerOfWhinyCat (654476) | more than 10 years ago | (#6255613)

Every admin who has been reflexively typing 'yes' to the

The RSA host key for yoursite.com has changed, use new key?

prompt is now shuddering to think how many passwords s/he might have handed the "Man in the Middle."

Good Job.

Re:Well, you have done some good here already. (5, Informative)

aridhol (112307) | more than 10 years ago | (#6255706)

Of course, that only affects those who use passwords for SSH. I generally prefer RSA user authentication. One of the reasons is laziness - I only have to enter my key's password once, and it authenticates to SSH servers for me. And, of course, there's security. Because I don't enter my password over the wire, there's no way for it to be intercepted.

Contact the police local to the offenders (5, Interesting)

c0d3h4x0r (604141) | more than 10 years ago | (#6255616)

Lookup the IP registrations, find the owners' locale, and then contact that local police department. Tell them a federal crime (felony) is being perpetrated on a grand scale, and that you need to speak with someone with extensive computer/internet/technical knowledge to report all the details.

F*ck the police (5, Insightful)

LS (57954) | more than 10 years ago | (#6255617)

The computer police too. I've been mugged, robbed, and assulted multiple times in my life, and the police were never interested in helping. My car was just broken into, and I had $4000 in computer equipment stolen out of it. I called to file a report and have them come down and dust for prints, and they said that they can't send anyone down.

Of course, I've been stopped and harrassed by cops on a number of occasions. My brother gave me a small cut in a fight that required stitches, and they investigated my parents for child abuse. I've been accused of possessing marijuana for having a tomato stem in the cup holder of my car. I have to drive through a police checkpoint every day on the way back from work on highway 15 in San Diego. After I hit a spare tire that flew off the back of a car in front of me, the police officer wanted to write me a ticket because he was upset that he had to drive out a take a report.

I'm a law abiding citizen without a mark on my record, and I can still say: fuck the police

LS

Read the Cuckoo's Egg. (5, Interesting)

Jon Abbott (723) | more than 10 years ago | (#6255621)

The book Cuckoo's Egg [amazon.com] by Cliff Stoll deals with this issue specifically... Someone kept hacking the author's computers at Lawrence Berkeley National Labs (coincidentally, that makes twice [slashdot.org] in two days that I've mentioned a National Lab on slashdot), and he has to convince the authorities that it is truly worthy of investigation... The FBI points him to the CIA, the CIA points him to the FBI, so a lot of the story deals with the social engineering required to get the authorities to actually listen. It's really a great read, and you can find used copies on Amazon for a penny.

What can you do? (2, Insightful)

EZmagz (538905) | more than 10 years ago | (#6255622)

There are all these laws and all this hype about enforcing these computer crime laws - what must an end user do to get some enforcement done?

Honestly, unless you're a big corporation (or at least a company with some legal weight), there isn't much you can do. Sounds like you persued some of the right avenues to go through, but from what I've seen, read, and heard, individual civilian complaints don't bring a lot of action. If you were the FBI and had very limited staff resources, and you were presented with the task of either:

helping a sole individual who had his box cracked, or

a company like eBay, who hypothetically just had their credit card db broken into and copied,

which would you go for?

Maybe I just have a pessimestic attitude towards our beautiful US government. It seems that the average joe doesn't have a lot of recourse againt stuff like this though. Hopefully our fellow /.'ers will provide stores proving me wrong. That might instill a bit of faith in my weary bones.

The Point of all those Tech Laws (5, Insightful)

huckamania (533052) | more than 10 years ago | (#6255626)

They are there to protect businesses and the government itself.

This is a disturbing trend in the United States of Lawyers and short of a revolution there is not much that can be done to reverse it. Just look at the article from yesterday where Oral Hatch wants to exclude copyright owners from anti-hacking laws so they can destroy a personal computer. It's sad and scary.

What the USL needs is a new Bill of Rights that protects people from corporations.

The Irony.... (4, Insightful)

Picass0 (147474) | more than 10 years ago | (#6255628)

.... what is funny here is how the Fed spends soooo much energy collecting powers over the internet that it has no idea how to use.

I think sometimes that the internet might be too big for them in it's present form. Better to break it and build something new! Something where Disney can get a signoff.

These laws are not made for you! (1, Funny)

Anonymous Coward | more than 10 years ago | (#6255632)

These laws were enforced by lobbists with THEIR and not YOUR money. So you have no right to take advantage of these laws :)

Sorry... (1)

dauvis (631380) | more than 10 years ago | (#6255633)

(at the risk of sounding cynical) but those laws aren't meant to help Joe Average. They are meant to protect MegaCorp from Joe Average. It's amazing how someone can go to prision for snooping in a company's files. But on the other hand, if it was some cracker redirecting an ISP traffic to steal passwords, it isn't worth investigating.

RISKS (5, Informative)

kzinti (9651) | more than 10 years ago | (#6255634)

I can't help you with getting the attention of law enforcement or the service provider, but when all is said and done, I bet Peter Neuman at the ACM RISKS Digest [ncl.ac.uk] would love to publish your story. The RISKS readers would be interested in the original hijacking, and just as interested in the lackadaisical response by those who could do something about it. The risks posed by both problems are the forum's reason for being.

LOP.COM (2, Informative)

Anonymous Coward | more than 10 years ago | (#6255639)

look it up, it matches the IPs. they're spyware. looks like they're doing some serious assholish stuff

Don't call the feds (1)

Kagato (116051) | more than 10 years ago | (#6255640)

The problem with the FBI is they are all about making a name for themselves. They have no desire to get involved if there isn't a major loss. Even when they do, often they will go about it all half cocked.

Very interesting.... (2, Funny)

arf_barf (639612) | more than 10 years ago | (#6255642)

Is this an encouragement to hacking? I guess the moral of the story is that as long as the loot is below 10K, itâ(TM)s fairly safe for the hackers :-)

Tell Slashdot . . . (0)

Anonymous Coward | more than 10 years ago | (#6255644)

We the people of slashdot clearly have the power to change these things. That's why you see fewer and fewer complaints about various issues as time goes on.

Seriously though, cool! It's always nice to read somebody's intelligent well written account of their intelligent and clever use of a computer to do anything cool.

Douglas Adams gave a good answer for this... (4, Insightful)

Nemus (639101) | more than 10 years ago | (#6255649)

Apprently this problem is protected by a SEP shield(Somebody Else's Problem). Simply put, it doesn;t affect these people directly, so they could give a wingnut less.

As much pomp and posturing as some of these organizations do, in my experience, the FBI guy you talked to was right: unless its a big company that has the cash to sue the government for not enforcing the laws, or at least raise a stink about it, these organizations will do nothing.

The reason for this, as I see it, is that most of the legal side of this stuff is handled at a federal level. So if only say, 100 people or so are affected, they're simply not going to waste their time on it. The only solution I could see to this problem is that, once the general populace becomes better educated to whats out there and what all this "fancy internet stuff" means, there is the possibility that smaller, more municipal "cyber crime" organizations may spring up, to deal with complaints coming from people in their municipality. Until then, its a jungle out there, and its every man for himself.

Re:Douglas Adams gave a good answer for this... (1)

meringuoid (568297) | more than 10 years ago | (#6255713)

And C-3PO gave a good solution.

R2D2! You know better than to trust a strange computer!

This is standard (4, Informative)

alienw (585907) | more than 10 years ago | (#6255652)

This is a very standard type of attack and a standard FBI response. FBI damage trigger is $5,000 IIRC. If the ISP calls the FBI, they can get the ball rolling. You can't, and frankly it's none of your business since it's the ISP server that got hacked. I wouldn't do anything beyond calling the ISP. You can't claim financial losses, because you didn't lose any money directly as a result of this hack.

This Is The Way It Is (0)

Anonymous Coward | more than 10 years ago | (#6255654)

I have a client that has been hit 4 times by someone using stolen credit cards to order. 3 were near each other and, of course, weren't discovered till months later when the brainless credit card holder suddenly realized their card was stolen. We shipped the products in each case, since the card was valid, passed AVS (which is a joke) and went through. Now, the same individual is ordering from us again with a stolen credit card. They are expecting delivery. They could be arrested on site. If anyone gave a damn. The LAPD only have one person that handles this type of crime and aren't permitted to go nab anyone (what use is that)? The FBI takes a submission online, but noone knows if it gets looked at. Blah blah...

The bottom line is that you can pretty much make a living off stolen credit cards and fraud. As long as you keep each order below US$400, noone will bother you. You'll just end up screwing lots of online businesses.

I think he didn't use enough sarcasm with support (1)

confused philosopher (666299) | more than 10 years ago | (#6255655)

"I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server."

I'm sorry sir, you'll have to submit that report by email before we can do anything for you.

But I can't send you the email, because I don't even have access to my mailbox!

I'm sorry, thank you for calling, have a nice day. *click*

That is totally bogus that the FBI wouldn't handle this. The NIPC is totally worthless.

Something similar happened to me once (1, Funny)

PhysicsGenius (565228) | more than 10 years ago | (#6255658)

As you are probably already aware, I run one of the biggest nuclear (research) installations in the US. This means that I have to be constantly on the lookout for security issues. Well, like you, one night I noticed a hack in progress. Some guy was trying to gain access to our plutonium containment facility computer. I was on the phone to the FBI ASAP, as you can imagine. They gave me some similar runaround, so I decided to do a little investigation myself. I ran some pings, traceroutes and a couple of items I have in my toolkit (proprietary, so please don't ask) and figured out where it was coming from.

cia.gov!!

You can bet I shut my PC down and walked right out of there and never mentioned this little incident again until now. BTW, this was in early-to-mid September, 2001.

Purpose (0)

Anonymous Coward | more than 10 years ago | (#6255659)

Are these laws just tools to oppress unpopular computer criminals

Yes.

Attack (1)

KarmaOverDogma (681451) | more than 10 years ago | (#6255661)

Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?

My Guess based on the national focus on Terrorism is yes: unless something really sticks out, we are considered small fry. The FBI simply considers it not to be worth their while.

I'd reccommend finding someone with a lot of clout to back you up with getting an investigation. I know time is/was most likely of the essence here with getting quicker investigations and results, but you could write a letter to the company's VP or such, explaining how this attack affects their image as a whle, future liability, etc.

My two cents :/

FBI magic number (1)

octalgirl (580949) | more than 10 years ago | (#6255662)

FBI magic number is $5,000.00. If you can't claim at least that much in damages, they won't bother. Over 5K becomes a federal crime.

Re:FBI magic number (1)

mabu (178417) | more than 10 years ago | (#6255722)

Doesn't matter. I had an associate claim over $100,000 in damages, with detailed logs and everything. They opened a case file, but couldn't get the D.A. to prosecute. Most of the Feds know very little about computer crime and the District Attorneys know even less, and don't seem interested in prosecuting these types of hackers... I guess they'd rather go after someone who digs a computer manual out of a dumpster or something.

Call them Terrorists (5, Insightful)

Alan (347) | more than 10 years ago | (#6255664)

I say this only partially in jest, but maybe try contacting the dept of homeland defense, or GWB himself or something. Call it terrorism, they'll be shut down faster than you can say "foo".

Seriously though, with the increase in the gov't involvment and crackdown on cyber terrorism (or they say there is) isn't this a prime candidate?

That said, it's scary that the ISP doesn't seem to give a fark about this. If I was in charge of their security I'd be fixing this as quickly as possible, not letting my company's customers continue to use a compromised service. Wouldn't it be considered negligence to allow your customers to continue using a server you know to be compromised (ie: not changing the DHCP server back, or simply shutting down all access)? Personally I'd much rather loose my net access for a bit while this is cleaned up than my ISP knowingly let me proxy through sniffers and password grabbers.....

http://www1.ifccfbi.gov/index.asp (2, Interesting)

Hollinger (16202) | more than 10 years ago | (#6255673)

Go to http://www1.ifccfbi.gov/index.asp and file a complaint. They'll follow up.

Do what I did. (-1)

Seth Finklestein (582901) | more than 10 years ago | (#6255678)

A few years ago, the Censorware Project, one of the most important sites on the entire Internet, fell prey to the most grave injustice ever. Michael Sims, a pear-shaped mother's boy who lives in his parent's basement watching porn and wearing Adbusters t-shirts like he's some kind of counterculture revolutionary, took my web site and destroyed it. It was, in a word, goatse'ing [slashdot.org].

I'd like to read from my journal about the prosecution that followed.

As I awoke at 8:15 AM on the day in question, my first item on the ol' agenda was to check on my web site, "The Censorware Project." I went to my computer, punched in www.censorware.org into Mozilla (not Internet Explorer) and depressed the "Enter" key on my computer's key-board.

"The Censorware Project," it said, "is now closed."

Knowing my rights [aclu.org], I immediately dialed 911. There, I spoke to some clueless cop. I don't even know whether he knew who I was (Seth Finklestein) or what a "web site" was. He was probably too busy eating doughnuts and watching Jerry Springer.

After that debacle, I immediately called the ACLU, the FBI, the CIA, and the Army Corps of Engineers. Nobody wanted to help me. Finally, I was forced to take Michael Sims to court. I sued him for murder in the second degree (a web site can't be considered a person, so I couldn't make him fry for his actions) and criminal negligence. Lawyers are just overpriced nerds, so I decided to represent myself.

The judge said the most ignorant, hateful words I have ever heard at the pre-trial hearing. "Your web site," she explained, "was not 'murdered.'" She even did the "air quotes" thing! She was talking down to me! Me, Seth Finklestein! I tried to yell back at her, but these awful Negroes dragged me out of the court room.

Now I sit here, at my high-paying job, plotting revenge. And you will get yours, Michael Sims. I guaran-fucking-tee it.

Feds don't help (1)

mabu (178417) | more than 10 years ago | (#6255679)

An associate of mine had his server broken into. He clearly documented exactly what was done and prepared a detailed report with everything cross-referenced to the FBI. The activity was clearly malicious and illegal. The FBI opened a file and sent agents to meet with him. Even though the perpetrator of the crime had been identified (down to his cell phone number, place of employment and everything), the FBI presented the case to the D.A. for prosecution and the D.A. refused to take the case. Money was a major factor. Because my associate was quick to discover the compromise, and therefore reduce the damages to his system and his clients, the monetary damage was minimal. Nonetheless, the authorities refused to take criminal action against the perpetrator even though the whole case was laid out in front of them. His experience indicated that law enforcement was more about money than law.

Are you sure they were hacked (1)

MerlynEmrys67 (583469) | more than 10 years ago | (#6255685)

I can see an ISP "Infrastructure upgrade" doing something like this.

They want everyone to go through their proxy servers, they just hand them out as IP address. I am assuming however that these addresses were not on the local ISP control (you did a traceroute to them and found that they were located in china or something). Of course if that happened, the throughput on their machines would go to hell as everyone starts bouncing packets through the world to get to their destination.

The intersting thing, if the company DID do this as an infrastructure upgrade, I don't see them advertising it to their custommers either, ass 99.999 percent of them would have no idea what they were talking about.

Charter.com (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6255686)

Charter.com (and charterpipeline.com) are spamming fuckwits. They refuse to respond to spam complaints and their users probe my networks.

They are a rogue isp.

calling the FBI... (0)

Anonymous Coward | more than 10 years ago | (#6255687)

I noticed that the poster said that they called the FBI... Does someone have that number handy? On the FBI's site, all I can find is a web form to post "tips" to. Thanks!

What must an end user do to get enforcement done? (0)

Anonymous Coward | more than 10 years ago | (#6255688)

Be the cracker?

I think it's safe to assume (0, Redundant)

tarquin_fim_bim (649994) | more than 10 years ago | (#6255697)

.. that it was the Feds spying on you, usually they manage not to get rumbled. Now though, you will have infiltrate their system to see what they've got on you.

Goes to show ya.. (1)

jontas (663406) | more than 10 years ago | (#6255701)

I learned a valuable lesson here. The next time I'm going to steal from someone, I'll just make sure I take less than $5,000

I ran into similar barries when [it's a long story] I was scammed out of $1200 on the internet.

After much talk with the FBI, local police, and FCC I learned that stealing from people is perfectly OK as long as you don't take too much..

When nobody can help... (1)

koh (124962) | more than 10 years ago | (#6255704)

Help yourself.

It's no wonder that the FBI won't spend time on this. People DNS-poisoned like the submitter must abound these days, and if the federal agency investigated all such cases, its activity would grind to a halt, which Administration doesn't want, unless I'm mistaken.

Install your own DNS server. Under a good linux distro it takes no time if you know how to do it, two hours if you have to RTFM and understand it beforehand.

Under Windows I heard it's nastier though, with requirements for Active Directory (uh ?) and admin access to the PDC.

If you can spare a outdated box at work, consider installing a DNS on it and use it from your own box.

Such attacks will be more difficult to perform on you then.

When I ran a small ISP (4, Interesting)

astrashe (7452) | more than 10 years ago | (#6255705)

When I ran a small ISP, our experience was the same. The law enforcement people didn't do anything for us.

It was strange, because the FBI had actually sent a couple of agents to our office to introduce themselves, pass out business cards, and the like. But when we had trouble, we called them up and those guys basically said, "there's not much we can do."

When the agents introduced themselves, they gave us a questionaire to fill out, and there was a question about encryption -- had we noticed anyone using it?

The questionaire (which I didn't complete), and the lack of response when we actually needed help, sort of soured me on the beaureau. The agents were nice guys, and I had the feeling that they were sincere when they were talking to us, but the organization itself didn't seem to be too helpful.

I don't really have a problem with them paying more attention to hacks on major e-commerce sites or banks than on my little ISP (which has long since been sold). The reality is that there's so much cracking going on, and it's so hard to track it down, that chasing small incidents isn't really practical. If a big ecommerce site gets cracked, a lot of people get hurt, the situation is really different.

The lesson that I learned is that you're basically alone when you get attacked. No one cares, and no one will help. Your ISP won't do anything, law enforcement won't do anything, and your customers will be incredibly angry with you. The only way to deal with it is to do whatever you can to secure yourself up front.

Get yourself an attorney (1)

FooBarney (253298) | more than 10 years ago | (#6255718)

If you want to put pressure on the government, what you need is a good attorney. The FBI and local law enforcement might be liable civilly for failing to respond to your complaint. You probably wouldn't win, but the spur of such a lawsuit would probably be enough to get a little action on your part.

If you really care about it, I'd talk to a civil litigator or IP attorney with experience in dealing with federal law enforcement. It won't be cheap, of course (good lawyers never are), but the Powers That Be will be a lot more helpful to someone with a J.D. behind his name.

Short of that, I think you're better off protecting your network and moving on. Good luck!

ping away boys (0)

Anonymous Coward | more than 10 years ago | (#6255719)

I just set my office comps (all 27 of them) to ping the IPs non-stop until i turn them off... which will be monday morning.. every one, join in. /. effect to the max

Non enforcement (1)

mjmalone (677326) | more than 10 years ago | (#6255723)

From my days on IRC (sorry) I can tell you that the vast majority of internet crime is not investigated or persued. Most companies just don't give a damn, and the FBI is not likely to take a case unless it is high profile (go politics). I have known people who have been caught hacking DoD and Nasa computers only to recieve a phone call form IT personnel politely requesting them to stop doing so. Your best choice is to do just what you did, inform your ISP (who will most likely try to keep it on the DL so as not to alarm costomers) and attempt to inform law enforcement if you really care/have the time. Best of luck.

Excellent way to get this investigated (1)

cheezus_es_lard (557559) | more than 10 years ago | (#6255726)

Post it on Slashdot! ...err

But really, this seems to be a large-scale scam, not a single-user hack, and since they seem to be gleaning identity information, one would think the FBI would be interested, at least a little.

FBI miss informed you (1)

linuxislandsucks (461335) | more than 10 years ago | (#6255732)

FBI fibbed again..

You are repat allowed to to charge for time cleaning up an infected system as a loss counted under federal computer hakcign laws..

Read the Mitnick Trial transcript fro proof..

FBI inept as usual..

Step by step instructions.... (1)

DailyGrind (456659) | more than 10 years ago | (#6255733)

Step 1: Go to something call the "fridge"
Step 2: Open door
Step 3: Take out something called a "beer"
Step 4: Open can / cap
Step 5: Drink it
Step 6: Pat yourself on the back for posting, by far, the nerdiest post this year AND getting it past the editors.
Step 7: Repeat Step 1: through Step 5:
Step 8: Pat yourself on the back for killing your ISP's business.
Step 9: Repeat Step 1: through Step 5:
Step 10: Goto Step 9:

Job well done! And I actually mean that!

don't pay any attention to this reply (1)

tankdilla (652987) | more than 10 years ago | (#6255735)

as a person that knows how to use a computer, i find this appalling. as a person that knows a little about this kind of stuff, i find this information unsuprising and a little reaffirming. I mean really, looking for cyber-law enforcement is like lookin for the drunken sheriff. It's just not really there all the time. Law enforcement is needed when Jon. E. ComputerUser has been compromised, but it's seldom there. When Jean Pierre Corporate needs help, it's 'calling all cars, there's a hacker on the loose!' The best advice is to at least be informed of what can happen and try to take countermeasures (on your behalf, not necessarily strike back...unless u can =^D ). The Internet is really the 'Wild Wild West.' Better strap up and protect.

Not a hack of my PC, but... (1)

druxton (166270) | more than 10 years ago | (#6255739)

I had an interesting spam last night - it came from Best Buy Customer Service, and warned that my credit card number may have been leaked. It asked me to go to their web-site to check. Well, surprise, the web-site wasn't from Best Buy, although it represented itself as such and most of the links on the home page did point to Best Buy pages. Another surprise was that the check for fraud page asked me to enter my credit card number and other ID so they could check to see if my account had been hacked and my card number stolen.

That's the first one of these I've seen, and I'm sure it will catch some people (although they won't catch many in my area - no Best Buy within 500 miles). I also didn't have much success reporting it.

Full marks for creativity, but pretty high on the scumbag scale.

Welcome to the real world of police enforcement (0)

Anonymous Coward | more than 10 years ago | (#6255749)

Welcome to the real world of crime. My grandfather had an outboard motor stolen worth a couple grand - the cops showed up, took a look, wrote up a report.

Thats it. End of story.

Same thing for my future parents in law - they had a break in at their cabin. The police showed up, 8 hours after the call went in, took a look around, wrote a report, and thats it.

If its not a murder, Martha Stewart, or Pete Townsend they don't care too much.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...