Slashdot Mirror
When The FBI Knocks, A First-Person Account
Ever wondered what happens when your IRC chatter draws the attention of the public servants at the FBI? dilinger writes: "I wrote up a description of what happened to me last weekend. The FBI confiscated my computers for checking out yankees.com, after it had been defaced. If this doesn't make you paranoid, nothing will. :)"
Andres Salomon is a fool for putting his explanation on the net. He should get a lawyer and SHUT HIS MOUTH.
So far, the "everything you say can and will be used againt you" has given the FBI a lot of evidence.
FBI: "Your Honor, I present the following quotes from the defendant's website into evidence. You will see that the defendant in his own words has admitted that he used the Yankee's computer in very irregular in improper ways."
*I'm simply an RPI student, admin, and programmer
(C/perl/whatever) who likes to dabble in cryptography, kernel hacking,
FBI: See, he's a hacker, by his own admission
*I know my way around
FBI: Bragging is typical for script kiddies.
*my initial reaction was "oh shit, someone's pissed about my 30 gig mp3 collection
FBI: The defendant also admits that he pirates music in large quantities.
* I then began a post-mortem inspection; I always find this to be very interesting
FBI: Get's his willies by trespassing. He's a criminal who loves crime.
*The last time I did this, I discovered the intruder had gotten in through...
FBI: The defendant did this on more than one system.
*I first checked port 21 of www.yankees.com, noticing that it was running wu-ftpd-2.6.0;
FBI: The defendant has stated exactly how he hacked the yankee website.
*So, I did a zone transfer of yankees.com (host -l
-t any yankees.com), and noticed an old.yankees.com.
FBI: The defendant admits to yet another trespass command. He is letting us see how his criminal mind works.
*I got no where with this (whether it was due to a firewall, I do not know), so I
returned to my IRC client
FBI: The defendant is describing how he dealt with an obstacle put in place by the yankee sysadmin.
*The entire thing lasted possibly five minutes,
FBI: The defendant is doing some more bragging. It is common among hackers to brag about being able to root a box quickly.
If tits were wings it'd be flying around.
You just need to buy a computer made by G. Gordon Liddy Systems, inc. You know, one of those 9-mm "autoloader" point-and-click devices.
;)
________________________________________
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
PUBLIC SERVANT'S QUESTIONAIRE
Public Law 93-579 states in part: "The purpose of this Act is to provide certain safeguards for an individual against invasion of personal privacy by requiring Federal agencies...to permit and individual to determine what records pertaining to him are collected, maintained, used, or disseminated by such agencies."
The following questions are based upon that act and are necessary in order that this individual may make a reasonable determination concerning divulgence of information to this agency.
1. Name of public servant...............
2. Residence......City.....State......Zip......
3. Name of department, bureau, or agency by which public servant
is employed........supervisor's name......
4. It's mailing address...........City......State....Zip......
5. Will public servant uphold the Constitution of the United States?
6. Did public servant furnish proof of identity?
7. What was the nature of proof?..............
8. Will public servant furnish a copy of the law or regulation which
authorizes this investigation?
9. Will the public servant read aloud the portion of the law authorizing
the questions he will ask?
10. Are the answers to the questions voluntary or mandatory?
11. Are the questions to be asked based upon a specific law/regulation,
or are they being used as a discovery process?
12. What other uses may be made of this information?
13. What other agencies may have access to this information?
14. What will be the effect upon me if I should choose not to answer
any part or all of these questions?
15. Name of person in government requesting that this investigation be
made...............
16. Is this investigation 'general' or is it 'special'?
17. Have you consulted, questioned, interviewed, or received information
from any third party relative to this investigation?
18. If so, the identity of such third parties..........
19. Do you reasonably anticipate either a civil or criminal action to
be initiated or pursued based upon any of the requested information?
20. Is there a file of records, information, or correspondence relating
to me being maintained by this agency? If yes, which?
21. Is this agency using any information pertaining to me which was
supplied by another agency or government source?
22. May I have a copy of that information?
23. Will the public servant guarantee that the information in these
files will not be used by any other department other than the one
by whom he is employed? If not, why not?
If any request for information relating to me is received from any
person or agency, you must advise me in writing before releasing such
information. Failure to do so may subject you to possible civil or
criminal action as provided by the act.
I swear (affirm) that the answers I have given to the foregoing
questions are complete and correct in every particular.
X ____________________________ Date: ________/_________/_____________
Witness:________________________ Witness:__________________________
Authorities for Questions:
1,2,3,4 In order to be sure you know exactly who you are giving the
information to. Residence and business addresses are needed in case you
need to serve process in a civil or criminal action upon this individual.
5 All public servants have taken a sworn oath to uphold and
defend the constitution.
6,7 This is standard procedure by government agents and officers.
See Internal Revenue Manual, MT-9900-26, Section 242.133.
8,9,10 Title 5 USC 552a, paragraph (e) (3) (A)
11 Title 5 USC 552a, paragraph (d) (5), (e) (1)
12,13 Title 5 USC 552a, paragraph (e) (3) (B), (e) (3) (C)
14 Title 5 USC 552a, paragraph (e) (3) (D)
15 Public Law 93-579 (b) (1)
16 Title 5 USC 552a, paragraph (e) (3) (A)
17,18 Title 5 USC 552a, paragraph (e) (2)
19 Title 5 USC 552a, paragraph (d) (5)
20,21 Public Law 93-579 (b) (1)
22 Title 5 USC 552a, paragraph (d) (1)
23 Title 5 USC 552a, paragraph (e) (10)
You can find more interesting information on your rights here: Frog Farm Faq
Last year I got a phone call paired with an email saying that I needed to make an appointment to meet with the Dean of Student Affairs of my smallish liberal arts school (and yes I realize I'm an idiot for even thiking about doing CS at a liberal arts school, but its too late now.)
Anyway I figure its something to do with my grades or something and I go to his office that afternoon. I'm sitting out in the waiting room, waiting for him to get done with whatever he's doing and I picked up one of the newsweeks on the Yahoo DDoS stuff and look at how the mainstream media presents the issue to the average Joe. Then he calls me into the room and tells me that they have evidence that I launched a DoS attack on a "Canadian Website". I am completely dumbfounded. They said that they needed to find out what happened or I would have the FBI knocking on my door.
I'm not script kiddie. Never have been. I have a little bit of an interest in security, but more in the areas of detection and protection, definitely not exploitation. Anyway, they want me to sign forms permitting the school to search my computer. This really freaked me out all these stories of people's equipment being raided flashed by in my head. I almost said no so I could call my parents and a lawyer, because I didn't know if that was the best thing to do, but then I realized I didn't have anything to hide.
So we march back to my dorm room and meet up with the people from the campus Computer Center (Motto: COBOL is our friend) who are going to search my PC. Well we get to my room and they want to have a look at my computer. I opened up a terminal window and their "UNIX guy" sits down stares at the screen for a few seconds then gets back up and asks me to pull up the machines IP address. I type ifconfig and highlight the address for him. Then there's some confusion. They figure out that my rommates Pentium 133 laptop running Win95 has the source address of the attack. I find it funny that their hard evidence thats pointed to me is the source address of a computer that isn't mine and on a DoS attack where it is most likely spoofed. They then start lecturing me for running Linux on my computer. They said they don't support Linux. I said that's great, I don't need support. In fact, I am paid to be their support in the dorms.
Anyway, they confiscated my rommates' computer, who is the classic stupid user, and "searched" it. They claimed that there was a virus on it that did it. You know, those pesky Canadian Website DoSing virii.
I had a meeting with The Dean of Student Affairs later and told him that I thought it was pretty crappy that they accused me basically because they knew I was a geek. He told me "thats what I get for being on the edge of technology". Yeah, that would be a shame for me to learn at an institution of higher learning. Then again, what do I know? I'm just a college student.
---- sonoffreak
A somewhat boring story, but it illustrates my point. I could have turned off on my normal street. I was committing no crime (at least that I was aware of). However, realizing that being anywhere near a crime scene is a bad idea for anybody, I exercised common sense and avoided the scene.
This idiot started doing the very things a cracker would do to a site that had been cracked. Was he breaking the law? No. Was he being smart? NO . The site didn't ask him to do this. He had no authority to do this. He fit the profile of a cracker. He was dumb.
I'd love to learn more about how to crack cell phones - I work in the cellular industry, so it is of some bearing to my job. However, because I work in the cell industry, I have all the tools to turn that knowledge into action, and I'd have a really hard time explaining why I have that gear around (they're engineering prototypes. Honest!). As a result, I don't go to the cell phone cracking sites.
I'm not saying the FBI isn't wrong here. The way our current government conducts itself is shameful. But if I poke at a lion with a short stick, the lion may have been overreacting, but I'm still going to be the one bleeding...
www.eFax.com are spammers
The most irritating thing our friend will find out is that his computer is now evidence. He's not going to get it back any time in the near, or not so near future. See Steve Jackson Games.
Warrents are about the only thing that's actually fairly close to reality in TV crime shows. They aren't hard for the cops to get. Judges don't know any better and take the DOJ/DA's word for it as far as if it's needed.
Kiss your computers goodbye
My roommate and I called the cops my junior year in college, when we found a guy in our suite running an ftp server with kiddie porn.
When the FBI comes to take your computer, you don't get it back. They didn't just take this kid's machine, they took my machine too - since our ethernet ran through the same hub, they were able to extend the search warrant. I got my computer back 2 years later. It's still sitting in my basement, running bsd, like it was before they took it.
Remember, you live in a free society until you don't. Due process for you is going to mean that they will duly detain your computers and schoolwork till it is useless to you.
Shame on you for being so smart.
--
What happens when you outlaw guns
The first thing to keep in mind when the FBI knocks on your door is that you shouldn't talk with them. Don't try and crack jokes or explain what might be going on. Don't answer their questions. Don't say anything other than you want to see a lawyer.
These guys are trained professional terrorists. They have all kinds of behavioral science training and they have experience with PsyOps, which you all should read up on.
I'm glad that this brave hacker has the balls to relate his experience. The FBI wants us to fear them. They are the bad guys, but don't think you are ever in this alone. There are many people out there who don't like the FBI.
It's also important to realize that those of us who are Americans aren't living in some enlightened democracy where the cops are just our good friends because they keep the streets "clean." No, the United States has more cops than any other country and it just completed an expensive effort to militarize the police. If any of you have paid attention to the recent anti-capitalist protests, you can see that they've taken the gloves off. I had friends who were planning for the anti-World Bank demo in Washington, DC last April. The Secret Service broke into their apartment and stole research materials.
In Philadelphia, during the anti-Republican Convention protests, the police sent undercover cops into the organizing spaces being used by activists. Some cops even helped some friends of mine build a float.
So the watchword is: be careful, but don't be afraid.
Someday we'll defeat these guys.
If An Agent Knocks
[ This message does not state or imply an accusation of misconduct by the man dubbed 'bofh', so put those lawyers away. This is an opinion piece -- the events as I remember them. ]
... you got caught."
Heh. I guess we all have these stories. I didn't know the whole story of what happened to me until two years later.
First, I was a student at the University of Waterloo, Canada. Very respected place, top-notch mathematics faculty that actually gives out Bachelors of Mathematics. The Computer Science Club is actually quite famous too. Anywho, U of Waterloo has a co-op program and thru co-op I got a job as a Unix Sysadmin at the Univesrity of Western Ontario, an hour's drive away. Four month contract, then back to school. I fell ill during my work term, and I had to telecommute for the last two months, but I still got stellar marks and a glowing evaluation in the end. During my time there, I spent ten minutes getting help with an SMTP server with a man reputed to be an RCMP (Americans: read FBI) toadie I'll call 'bofh' for reasons that will later become apparent.
Back at Waterloo, I was going thru a bad episode (breaking up with live-in girlfriend), and during spring break I faked a USENET posting. Not a spoof, because I wasn't pretending to be anyone, just a faked "From:" header line. I did it (in the "let's see if I can do it" fashion) by telnetting to a mail server at U of Western Ontario, faking a mail message to be sent to U Waterloo's mail-to-news gateway. The message itself was a public announcement that some newsgroups were going to be banned due to high traffic -- Waterloo had a recent big stink about newsgroups being banned because of a feminist student group complaining about objectionable content (alt.sex.fetish.lolitas somehow escaping their scrutiny). I was successful, even though I misspelled "displatch", so I went back to slouching and playing too much Xpilot.
Next morning, I get a call at home. It's bofh (I still don't know how he got my home number).
bofh: "This is bofh. Did you telnet to port 25 on machine xxxx.uwo.ca yesterday?"
me: "Uh... yes."
bofh: "You'll never touch another machine at Western again. *click*" (that's the exact quote)
Phone rings again.
Peter (of the CompSci Club): "Moses? This is Peter. The Math Department sysadmins are bloodhounding you, but Ian [a friend] found you first. Why are they tracking you down?"
So I told Peter about the mail-to-news business yesterday.
Peter: "Oh Moses, Moses, Moses.
So there was the ritual dragging me out in front of an authority figure, some tounge lashing, and a formal request to have me ousted from the CompSci Club because I was their sysadmin and couldn't be trusted (that was on the record -- off the record, nobody expected me to get kicked out over something so trivial). The CompSci Club said no, the Math Department made a politically safe "no comment," and life continued.
A week later, I'm summoned before the Asst. Dean of Mathematics, whom I'll call W. Seems the U of Western is raising a big stink, and 'something' must be done. I assume he's talking about the "displatch" event. W tells me that I can't return for a second work term at Western, and my marks will be changed to a failure for the term that just went by. I protest that this isn't fair (but actually my knees were shaking like Jell-O). He says he has to think about it. I take the chance to talk to a student ombudsman, who knows about the "displatch" event and he's surprised W. is overreacting. He suggests I approach the Student Disciplinary Committee. When next I'm summoned before W, he suggests that I be failed for the upcoming term; I protest again that I shouldn't fail something that hasn't happened yet, and it will unduely affect my chances at getting a work term somewhere else. I suggest the SD Commitee should get involved, and W threatens to expell me if I talk to the SD Commitee. I break, sorry, I was really scared. I plead that he merely suspend me for the upcoming term. He says he'll think about it. A week later when I meet with him, he tells me that he's come up with a better idea: he'll suspend me for the upcoming term. Can I agree? I point out that I gave him that idea, and I agree. I'm to be taken off the list of eligiable students for job interviews.
A week later I found out I wasn't taken off the list, and I missed three interviews. I was almost punished for not showing up to these interviews, but I badgered and pushed my way thru the department (we called it "Needless Hall") until I met a director. I told him my story to date, and he laughed and agreed to sort things out. So, I was suspended, I accepted a job offer in Toronto (which was bogus, but that's another story), and didn't have enough money to return to school for years. I got a letter from my former employer at U of Western Ontario, saying he was disappointed in me for what I've done. That kinda hurt.
Now... 2 years later, I'm working at a Toronto company, and I'm recognized as that kid who was a sysadmin at the U of Western Ontario. He says he heard what happened, so I tell him my story. He's quiet for a while, and says "That's not what I heard. Everyone at UWO was told that you were using Western computers to steal credit card numbers through the Internet."
Jumping Jehosaphat. No wonder W overreacted. And this must be what bofh ment by "You'll never touch another machine at Western again." It still burns my buns to know that W was ready to expell me when he had not even circumstantial evidence, and he wouldn't tell me what I was accused of nor listen to my side of the story. I won't return to U of Waterloo until W is no longer employed there, but I will still speak highly of it as an educational institution.
It's a frame job that changed my life forever. Thank goodness I turned it into a positive change. My friends still refer to it as the "displatch" event. I'd rather not chase after bofh for justice, beacuse I'm certain he could create some evidence against me (like the firewall logs mentioned above) and the RCMP are likely to believe him because of rumoured student-expelling 'favours' he's done them in the past. Besides, I think the false 'hacker' reputation actually helped in one job interview.
port scanning, DNS lookups (whois, nslookup, etc.) are NOT illegal.
the whole point of the story is one of a very big brother-esque denial of our civil liberties. I see alot of people who know next to nothing about computers in general beyond double-clicking on IE to get an internet connection. Nevermind that they don't know how their own box works - i don't care. But they have begun to vilify those who they do not understand simply because of a few crackers.
This can be directly equated to a situation where you hear about a liquor store that got robbed so, as a curious citizen, you drive by and take a look. Being that you left some small piece of evidence that you were there at all, the FBI or whoever comes back to your house, confiscates your car and questions you. Anyone see anything wrong with this?? Anyone???
unfortunately, hackers' rights are in serious jeopardy right now. I don't see this trend stopping as more and more 'ignorant' individuals get online. they are scared of that which they do not know, and every time they hear that someone is a 'hacker' or knows what they're doing....they will instantly brand them as criminals. The only thing you can do....get a phone number of a good lawyer and make yourself comfortable here in Salem. It's gonna be a looong witch hunt.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume