Slashdot Mirror
Getting Law Enforcement Action for a Large-Scale Hack?
"So I determined that I was connecting to xxx.p5115.tdko.com instead of xxx. I started looking at dns settings. Of course, under Windows, the default is to accept the default dns domain specified by a DHCP server for the PC's ethernet connection. There are settings to disable this, but I hadn't thought about it until now. It turns out, Charter Communications' DHCP servers were infiltrated and were providing p5115.tdko.com as the 'Connection-specific DNS suffix', causing all non-hardened Windows (whatever that means in a Windows context) machines to get lookups from a hijacked subdomain DNS server which simply responded to every query with a set of 3 addresses (66.220.17.45, 66.220.17.46, 66.220.17.47).
On these IPs were some phantom services. There were proxying web servers (presumably collecting cookies and username/password combos), as well as an ssh server where the perpetrators were most likely hoping people would simply say 'yes' to the key differences and enter in their username/password.
Has anyone else seen this type of attack before? Pretty sneaky. I bet it would slip by most people that don't use anything but a web browser. This makes me want to step up my plans to put an OpenBSD firewall in place and allow it as little trust of the outside world as possible, providing more trusted DNS/DHCP services to the hosts on my network. It would be nicer to be able to boot the thing self-contained-and-configured off read-only media and have no writable access to anything from the operating system to totally prevent break-in/tampering.
With respect to the law enforcement issues. I first called Charter, and after 10 minutes on hold was told to submit a report to their abuse account. I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server. I hadn't yet reconfigured my Windows systems because I wanted to collect as much information as possible while the attack was still live. The long and short from the tech support rep was they'd look at it, but couldn't do anything with respect to responding to me about it unless I submitted that report.
I moved on to calling the FBI. The after hours person had no idea what evidence collection procedures I should follow, nor if their office would even be interested in investigation. I was told to call back during business hours. I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. I was told it would be reviewed in the NOC quickly and a decision made about further investigation. The rep answering the phone said to collect any and all information I could think of regarding the attack. I got a response later this morning that their NOC personnel had evaluated the report and decided not to investigate further.
I called the FBI back this morning, only to be told they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars. To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?
With respect to getting some action on any future attacks - what should I do? Who should I call? I'm not a h/\x0r, and I have reasonable investigation skills, but aren't there professionals doing this to uphold the law? What's the point of all those federal laws anyway? Monitoring of third party communications, without the consent of either party; unauthorized access to Charter's systems - the list can go on a lot further depending on the activity happening at those proxying servers. Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?
I found this situation and particular method of attack interesting... hopefully this was fun to read. If you have suggestions for what I should do in the future to handle attacks, I'd love to hear about it!"
It sucks that the law-enforcement agencies won't help private individuals; however, since it's a company that's being hacked, they should be able to put their resources on it.
I can't say that I don't give a fuck. I've just run out of fuck to give.
My friend was a victim of identity theft last year, and the FBI wouldn't touch it unless he'd been screwed for at least $20,000. Good luck, man! Hope it goes better for you than it did for him.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Which will do two things:
/. effect will wipe it out.
1. you will get realtime help. OK, there are better ways but this is a _big_ audience you have here.
2. post a link to the offending server, and the
Sig for sale or rent. One previous user. Inquire within.
Stoopid P2P Terrorist. It was probably the FBI watching you and you were dumb enough to blab to them that you had spotted their tap. Get ready to drop the soap in the near future.
It has been my experience that unless there is some large monetary losses involved, then you're going to have a hard time getting law enforcement to do much of anything. Generally, for simple break-ins, they expect you to handle it yourself (typically contacting the ISP of the hacker).
When all else fails, run.
Because if not, you're out of luck. These laws were bought to protect monied interests, not the likes of you.
I bet an attack of this nature turns up an absolute shedload of valuable, confidential information, and I bet there are plenty of pissant ISPs in the world with poorly configured DNS servers too. How often has this kind of attack been found? I'm suddenly real glad I run my own DNS server behind my firewall.
"No financial losses" my ass. Lets see what Visa's customers have to say about that when the logins for half a million credit card e-banking systems get compromised. Hmm, almost makes me wish I could detect a similar attack so we could see what the UK police would do. "Intarweb, sir? Nah, not on our patch, you seee...."
You win again, gravity!
There is spyware which changes your default domain ( overrides DHCP). It's by a company from the UK I can't remember their name. It's your own fault for using IE.
I really don't know what to say, except what I put in the subject line. The subject was lifted from the famous line in Blade Runner, "If you're not cop, you're little people." These days, money incurrs rights and protection granted by the government. Odd how things have turned out, eh?
"Only in their dreams can men truly be free 'twas always thus, and always thus will be."
--Tom Schulman
I use SSH/SSL for only non-sensitive communications. for everthing, i go in person. and that is the most sensibl things to do, after hearing all these stories about identity theft. :)
we are just NOT there yet!
Consensus is good, but informed dictatorship is better
I'm not sure if you came off the right way. You may have wanted to ask to talk to a manager at an ISP and explain to them that it wasn't *your* problem, but *their* problem.
Most of the tech support people are used to handling stupid people with simple problems, and probably didn't believe, or realize how bad the actual problem was.
but it's not real surprising that law enforcement won't do anything...hell i had my car stolen by a tow company did all the research presented it to the cops & they wouldn't do crap
also as far as law enforcement is concerned cars are still worth more than money
hopefully you'll be able to get something done but honestly i wouldn't hold your breath
The domain suffix on windows is fun. It uses the domain name in your hostname as a domain suffix to search as well. One day, I'd set up my windows box as mybox.mydomain.com. Then my ISPs DNS servers stopped working. So when I went to cnn.com, it went to cnn.com.mydomain.com - and I got my very own homepage, even though the address bar in the browser said cnn.com (since *.mydomain.com resolves to mydomain's webserver's IP address..)
I also have my webserver set up so that if you surf to a hostname that doesn't exist, it serves up the google I'm Feeling Lucky page for the hostname.. "Collecting ancient art? Why, I happen to have a website on that, just go to collecting.ancient.art.mydomain.com."
SCO employee? Check out the bounty
Looks like you are on your own.
There is always DNS-SEC that you (or you brain-dead ISP) can implement
And don't forget the following: POP3S, IMAPS, HTTPS, SSH with AES-512, SMTP/SSL and last but not finally, FreeNet (and definitely not KaZaA).
You called Chater tech support?
It's a wonder they didn't tell you to reboot your modem, reboot your PC and verify that the network card is listed in Device Manager.
That's about all I've ever gotten out of them.
To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?
So many reasons, it's hard to count! But here's a couple for starters:
1) Your Mitnick example was how evidence was used in court to determine guilt and sentencing. That is a different animal than investigatory guidelines as to which cases should be pursued.
2) The Mitnick thing was years ago, and activity is so much higher now that they might have set the bar higher in terms of what cases to pursue.
Stop by my site where I write about ERP systems & more
Unless you can prove that there was over $5,000 in damages, I doubt that you're going to get law enforcement agencies interested in this.
Level 1 support at most ISPs don't have any technical skills. They walk through a series of scripted interactions and weed out the 99% of calls that are simple to solve. Good for the ISP, but bad for the 1% highly technical callers.
It's also possible that there is a specific security group that you could contact. You might have to be persistent to find them, however.
To protect corporations from having to spend money on real security.
paintball
I had already hit Slashdot for my semi-hourly dose of content
It takes your half an hour to find the content in Slashdot ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Every admin who has been reflexively typing 'yes' to the
The RSA host key for yoursite.com has changed, use new key?
prompt is now shuddering to think how many passwords s/he might have handed the "Man in the Middle."
Good Job.
Lookup the IP registrations, find the owners' locale, and then contact that local police department. Tell them a federal crime (felony) is being perpetrated on a grand scale, and that you need to speak with someone with extensive computer/internet/technical knowledge to report all the details.
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
The computer police too. I've been mugged, robbed, and assulted multiple times in my life, and the police were never interested in helping. My car was just broken into, and I had $4000 in computer equipment stolen out of it. I called to file a report and have them come down and dust for prints, and they said that they can't send anyone down.
Of course, I've been stopped and harrassed by cops on a number of occasions. My brother gave me a small cut in a fight that required stitches, and they investigated my parents for child abuse. I've been accused of possessing marijuana for having a tomato stem in the cup holder of my car. I have to drive through a police checkpoint every day on the way back from work on highway 15 in San Diego. After I hit a spare tire that flew off the back of a car in front of me, the police officer wanted to write me a ticket because he was upset that he had to drive out a take a report.
I'm a law abiding citizen without a mark on my record, and I can still say: fuck the police
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
The book Cuckoo's Egg by Cliff Stoll deals with this issue specifically... Someone kept hacking the author's computers at Lawrence Berkeley National Labs (coincidentally, that makes twice in two days that I've mentioned a National Lab on slashdot), and he has to convince the authorities that it is truly worthy of investigation... The FBI points him to the CIA, the CIA points him to the FBI, so a lot of the story deals with the social engineering required to get the authorities to actually listen. It's really a great read, and you can find used copies on Amazon for a penny.
Slashdot's first reaction to VMware
Honestly, unless you're a big corporation (or at least a company with some legal weight), there isn't much you can do. Sounds like you persued some of the right avenues to go through, but from what I've seen, read, and heard, individual civilian complaints don't bring a lot of action. If you were the FBI and had very limited staff resources, and you were presented with the task of either:
helping a sole individual who had his box cracked, or
a company like eBay, who hypothetically just had their credit card db broken into and copied,
which would you go for?
Maybe I just have a pessimestic attitude towards our beautiful US government. It seems that the average joe doesn't have a lot of recourse againt stuff like this though. Hopefully our fellow /.'ers will provide stores proving me wrong. That might instill a bit of faith in my weary bones.
"Hell hath no fury like a woman scorned for SEGA. ..."
They are there to protect businesses and the government itself.
This is a disturbing trend in the United States of Lawyers and short of a revolution there is not much that can be done to reverse it. Just look at the article from yesterday where Oral Hatch wants to exclude copyright owners from anti-hacking laws so they can destroy a personal computer. It's sad and scary.
What the USL needs is a new Bill of Rights that protects people from corporations.
.... what is funny here is how the Fed spends soooo much energy collecting powers over the internet that it has no idea how to use.
I think sometimes that the internet might be too big for them in it's present form. Better to break it and build something new! Something where Disney can get a signoff.
These laws were enforced by lobbists with THEIR and not YOUR money. So you have no right to take advantage of these laws :)
(at the risk of sounding cynical) but those laws aren't meant to help Joe Average. They are meant to protect MegaCorp from Joe Average. It's amazing how someone can go to prision for snooping in a company's files. But on the other hand, if it was some cracker redirecting an ISP traffic to steal passwords, it isn't worth investigating.
I can't help you with getting the attention of law enforcement or the service provider, but when all is said and done, I bet Peter Neuman at the ACM RISKS Digest would love to publish your story. The RISKS readers would be interested in the original hijacking, and just as interested in the lackadaisical response by those who could do something about it. The risks posed by both problems are the forum's reason for being.
to a concerned senator
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
look it up, it matches the IPs. they're spyware. looks like they're doing some serious assholish stuff
The problem with the FBI is they are all about making a name for themselves. They have no desire to get involved if there isn't a major loss. Even when they do, often they will go about it all half cocked.
Is this an encouragement to hacking? I guess the moral of the story is that as long as the loot is below 10K, itâ(TM)s fairly safe for the hackers :-)
We the people of slashdot clearly have the power to change these things. That's why you see fewer and fewer complaints about various issues as time goes on.
Seriously though, cool! It's always nice to read somebody's intelligent well written account of their intelligent and clever use of a computer to do anything cool.
the RIAA. Then maybe you'll get action.
Fat, drunk, and stupid is no way to go through life, son.
As much pomp and posturing as some of these organizations do, in my experience, the FBI guy you talked to was right: unless its a big company that has the cash to sue the government for not enforcing the laws, or at least raise a stink about it, these organizations will do nothing.
The reason for this, as I see it, is that most of the legal side of this stuff is handled at a federal level. So if only say, 100 people or so are affected, they're simply not going to waste their time on it. The only solution I could see to this problem is that, once the general populace becomes better educated to whats out there and what all this "fancy internet stuff" means, there is the possibility that smaller, more municipal "cyber crime" organizations may spring up, to deal with complaints coming from people in their municipality. Until then, its a jungle out there, and its every man for himself.
Mod Points: Helping you keep your opinion to yourself.
This is a very standard type of attack and a standard FBI response. FBI damage trigger is $5,000 IIRC. If the ISP calls the FBI, they can get the ball rolling. You can't, and frankly it's none of your business since it's the ISP server that got hacked. I wouldn't do anything beyond calling the ISP. You can't claim financial losses, because you didn't lose any money directly as a result of this hack.
I have a client that has been hit 4 times by someone using stolen credit cards to order. 3 were near each other and, of course, weren't discovered till months later when the brainless credit card holder suddenly realized their card was stolen. We shipped the products in each case, since the card was valid, passed AVS (which is a joke) and went through. Now, the same individual is ordering from us again with a stolen credit card. They are expecting delivery. They could be arrested on site. If anyone gave a damn. The LAPD only have one person that handles this type of crime and aren't permitted to go nab anyone (what use is that)? The FBI takes a submission online, but noone knows if it gets looked at. Blah blah...
The bottom line is that you can pretty much make a living off stolen credit cards and fraud. As long as you keep each order below US$400, noone will bother you. You'll just end up screwing lots of online businesses.
"I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server."
I'm sorry sir, you'll have to submit that report by email before we can do anything for you.
But I can't send you the email, because I don't even have access to my mailbox!
I'm sorry, thank you for calling, have a nice day. *click*
That is totally bogus that the FBI wouldn't handle this. The NIPC is totally worthless.
Why slashdot? Why not?
cia.gov!!
You can bet I shut my PC down and walked right out of there and never mentioned this little incident again until now. BTW, this was in early-to-mid September, 2001.
Yes.
Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?
:/
My Guess based on the national focus on Terrorism is yes: unless something really sticks out, we are considered small fry. The FBI simply considers it not to be worth their while.
I'd reccommend finding someone with a lot of clout to back you up with getting an investigation. I know time is/was most likely of the essence here with getting quicker investigations and results, but you could write a letter to the company's VP or such, explaining how this attack affects their image as a whle, future liability, etc.
My two cents
uR iGn0ranc3, Their Power
FBI magic number is $5,000.00. If you can't claim at least that much in damages, they won't bother. Over 5K becomes a federal crime.
I say this only partially in jest, but maybe try contacting the dept of homeland defense, or GWB himself or something. Call it terrorism, they'll be shut down faster than you can say "foo".
Seriously though, with the increase in the gov't involvment and crackdown on cyber terrorism (or they say there is) isn't this a prime candidate?
That said, it's scary that the ISP doesn't seem to give a fark about this. If I was in charge of their security I'd be fixing this as quickly as possible, not letting my company's customers continue to use a compromised service. Wouldn't it be considered negligence to allow your customers to continue using a server you know to be compromised (ie: not changing the DHCP server back, or simply shutting down all access)? Personally I'd much rather loose my net access for a bit while this is cleaned up than my ISP knowingly let me proxy through sniffers and password grabbers.....
Go to http://www1.ifccfbi.gov/index.asp and file a complaint. They'll follow up.
Michael C. Hollinger
An associate of mine had his server broken into. He clearly documented exactly what was done and prepared a detailed report with everything cross-referenced to the FBI. The activity was clearly malicious and illegal. The FBI opened a file and sent agents to meet with him. Even though the perpetrator of the crime had been identified (down to his cell phone number, place of employment and everything), the FBI presented the case to the D.A. for prosecution and the D.A. refused to take the case. Money was a major factor. Because my associate was quick to discover the compromise, and therefore reduce the damages to his system and his clients, the monetary damage was minimal. Nonetheless, the authorities refused to take criminal action against the perpetrator even though the whole case was laid out in front of them. His experience indicated that law enforcement was more about money than law.
They want everyone to go through their proxy servers, they just hand them out as IP address. I am assuming however that these addresses were not on the local ISP control (you did a traceroute to them and found that they were located in china or something). Of course if that happened, the throughput on their machines would go to hell as everyone starts bouncing packets through the world to get to their destination.
The intersting thing, if the company DID do this as an infrastructure upgrade, I don't see them advertising it to their custommers either, ass 99.999 percent of them would have no idea what they were talking about.
I have mod points and I am not afraid to use them
I noticed that the poster said that they called the FBI... Does someone have that number handy? On the FBI's site, all I can find is a web form to post "tips" to. Thanks!
Be the cracker?
.. that it was the Feds spying on you, usually they manage not to get rumbled. Now though, you will have infiltrate their system to see what they've got on you.
I learned a valuable lesson here. The next time I'm going to steal from someone, I'll just make sure I take less than $5,000
I ran into similar barries when [it's a long story] I was scammed out of $1200 on the internet.
After much talk with the FBI, local police, and FCC I learned that stealing from people is perfectly OK as long as you don't take too much..
Help yourself.
It's no wonder that the FBI won't spend time on this. People DNS-poisoned like the submitter must abound these days, and if the federal agency investigated all such cases, its activity would grind to a halt, which Administration doesn't want, unless I'm mistaken.
Install your own DNS server. Under a good linux distro it takes no time if you know how to do it, two hours if you have to RTFM and understand it beforehand.
Under Windows I heard it's nastier though, with requirements for Active Directory (uh ?) and admin access to the PDC.
If you can spare a outdated box at work, consider installing a DNS on it and use it from your own box.
Such attacks will be more difficult to perform on you then.
Karma cannot be described by words alone.
When I ran a small ISP, our experience was the same. The law enforcement people didn't do anything for us.
It was strange, because the FBI had actually sent a couple of agents to our office to introduce themselves, pass out business cards, and the like. But when we had trouble, we called them up and those guys basically said, "there's not much we can do."
When the agents introduced themselves, they gave us a questionaire to fill out, and there was a question about encryption -- had we noticed anyone using it?
The questionaire (which I didn't complete), and the lack of response when we actually needed help, sort of soured me on the beaureau. The agents were nice guys, and I had the feeling that they were sincere when they were talking to us, but the organization itself didn't seem to be too helpful.
I don't really have a problem with them paying more attention to hacks on major e-commerce sites or banks than on my little ISP (which has long since been sold). The reality is that there's so much cracking going on, and it's so hard to track it down, that chasing small incidents isn't really practical. If a big ecommerce site gets cracked, a lot of people get hurt, the situation is really different.
The lesson that I learned is that you're basically alone when you get attacked. No one cares, and no one will help. Your ISP won't do anything, law enforcement won't do anything, and your customers will be incredibly angry with you. The only way to deal with it is to do whatever you can to secure yourself up front.
HeelToe you rock.
Read the article. It's right there in the 1st and 6th paragraphs...
In the first:
"After figuring out what was going on, I contacted the tech support line for my service provider (Charter Communications) to no avail, as well as the FBI and NIPC, again, both to no avail. "
In the sixth:
"I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. "
If you want to put pressure on the government, what you need is a good attorney. The FBI and local law enforcement might be liable civilly for failing to respond to your complaint. You probably wouldn't win, but the spur of such a lawsuit would probably be enough to get a little action on your part.
If you really care about it, I'd talk to a civil litigator or IP attorney with experience in dealing with federal law enforcement. It won't be cheap, of course (good lawyers never are), but the Powers That Be will be a lot more helpful to someone with a J.D. behind his name.
Short of that, I think you're better off protecting your network and moving on. Good luck!
I just set my office comps (all 27 of them) to ping the IPs non-stop until i turn them off... which will be monday morning.. every one, join in. /. effect to the max
From my days on IRC (sorry) I can tell you that the vast majority of internet crime is not investigated or persued. Most companies just don't give a damn, and the FBI is not likely to take a case unless it is high profile (go politics). I have known people who have been caught hacking DoD and Nasa computers only to recieve a phone call form IT personnel politely requesting them to stop doing so. Your best choice is to do just what you did, inform your ISP (who will most likely try to keep it on the DL so as not to alarm costomers) and attempt to inform law enforcement if you really care/have the time. Best of luck.
Visualize the world of wine
Post it on Slashdot! ...err
But really, this seems to be a large-scale scam, not a single-user hack, and since they seem to be gleaning identity information, one would think the FBI would be interested, at least a little.
FBI fibbed again..
You are repat allowed to to charge for time cleaning up an infected system as a loss counted under federal computer hakcign laws..
Read the Mitnick Trial transcript fro proof..
FBI inept as usual..
Don't Tread on OpenSource
Step 1: Go to something call the "fridge"
Step 2: Open door
Step 3: Take out something called a "beer"
Step 4: Open can / cap
Step 5: Drink it
Step 6: Pat yourself on the back for posting, by far, the nerdiest post this year AND getting it past the editors.
Step 7: Repeat Step 1: through Step 5:
Step 8: Pat yourself on the back for killing your ISP's business.
Step 9: Repeat Step 1: through Step 5:
Step 10: Goto Step 9:
Job well done! And I actually mean that!
You will have to pry my proprietary software $$$ from my cold dead hands!
*They* will certainly care about a hijacked proxy achiving account numbers and sniffing passwords. Now, when they call your ISP - I bet they would take immediate notice.
-- your Web browser is Ronald Reagan
as a person that knows how to use a computer, i find this appalling. as a person that knows a little about this kind of stuff, i find this information unsuprising and a little reaffirming. I mean really, looking for cyber-law enforcement is like lookin for the drunken sheriff. It's just not really there all the time. Law enforcement is needed when Jon. E. ComputerUser has been compromised, but it's seldom there. When Jean Pierre Corporate needs help, it's 'calling all cars, there's a hacker on the loose!' The best advice is to at least be informed of what can happen and try to take countermeasures (on your behalf, not necessarily strike back...unless u can =^D ). The Internet is really the 'Wild Wild West.' Better strap up and protect.
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
I had an interesting spam last night - it came from Best Buy Customer Service, and warned that my credit card number may have been leaked. It asked me to go to their web-site to check. Well, surprise, the web-site wasn't from Best Buy, although it represented itself as such and most of the links on the home page did point to Best Buy pages. Another surprise was that the check for fraud page asked me to enter my credit card number and other ID so they could check to see if my account had been hacked and my card number stolen.
That's the first one of these I've seen, and I'm sure it will catch some people (although they won't catch many in my area - no Best Buy within 500 miles). I also didn't have much success reporting it.
Full marks for creativity, but pretty high on the scumbag scale.
Welcome to the real world of crime. My grandfather had an outboard motor stolen worth a couple grand - the cops showed up, took a look, wrote up a report.
Thats it. End of story.
Same thing for my future parents in law - they had a break in at their cabin. The police showed up, 8 hours after the call went in, took a look around, wrote a report, and thats it.
If its not a murder, Martha Stewart, or Pete Townsend they don't care too much.
Just call up Senator Orrin Hatch and ask him to stop hacking your shit.
RTFA. The writer DID contact NIPC
It worked for fyodor!
sulli
RTFJ.
this history comes from the country that was hit by the 9/11 events, comes from the country that loves so much copyrigth holders that some senators even think in *destroying* end-users PCs as a legitimate way of figthing copyrigths.
...
...
...
...
...
/. ...
This history comes from the country taht even has now a Departement of Homeland Security whose job seems to collect as much data as possible about is own citizens to protect them from *terrorism*.
but, hey - the described events are *pure* terrorism from one side are pure negligency and irresponsabilty from another
If there is still some sense of rigth or wrong in the US one thing must happen quickly
get all those irresponssible people (both in the public and private sector) who simply didn Ât care fired imediately
if nothing happens, well maybe this was a beta testing of some carnivore type technology that went wrong
don Ât get me wrong on this : I trully love the US as a nation, but some people there should really get back to basic school just to learn a few things : the difference between black and white, the difference between rigth and wrong and above all get some common sense!
This kind of events were supposed to be only possible on Brecht tales or Orwellian stories not in a real nation, not in a real world
thankfully we still have
Cheers from Portugal
...that this wasn't an individual being hacked, this was a block of people on Charter that got hacked. The stuff the hacker was doing would have collected a LOT of CC info, etc.
Sad to say, this is pretty damn big and while it's not a company this time per se, they companies are going to take it up the tailpipe all the same for it.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
what can be explained by stupidity alone". Is it possible this is just some third-party advertising configuration or software upgrade gone awry rather than a 'sneak attack'? The 'hijacking' IPs seem benign enough ...
Imposing Libertarian views on everyone online since 1992.
Dammit. I have charter for my cablemodem service. Would the poster mind answering the question of just what timeframe exactly all this happened in?
Now I have to go back and change ALL the passwords I've used in the past week. Shit.
Michael C. Hollinger
First of all, file the report. Ask the support person if you can fax in the report because you don't want to inform the hacker that (s)he's been spotted and you are reasonably clear that you can't get a secure channel to their web server.
If they absolutely insist that you go through their web pages, then do so. Give enough information to prove that you understand what's going on, and inform the person on their support line that you'll b expecting someone to call you with a phone number that you can call them back at.
(This is to prevent impersonation. I'd actually check the number to make sure that it belongs to the company in question) -- remember, the hacker may be seing your on-line communications.
Basically, the cops are right... about the only people who can force a real police investigation are at the ISP in question. If they can show that a couple hundred (or thousand) people have been affected by this hack then the cops may get involved.
If you want to be snarky, then you can ask the name of a good local journalist that you can tell your story to.. That might also light a fire somewhere. If nothing else, people in your community need to know that their communications are being logged by someone with clearly malicious intent. Be prepared to spend some time explaining things to the reporter. Someone with the stature to get furr flying is also unlikely to have serious technical computer knowledge. Be ready with a lead-in line to get his attention fast, like:
Free Software: Like love, it grows best when given away.
Have you tried running Spybot or Adaware lately? If you try going to p5115.tdko.com, you'll find it's a website for lop.com. Which, incidentally, is an infamous purveyer of spyware:
http://www.spywareinfo.com/articles/lop/
"People that quote themselves in their signatures bother me" - athakur999
You should have said that your internet connection was hijacked by a member of the Axis of Evil; the FBI would have jumped right on it.
Aaaaaaaiii.
for real. me julie.
If you want the govt. to get involved, just startup a company and give them a few million dollars, they'll start arresting people even if they didn't hack anything...
google
Spyware?
Our biggest problem isn't breakins, it's posting web site passwords on the net.. Hey, it's still someone using an illegal means to access materials (yada, yada, yada).
/24's doing the fraud.. They were coming back about once per day and doing the same scam. Each one was a Internet cafe thing, so fairly obviously it's someone sitting on a public machine trying not to get caught. But, they were both at least 1000 miles from where we were, so it was pretty useless for us to catch them. It would have just been so easy for the FBI to send one agent out. $10,000 fraud on one site is nothing. I'd be more than willing to bet that they were hammering a whole bunch of sites with those same transactions.
We do our own defenses, but I always see the users or proxies attempting crap.. I tried calling a few providers, but they're completely dense when you say "someone on your network is attacking one of my servers." Somehow they manage to get the stupidest people handling their support desk, who can't even comprehend what a server is. If you do manage to get to an abuse department, they'll rarely do much.
A few years ago, I got tired of fucking with the help-desk people to complain to, so I called the FBI. They took my information, and had an agent call me back.. It took a couple weeks to get the return call, but I did. He was actually well informed, and seemed to know at least the basics of how the Internet worked. He also said that I'd have to prove a monetary loss. The mininum amount was $5,000, if I recall correctly. It isn't enough that someone can abuse the shit out of your system, you have to prove that you were loosing money in the process.. So I have to make the decision, do I set up the system poorly enough so we do loose sales/members over fairly simple attacks, or do I just forget trying to get anyone to help.
Recently, a friend of mine rewrote a site for selling calling cards on the net.. The company is an established real-world business, they just wanted to expand... So, she spent a few months putting together a kick-ass site, with all the bells and whistles that the owner asked for.. About a month after it went live, someone started hitting it with fraudlent transactions. Even with all her normal precautions (and a few of mine), and using a 3rd party billing company with their own precautions, they still got hammered for about $10,000 worth of fraud.. The FBI was willing to take a report on this one, but never investigated, and never did anything about it.. She (the programmer) had got the IP's of the users, found out who owned the blocks. We actually knew where they physically were and told the FBI. If they were interested, they'd only need to send one agent where we told them, and close the case. They didn't. It's still an open case with no leads. {sigh}
There were IP's in two different
We called the cafe owners and told them what was happening. Their suggestion was to call the police, they weren't going to stop anything. {sigh}
Knowing how bad they are to stop things, I wonder if I'm doing the wrong thing, staying on the legitimate side of things. If we can literally say "They guy sitting in this cafe is running tens of thousands of dollars in fraudelent transactions per day, and stole from us" with proof, and they won't touch it, how much evidence do they really need against someone to do something?
Ya, we see the big "some hacker caught" stories occasionally, but honestly with all the crime going on (yes, there's lots), it's only rarely that you hear about someone getting caught.
Serious? Seriousness is well above my pay grade.
How do you expect any law enforcement person to work on this with the likes of Martha Stewart walking the street. This is far more important than *any* crime that may have occured!!!
Take a look at the site 66.220.17.45 which claims to be LOP.com. Pay particular attention to the title of the page. Notice the AyBrBtU in the title. All your base are belong to us. These guys are no good. Shields up! Now Slashdot the crap out of them.
Well depends on who you want to help, and how much you are willing to spend.
(I would send this e-mail, but your address is not public) You could have contacted the holder of the redirected addresses (66.220.17.47) They are all together and all on one class C.. All owned and mapped to one entity (Hurricane Electric). You can find this by doing a search at www.arin.net. They might be more receptive to your call (if anyone is there) as either they are doing the redirect, or their boxes have been compromised.
Personally depending on how nice you want to be, you could just make your own firewall/dns/etc (not hard with linux) and have it search the root domains for every DNS lookup.. It is more secure, though if everyone did that the root servers would probably die. Leave a report with your ISP, get off and try again tomorrow when someone who might be able to help (and/or cares) sees the note. I would also recommend that you call the next day (business hours) as your note might well get misplaced. You might also think about this response and determine.. Do you want them as your ISP (might not be an option.. but is something you might think about).
If you want to be more vigorous I suppose you could find someone to fix the hack. It is indeed an interesting hack, took sometime to set up, and they are looking for some gain.. Your ISP should care, and frankly the others should too with this amount of effort, they don't have anything (dollars) yet, but I expect it would be really easy to use this to catch who did it. (Phony credit card numbers anyone?) But while it might not be an ideal world.. I expect most enforcement people have hotter priorities.
To begin with, like many previous posts are stating, the FBI doesn't handle individual cases of home intrusion or even very small business intrusions.
The best place to call would be local law enforcement (eg. county or state). Depending on their practices, you may or may not get a response. However, the unfortunate reality is most law enforcement agencies are too understaffed and underfunded in their computer crimes departments to be able to give an effective response to individuals. This goes for organizations from the FBI all the way down to your local PD.
All of the money being currently allocated to cyber crime is more geared toward terrorism (Since that's the buzzword these days), or general attacks on public infrastructure, government and large businesses. Furthermore, attacks on individuals are so prolific that I don't think any PD would even know where to begin.
As if that wasn't enough, there is such a shortage of law enforcement professionals who understand and can perform an effective incident response, that even if such PDs and agencies had the cash, they couldn't hire many more quality people. The best security professionals often tend to make their way toward the private sector (Again serving big business or big government contracts) where they'll make real money.
Sadly, you're just not going to get much help these days from government. Someone earlier mentioned posting your problem on slashdot or somewhere else (Does anyone know of a good site to post for home incident response advice), and that's probably the best idea, because you're better off just defending yourself.
I know the USSS (United States Secret Service) usually prosecutes computer crime in the States.
Pester them? -- It's worth a shot, they have offices in all 50 state (IIRC).
I assert that my comment is only my opinion, not that of any employer, past, present or future.
they're like that all over the good ole Corporate States of Amerikkka
I think HeelToe should have said that he was a contract worker for Krispy Kreme.
Just report to the RIAA that these individuals were trying to rip the Madonna CD from your CD-ROM. That should do it. ;o)
...Life is like a bad analogy
Document what happened and show it to your bank
Faced with the prospect of having card numbers and PINs stolen, the bank will understand the risk. They have the clout required to get the authorities moving.
It was their server that was compromised, and they are responsible for protecting their customers.
I would suggest you contact a good class action attorney, tell him what happened and the likely number of subscribers affected, and then sit back and watch him beat the living crap out of them for negligence, etc.
It's sad to say, but in a capitalist world it is money that forces action. Make em hurt and they'll take action in the future.
-rt
Rent a room for a week at a cheap local motel that won't bug you about ID. Order a shitload of stuff online on your credit card and have it delivered to the motel. Take the stuff home and then call your credit card company and say you didn't make any of those transactions, and then call the FBI back and tell them they should have listened to you the first time.
Fight Spammers!
I'm truly amazed that Charter and the FBI blew you off like this.
You've already tried going through channels so the next step is embarrassing them into doing something about it - notifying news media outlets and posting to slashdot are probably all you can do though. If Charter has any specific usenet groups like @Home used to have, I'd post this info there as well.
Best thing would be to get this on TV as then they can't ignore it. Charter is based in St. Louis and I'm sure one of the consumer affairs reporters at one of the TV stations in town would be interested in finding out that the major ISP in town is letting their users' passwords and other info get leeched.
One of the ip addresses you mention is found on this page, which just seems odd. Can anyone translate?
That will get his attention...
That shit was sweet. Thanks for leaving it in your car. Talk about window shoppin'!
Now the wannabe computer criminals know that there is little to no danger in pulling off such computer crimes, because those that care enough to act are too small to be heard, and those that are large enough to be heard don't care enough to act.
It is quite sad that the ISP took no interest in a breach of its own security, which only encourages future breaches, since the perpetrators know that they will get away with it, not because they are 1337 h4x0rz, but because nobody will look into it.
It won't be long before such attacks become as common place as email viruses if the proper authorities don't act now, and, more importantly, the ISPs don't take heed of this danger. Lack of enforcement does indeed encourage crime.
Oh, was that my outside voice?
% whois 66.220.17.46
Hurricane Electric HURRICANE-3 (NET-66-220-0-0-1)
66.220.0.0 - 66.220.31.255
C2 Media Ltd HURRICANE-CE1076-331 (NET-66-220-17-0-1)
66.220.17.0 - 66.220.17.255
This is the infamous lop.com customized ad/spyware, see lop.com and wrn.net. The thing with the domain suffix is a trick with 127.0.0.1. This type of software typically installs a search toolbar in IE and they seem to come in a multitude of different versions. It's the worst of breed.
C2 Media claims that people click through an EULA and know what they're installing. I know all this because my Dad had a "weird extra toolbar and popups to go online gambling". He found the running binairy, I looked through a hexdump of it and there was their EULA alright. But he never saw it. This critterware can even get installed by merely mousing over a banner.
Don't believe me? Google for "lop.com, adware, toolbar"...
I thought about that too, but it doesn't really protect against break-ins. It protects against poisoning your binaries and back doors, but the attacker can hypothetically gain access and then abuse the trust you give to that machine. He/she can't write changes but can launch attacks inward at your network or outward and make you look bad. Read only is a step in the right direction, but it does not make anything break-in proof.
that turboing article is extraordinarily valuable.
ed
Now what? How do I know when I am at risk? What does the normal schmo do in a situtation like this?
Should I stop accessing any financial websites that I use?
This is the one thing that's always made me paranoid, so what if I have a firewall, if my ISP is hijacked, then what do you do? It's not like I have options out here, Charter is it, unless I want to bend over for Sprint's DSL (which they charge you tons of cash to cancel your account among other nefarious things...) or satelite (ugh)
...using at least a *BSD box with PF, or a Linux 2.4 box with iptables and a well-tested set of firewall rules in either, to protect your network in the first place, you are a stupid dimwit twit who deserved to get hacked.
Not having a solid firewall in place first and formeost before ever allowing that first internal workstation to surf the web is the networking equivalent to being on the receiving end of unprotected anal sex with as many strangers as you can.
Time to start defrauding companies of about $4999. Maybe make it $4000 to be safe.
I've read a fair bit about investigations of eBay fraud - I wonder if the same limits apply there.
With respect to getting some action on any future attacks - what should I do? Who should I call?
Write your state's attorney general. Include all the information you collected, a more detailed explanation of what you posted here of the incident. Let them know you've contacted the FBI but I would lead them to any conclusions about where that is going. Request that their office look into this from both a pespective on the potential harm from the hack, and the responsibilities of your ISP to respond to, and ultimately, prevent this sort of thing.
Then, write each of your senators and your congress person. Before you do that, find out which committees they sit on and see how you can tie this in to their oversight responsibilities with regard to the various goverment offices that could be dealing with this. Point to anti-hacking legislation like the Patriot Act and anything anyone suggests, and then point out how the laws are not uniformly enforced. Point out that potential harm and not sheer magnitude of dollars expended ought to be a desiding criteria for launching an investigation, or not.
If you haven't already, fill out an incident report for your ISP to cover yourself. Those IP addresses belong to someone, and they have a responsibility in this. Whether direct, or indirect, remains to be seen.
Finally, contact your lawyer. If for no other reason, you will need some legal CYA in your back pocket as insurance, given the stir you've already started by contacted those people that you have. Not that you should have to worry about liability issues, but you never now.
HTH, good luck with it.
Isn't the 'Connection-specific DNS suffix' only used if the original entered name doesn't resolve.
Hey HeelToe,
:remove: yahoo DOT com
I don't have an email address for you or I'd ask there; what Charter area are you in?
audiokat AT
Why is it that it's a penny for your thoughts, but you have to put your two cents in? Somebody's makin a penny. --Steven
If you can't beat em, join'em!
First off, do the terrifying...submit to CNN.com or ZDNEWS....
"Entire Charter One Internet Communications Divisions Security Jeopardized....what data was collected? Why was nothing done to stop this...even after a client reported the crime in progress!"
Than file a lawsuit or insinuate, by paying a lawyer to make a call and claim that his client is considering filing for damages....blah..blah..blah.
But the truth of the matter, most of our recent laws are there for two reasons.... a) to protect the powerful, b) to keep the massess subdued.
Almost none of them are designed to punish actual criminals or protect the common citizenry. Face it, our justice system in America is dying...
Here is the info on the addresses you provided.
Lop.com
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK
Domain name: LOP.COM
Administrative Contact:
Live, Media webmaster@lop.com
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK
+ 44 7817 130 743
Technical Contact:
Live, Media webmaster@lop.com
Unit 12
571 Finchley Road
Hampstead
London, NW3 7BN
UK
+ 44 7817 130 743
Registrar of Record: TUCOWS, INC.
Record last updated on 12-Mar-2003.
Record expires on 06-Oct-2005.
Record Created on 07-Oct-1998.
Domain servers in listed order:
NS1.LOP.COM 66.220.17.5
NS2.LOP.COM 66.220.17.5
What does that have to do with anything? The FBI is probably manned with people from Clinton's first term or longer. It's not like the FBI gets rechosen every time an administration rolls around, and theyre the ones making the choices.
Gah.
-Bucky
So what does it take to get the FBI to investigate? There are about 4 different things the bad guys could do:
The problem is you don't fit into any of these categories for the FBI. Suppose you did come up with the required damages. Then the FBI have to choose whether to pursue your case or another. If someone else is causing more problems, they'll investigate them instead of your case. If you don't have any idea whose doing the hacking, then again they'll probably go after someone who they think is easier to catch. Last, they'll try to decide whether or not they think the case will lead to an easy conviction. If not, again your screwed.
Basically it's a matter of priorities, and this doesn't sound like a large enough hack to be more than the blip of a Cessena at an international airport full of 747's.
It sucks, but that's how it is. What would be good is if hacking resulted in a fine, or some other misdemener. Then convictions would be easy, and the bad guys would quickly learn crime doesn't pay in the small case, and the big cases result in the FBI actually going after them.
But protecting Joe user isn't high up on their list (especially, as numerous other have pointed out, since it wasn't the users computer that was hacked).
;-)
They collect all those rights to use against terrorists, pedophiles, music traders, random computer users, emailers and political ideologists. Not to prosecute teenage scripters, at least until a corporation complains. I mean, your just a voter.
Quack, quack.
I think your comparison to the Mitnick case is a little off. In the Mitnick case, the companies he broke into/social engineered called the federales and reported a crime on their systems. It is their responsibility to report crimes on their computer systems, and I don't see why law enforcement would respond to a call from someone concerning a crime that is not specific to that person's computer system. Technically you do not have the authority to ask the police to investigate crimes on computers you do not own or otherwise have responsibility for. That's like saying my ISP can call the police if they notice someone hacking into my computer. It's my decision or responsibility to report the crime. The hacker in your dilemma hacked your ISP, not you specifically. However it is a different matter if the hacker actually used information they collected from hacking your ISP against you - such as credit card information, SS number, passwords, whatever. At that point you can report credit card fraud, stolen identity, etc.
Compare this to a non-computer situation: If someone breaks into your house, the cops can't enter your house to investigate without your permission, even if a neighbor calls up and reports the crime.
I've had Charter for over a year, and can honestly say I like their service with 2 caveats:
1) They're a cable company, not a ISP (really) Frequently they're clueless as to what's wrong. On the bright side, they really don't care what you do with your service.
2) Their DNS servers are always down, broken, etc. I run off private DNS servers, and I'd suggest anyone who uses their service do so as well. I went from being unable to connect to websites around 80% of the time to almost never having problems with it at all.
In respect to the hacking incident, there's not much you're going to be able to do unless the thieves actually do something with passwords gleened from you, etc. Just change you passwords, get a private DNS server you know, and continue on with your life.
someone needs to mod the parent up. it's way informative.
ed
I had a Linux machine of mine hacked a few years back and the attacker completely wiped one of my hardrives. I happened to log on during the middle of the attack though, noticed something weird was going on and pulled the ethernet cable to my box. I was able to look through my logs before the attacker had a chance to erase them. In there was his IP address, when he logged on, etc.
Next I called the local police. They didn't think that there was anything that they could do, but said they'd call back.
Next I called my ISP. They didn't care either.
Next I called the FBI and they didn't care either because there weren't enough monetary damages.
Next I called the attacker's ISP. (I had his IP address from the logs). They didn't care either.
The local police finally called back and said that there was nothing that they could do. I finally asked the cop on the line that if there was nothing that could be done by seemingly anyone if I should just hack him back. He said that if it was him in my situation that is exactly what he would do! Not being a 1337 hacker though, I had no idea what to do and just gave up. I had already spent tons of time investigating and being pissed off. I was tired of the whole mess and I couldn't come up with anything to do.
Thinking back on it now though, it still makes me mad.
Maybe the only solution is to come up with an online posse to dole out a bit of online frontier justice.
fact is : we 're talking about present and future not past ... if you pretend to live under the shadow of you 're country past it is fine to me ...
but remember: Portugal was onced an empire bigger thanthe US ever will be ...
back to the main question ... how the hell do you justify such a massive failure in the whole system ? ...
Copy the ENTIRE Pearl Jam, Jimmy Buffet, and Metallica music libraries to the bad guys machines. It should take the RIAA roughly 17 minutes to find the ip addy, sue the ISP for the names of the hackers, send cease and desist letters and finally hire a group of Sherpas to hunt the villians down like gangster hit men and beat them senseless with very hard wooden clubs.
Police are (in my experience) pretty much like you and me. I've taken shit and met a lot of decent officers too. Its got to be about the hardest customer support job available. ;-)
Quack, quack.
You should have posted a link to the offending site and/or IP address number 1, number 2, or number 3
There you go. All visitors, please click through the links above. We'll take them out in no-time...
comin' straight from the underground.
This sounds similar to the recent BestBuy hoax.
- Email Extraction Software
- Realtime IP Tracking - Buy 25,000 visitors
- Create freedom,wealth,...
and so on.If nothing else, the attack you describe is a way to harvest current email addresses.
This "turbo" link gives advice better than most, but it's still not right. I have read so many times on slashdot posters' advice to work your way up the chain of command in a corporation. That is inefficient and won't get you results.
The turbo article says, "phone the CEO's office". That's better, but a phone call is too easy to blow off and it easily gets lost in the shuffle.
From experience within corporations at the highest levels, here is what works best. When you get blown off by lower level tech support, immediately write a letter to the highest people in the corporate food chain, its Board members or CEO. What typically happens is the letter will be passed down the line to the High Level Person who can handle it (some VP, for example) with instructions scrawled on the letter using a pen by the CEO which says something like, "Look into this, handle it, and let me know what happened."
This is real life, people. Now you've got VPs at the highest level running around trying to solve your problem, who are required to report back quickly to a quixotic boss who has the power to fire them. This process is a model of efficiency - you quickly wrote a letter; the CEO very quickly scanned it, acknowledged the problem and quickly prescribed that a solution be found - and now the engines of the corporation are at work scrambling to solve your problem.
Doing it in writing makes it easier for the CEO to pass the responsibility on quickly. All he has to do is take a few seconds to read your letter, and a few seconds to delegate the solving of your problem. He doesn't even have to try to re-articulate what your problem is through phone calls and garbled telephone tag -- you've done this for him already.
So, this turbo approach gets it only half right. Yes, they're right - working your way up the ladder doesn't work, only down the ladder works. But, you've got to do it in writing, and quickly. That's the way to get fast results.
I spoke to an FBI agent about this once. She told me that their computer crimes division is so extreemly busy that they only concerntrate on the cases involving about 250K or more since they don't have the resources to investigate everything. Additionally, she told me that when making a case to the FBI, that including your time and expenses in the initial investigation are valid monitary losses and can be included in the net loss resulting from the hack. However, you need to have suffered serious losses to get your case looked at by the FBI.
Sorry. But they are busy.
Troy
The government is worthless in this. They're reactionary, not preventative, and even then will only give you the time of day if there's hard money or data loss involved.
! %2 0NET-66-220-17-0-1
Charter was woefully unconcerned, and as their customer, I'd raise hell, escalating up their corporate food chain.
To get at the actual attacker, go the next rung, look at who owns/controls the IPs that you're being redirected to.
http://ws.arin.net/cgi-bin/whois.pl?queryinput=
CustName: C2 Media Ltd
Address: P.O. Box 1113
City: Shalimar
StateProv: FL
PostalCode: 32579
Country: US
who are in turn a customer of Hurricane Electric
TechHandle: ZH17-ARIN
TechName: Hurricane Electric
TechPhone: +1-510-580-4100
TechEmail: hostmaster@he.net
OrgTechHandle: ZH17-ARIN
OrgTechName: Hurricane Electric
OrgTechPhone: +1-510-580-4100
OrgTechEmail: hostmaster@he.net
Go to Hurricane, and ask them why they're letting this go on. They'll be more concerned. You've indemnified Charter in your service agreement, most likely, and can't sue them. Hurricane has no such protection from you and will, ironically, be more responsive than your own ISP.
Identity theft is a serious crime, and mass identity theft by stealing passwords, etc. Could lead to significant losses to all of the people using that computer system. The fact is that most people don't have more than one password. Who knows if they use the same password to protect their finances as they do to log into their ISP?
I'm not saying that you didn't do the right thing by calling the people you did, but perhaps you can take action in other ways. Are there any laws to protect you from ISPs who don't care about your security? I'm not suggesting that you should sue your ISP over lost security, but if they don't follow up once they've been notified of a security problem, it's a big deal. Stealing personal information (passwords, etc) is an invasion of privacy and there should be laws against it.
Go ask a laywer for some advice and see if that makes people care a tad bit more. If the RIAA can sue Verizon for names, so can you. The FBI is TOO HIGH a level to complain. The ISP phone people are too incompetant. A lawyer will get the ball rolling. Try the ones who are paid by the state first, AKA the DA.
Don't be amazed.
It's just the way they work; unless its internally generated, whether a charter, the FBI, or any other investigatory agency, they just don't want to see it; they have already got a job, things to do, and they don't want you adding to the load.
If you REALLY PUSH, they will usually put you in contact with someone who at least has a clue what you are talking about, but the first thing THEY will do, if you are a private individual, is see if you are the criminal; you are guilty until proven innocent, if you actually get them to take you seriously.
They also will have no interest whatsoever in any evidence you have gathered; they know that it won't be investigated for most likely months, so there is really no point to it.
If you encounter any behavior other than this, you should really keep it to yourself; otherwise the competent individual you encountered will most likely get fired.
I know of what I speak; I ran into some blatantly immoral(important) non-legal(not so important) activity in the past and determined to get it taken care of no matter what the cost in time or effort.
and the costs were very high.
Why, yes, I AM a Pagan Libertarian.
Their boss, John Ashcroft, is a Republican, and he's the one who decided that petty theft (less than $20,000) is not worthy of their time. They're too busy catching Osama. Or trying to. Or something -- I dunno, but it involves reading all our email and listening to all our phonecalls, so it must be important.
If all this should have a reason, we would be the last to know.
The reason they were "unable" to help you is because investigations like this are a service available only to the wealthy elite and apparently you don't have a six figure per year income. Try playing the lotto or something and then call them back.
There are all these laws and all this hype about enforcing these computer crime laws - what must an end user do to get some enforcement done?
Have you made any major contributions to any political campaigns lately?
The price of freedom is eternal litigation.
I had a $250 bicycle locked up with a Krytonite lock stolen, and the police aren't going to find it.
Charter's dhcp servers were not hacked! This guy has freaking spyware on his pc, that I assume most everyone who does windows pc tech stuff has seen. So he calls the FBI because of his incorrect assumptions.
I would like to believe the FBI blew him off because he was NOT the affected party if in his mythical little scenerio. The other agency ignored him because he is just some nutcase who DID NOT know what was really going on.
When one of our servers got hacked, we called the FBI, they were on site in less then 15 minutes, and they did data collection, and were on the phone having logs pulled from upstream. I don't think they ever cought anyone, but they were doing everything they could. Lets face it, when the shit *really* hits the fan, there on top of it.
I thought the government was "by the people, for the people". Why doesn't the FBI care to investigate an issue if its an individual who has the problem? Why does only companies rate the "privilage" to have their issues looked into?
I thought the government was present to help protect the CITIZENS!
This reminds me of a hit and run incident I was involved with, and the Worcester, Massachusetts police didn't want to invest it because their wasn't enough monetary damage to my car (after I chased the drunk driver down the roads to get their license plate number).
Unfortunately I am not as technically savvy as the poster. Is there any way I can duplicate the 'investigation' to see if I get the same results at least so I know whether or not my information is being collected? I use DHCP to get my DNS, so I'm pretty much screwed if the poster is right.
My Blog
The FBI doesn't care.
Remember What Can Illegal Hacking Do For MY Business?
Osama, is he still out there? Well Bush thinks it doesn't matter. By now he probably also thinks it doesn't matter if we have Sadam or not. Next stop Iran, everybody exit.
Second, hey guys, the site's still up. Get off your lazy asses. ;)
-Looking for a job as a materials chemist or multivariat
http://www.catchteam.org/
From their site:
They visited us and gave a presentation to all of the sys admins. They seem competent.
The problem with the police is that their primary job is to keep honest people honest. Thus, they hassle those of us who are law abiding, in hopes of scaring those who are dishonest. Beyond that, they have no clue what to do. Too bad it doesn't work. It's like pirating Windows XP. Sure XP has elaborate activation schemes, but it's only effective on those who are willing to shell out the money in the first place. Real pirates will very easily find a way around it.
someone with a non-compliant browser let them know that they've been badly embarrassed on /.
The reason to be afraid is this: If the government stories are to be believed that we face imminent 'cyber-terrorism', this is exactly the kind of under the radar thing that will lay the ground work. Lots of stealthly data collection with future plans to deploy.
/. story will likely make it to major news outlets. Watch people fall all over themselves denying responsibility then:)
Whats worse is that no one seemed to care. 'Oh if its not costing a company money who cares?' Well here is the rub. YOu notified the company and the FBI. The company may now be liable now as they didnt take serious actoin. as for the FBI.. well they are too busy tracking down democrats in texas. *rolls eyes*
The upside is that this
These addresses are all registered (quite recently) to C2 Media Ltd.
CustName: C2 Media Ltd
Address: P.O. Box 1113
City: Shalimar
StateProv: FL
PostalCode: 32579
Country: US
RegDate: 2003-04-28
Updated: 2003-04-28
I've had quite a bit of problems with C2's spyware in the past. I did consulting for a number of small businesses and individuals and have uninstalled multiple different versions of C2's spyware in the past.
See: http://www.spywareinfo.com/articles/lop/
for a quick description of some of their offensive crap!
I would think that the local news media would be interested in a story like this, since ISP's are essentially local. Sure, they'd get the story wrong in most ways, but when the local TV station calls the FBI to ask why they are ignoring people's credit card numbers being stolen after being told about it, that would increase the likelyhood they they sit up and do something.
Might be worth a shot.
mahlen
If I am to speak ten minutes, I need a week for preparation; if fifteen
minutes, three days; if half an hour, two days; if an hour, I am ready now.
--Woodrow Wilson
Unfotunately, nobody cares when it comes to the consumer. About a year ago a new vulnerability in AuthorizeNet's billing gateway was discovered that would allow someone to submit authorize-only transactions knowing nothing but your AuthorizeNet username, which was often found embedded within the various forms of an online store. One of my e-commerce clients fell victim to this, and had over 600 $0.01 authorize-only transactions submitted in under an hour. Basically what this meant was that someone was using my client's account to verify stolen credit card numbers.
Going through my logs, I was able to get the IP addresses these submissions came from, the e-mail addresses the results were sent to (not sure why they bothered with that), and all information on every single card submitted. This included the card number, expiration date, and the cardholder's name and address. I contacted AuthorizeNet but they said it wasn't their problem. I called Visa and Mastercard but they just asked for a printout to be faxed to them (600 item spreadsheet 5 pages wide). I contacted the FBI and was referred to the NSA. I contacted the NSA and they said call back Monday since at this point it was about 6pm Friday evening.
I was appalled to find out that some identifiable hacker with an arsonal of valid cards was about to be given an entire weekend to sell or use them before anyone would even consider looking into it. I couldn't even get the credit card companies to accept the spreadsheet of THEIR customers so they could at least warn them all that their cards had been compromized.
I finally just gave up and destroyed any evidence of this fraudulent activity having ever taken place. With my luck, not only would the hacker get away, but I'd be the one in hot water for posessing that spreadsheet. It just goes to show you that nobody cares about the consumer.
Nice story. You need to dr the names so it involves CmdrTaco and Kathleen Fent, and make it be gay pornography, if you want it to be ontopic.
SSH should be modified to present X509 certificates and to check them against a list of known CA's just like browers do. Until that happens, its lack of authentication should be considered a gaping security hole.
You were not hacked. You have spyware on your computer. Good lord.
I'm sure one of the consumer affairs reporters at one of the TV stations in town would be interested in finding out that the major ISP in town is letting their users' passwords and other info get leeched.
They probably wouldn't touch the story. DNS is too technical, heck I'd have to explain this story to some of the support people I've worked with and then a few of them still wouldn't get it. Joe six pack doesn't have a chance, especially since they'd have to achive understanding in the few minutes the medium allows.
Bribe them.
Who told you that law enforcement is about protecting regular citizens? Law enforcement -specially in the US, is about protecting property and money. Your case means nothing to the FBI. My advice (if you want it): get a good firewall and stop using Window$
performing illegal male circumcisions, and various amputations in the DC area
They where interested in a recent out of country electronic CC fraud maybe this is something up their alley.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
If you have ever read takedown (written by the sys admin who single handedly delivered Kevin Mitnick to the FBI) you would know that the FBI is impotent to deal with such crimes. The best way to bring this person down is to not do anything, and to continue to track the person until you get the persons location, then deliver him to the FBI. The FBI is incapable of handling these sort of crimes.
Google, while not having a wealth of info on tdko.com, did have some useful bits: groups
I'd heard the name tdko before, I was pretty sure, in the context of a Bonza or Gator or something. They'll change your default search page in IE, etc, this sounds like just another dirty trick. I doubt they compromised the DHCP servers themselves, my guess is that some pop-up or spyware app changed your settings locally. If you did try it from multiple systems, well, they're several of YOUR systems, you may have visited to same site or installed the same spyware on each. I think eDonkey F'd with my default search page IIRC.
I like music
You are afraid that the hacker will notice if you submit the information via a compromised httpd, but find no problems at all about your story making the front page of Slashdot? /.
You'd be shocked to know how many times that I've been hacked and found most of my information on the hacker from their posts on
Just my wooden nickel.
It worked for fyodor!
He's probrably no fyodor. I mean, the poster of the story was probrably on at least one date in his life.
Yes, but writing a letter and sending it snail mail can take a couple of days for it to get where it has to go. And you are assuming that the CEO's personal secretary doesn't screen his/her mail. :P
Julie Moult is an idiot.
Simplify it without lying. Say that one of the ISP's servers has been cracked, and that this is allowing user passwords and information to be leaked. Give technical details at the end of the story, but keep the front part clear and simple.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Why did you expect help or any action at all from law enforcement? You're a consumer^H^H^H^H^H^H^Hcitizen, the laws are not in place to help YOU. The law is there to protect corporations and special interests. Now quit wasting our govt agencies valuable time and sit back down in front of the TV. No skipping the commercials, either. (wanna bet when THOSE laws are passed that they're enforced?)
Ignorance is the root of all evil.
I'm experiencing a problem very much related although somewhat on the opposite end. I'm a subscriber of a very large ISP in oklahoma - known nation wide. They have a buggy and or broken major service - that everyone of there customers use. I informed them of this, after about 3 hours of aguing with tier 1 support (pollitely ofcourse) that this is there problem and not on my end. I informed them, simply because I know what the possibilities are with somethien like this, and how bad things could easily get - for customers and them, I was playing the nice guy... Well, they have since done nothing about this - which occured about a month ago (the same bugy service is in place). I know from experience that if a possible security breach was brought to my attention - and especially if it was easy to fix, it would get hit right away... What's an end user suppose to - wait for something like the above to just happen?
Here are the local TV stations for St Louis. It probably a big "who cares?" to them. They seem to like stories about lost puppies and sick kittens more than real news.
http://www.ksdk.com (NBC #1 in ratings)
http://www.kmov.com (CBS #2 in ratings)
http://www.fox2ktvi.com (Fox #3 in ratings, good investigative reporters)
(ABC affiliate gave up on local news)
Tack on Charters accounting scandals for more ammo.
Those who can do. Those who can't sue.
I'm truly amazed that ...the FBI blew you off like this.
Silly boy, laws are for the rich. Not you and I.
So, if you aren't fortune 500, they don't even want to talk to you, huh? Looks to me like the law protects money, not people. Maybe we can see if Orrin Hatch wants to launch airstrikes against the offending systems.
I'm sure the powers that be weight the cost of investigating an incicent versus the value it would provide. In your case I would say the value is NULL and understandably your response has gone unnoticed. Hopefully in the future you will incure some damages, at which point you should be more pleased with the results of law enforcement. Good luck in your pursuit!
Heh, just thinking of my local Fox station - they'd have a field day with this:
::scary music/graphics::
"Have CABLE INTERNET? YOUR passwords are being STOLEN! CHARTER doesn't CARE! FOX 5 DOES! Story at 10"
And he probably isn't a wanker.
... and it doesn't have to be the New York Times, just get any kind of publicity. I'd be very surprised if you can't get your local TV news to run a story about this, if you tell them everything you posted. Of course, the idiots at the TV station will hardly understand a word, nor will they try, but they just love a story about eeeeeevil hacker pirate people and an unresponsive FBI. They'll run a story with pictures of computers in darkened rooms, with something that looks like the Matrix on the screen, and scary minor-key music in the background.
And some poor spokesman for Charter will have to go on the news and say some crap like "This incident will be thoroughly investigated" or "We take the security of our customers very seriously" or some similar horseshit. Either that, or the TV news dorks will say, with ominous overtones in their voice, "Charter Communications did not return our calls".
Then Charter will either have to do something about it, or they will suffer damage to their image and ultimately to their business. The latter won't help you much, but if it turns out that way, then you know for sure that you've got to stop doing business with them. And you've given them a little bit of hurt that they certainly deserve.
Always keep a sapphire in your mind
How do you know that the monitoring is without consent? Just because a first level technician didn't know anything about it?
These servers could have been placed by the ISP, or maybe its parent company, or even the US government.
I agree, local TV stations in my city Detroit, have lots of 'watchdog' programs. Like 1 per major channel. Thier is a reportor that goes out tracking fraud claims. 100% of the time the users are being ignored by law enforcement, and when TV gets involved all the sudden stuff gets fixed...
It's the job of your ISP to secure themselves, and to secure their network, and to contact law enforcement if they desire to. You want to do secure transactions, and don't trust your transport, thus you were unaffected by this when you wanted to do your secure transaction. If you don't like how your ISP is botched up, switch to an ISP with security. I can see dropping a courtesy note to the ISP informing them of the problem, but I can't see calling up the FBI, NIPC because you are the customer of an ISP that was hacked. Don't you have any better things to do? I work at an ISP and are scanned all of the time. I don't send messages to CERT or the NIPC or FBI though...if I made a call to law enforcement every time we were port scanned I'd be on the phone all day. I'm really not that concerned that there are people who want to make a use of capital that is unauthorized by the capital owners and their flunkies, and I'm definitely concerned enough to waste my time calling every spook in the book to report this UNAUTHORIZED USE OF CAPITAL!!!! Geez, even the FBI blew you off, that's pretty funny... what do you want, a junior G-man badge? Your ISP doesn't really give a shit either from what is sounds like. Isn't this telling you something? You sound pretty anal-retentive to me. If Phish starts touring again, why don't you go down there and try to spot people toking...you can write it all down on a little pad and deposit it at your local precinct.
Any decent sysadmin should AT LEAST be checking slashdot every few hours :)
When he sees his system up in the headlines, he may get off his warcraft game and get to paying attention.
Rather than calling the FBI and reporting your individual problem, perhaps it would have been better to focus on Charter's failure to respond to a reported compromise of their network. The FBI certainly wouldn't take immediate action based solely on assertions made in a single phone call. But, they could easily obtain evidence of a much wider and ongoing crime by contacting Charter and asking questions about their potential negligence.
It's being a bit optimistic to expect the guy answering the FBI phone after hours to know anything about network security issues, much less to roust someone at home on the basis of a single call. However, telling the FBI that you'd had evidence that a major ISP had been compromised and describing the impact may have provoked a response.
-- Slashdot: When Public Access TV Says "No"
I hate our damn system where everything has to be taken to court, but it sounds like you are out of options. Get somone from the ISP on the phone, and make sure to ask them for their first and last name. Then mention that you haven't gotten any kind of reasonable response to your issue, and how you wouldn't want it to have to degenerate to a small claims court case. Ask for their manager, and I am sure they will get them for you.
If you make them aware of the issue, and they refuse to respond to it, they are negligent. For crying out loud, you are trying to HELP them. Be sure to point that out, politely, of course. Make them realize that they want to resolve the situation.
My beliefs do not require that you agree with them.
Heard of fax? hand-delivery? overnight mail? The fast delivery problem is readily solved.
Secretary screening? In my experience, not many people are writing these types of letters, they're too busy working their way inefficiently up the ladder. Also in my experience, these letters get noticed and do make it to the CEO's desk or get otherwise appropriately addressed. Exceptions happen, I'm sure. But the method which was described usually does work best.
Every time I turn arround, the govt is making some dumbass policy decision for the "protection" of the general public, twice so in technology related matters. If I were in his shoes, I wouldn't want the law involved. They will surely screw things up likewise. If someone's busting into your house, and your'e about to shoot em, - ok then that would be a good time to call the police, otherwise I am very reluctant to put up with the incompetence. Not that law enforcement aren't good people (sometimes), but they are held accountable to different forces.
He should have just called his ISP, and if things didn't change in a reasonable amount of time, he should dump them, and perhaps warn others that he knows of. ISP's are a comodity nowdays.
Then, sue your ISP for damages for allowing it to happen.
In short,
Be victimized in a crack...
Be blown off by the FBI and ISP
Download free music
???
PROFIT!!!
Karma: Chameleon - mostly influenced by bad '80s New Wave music
When you can't get anyone to care, perhaps it's time to try out Tim Mullen's strikeback proposal. He wrote about defending yourself from worms actively attacking you, but I think shutting down a passive attack is worth contemplating.
You start with a call to the highest rated local TV station and ask to speak to the "assignment desk or assignment editor" (this is the person who sends out reporters to stories). Explain to this person that a local ISP has been hacked and that customer data, including passwords and financial data, is at risk and the ISP doesn't appear to care. Repeat until you find a TV station who takes the bait. Then take one or both of the courses of action below.
ONE: Call the ISP and ask to speak to the CEO. Tell them that their servers have been hacked, that their tech support was not interested in the potential for theft/abuse of customers personal data, and that you have reported it to the local media and will be running a demo of what is going on for the reporters. Ask them to be sure to have someone on hand for a phone interview with the TV reporters so they can explain why the hacking happened and what they have done to fix the situation. Get the name and number of the person the TV reporter should call.
TWO: Call the ISP and ask to speak to their legal staff. (repeat story you tell to CEO) Ask them who is the right person for the ISP customers to send damage claims to, and also ask them to have someone on hand for the reporters to interview to explain what laws have been violated and how the ISP intends to get the laws enforced.
I'm a law abiding citizen without a mark on my record, and I can still say: fuck the police
This is why the parent should be modded up. We live in a free society, a society where you can tell the authorities where to shove it, and not be abused for it.
No this doesn't solve the problem. The police system is overtaxed, and the entire judicial system in place was built with the purpose of keeping people out of prison and free. Because the system was built that way, people abuse it and push it to the max, and the only real authority is when the major crimes are built.
They might only have 2 people with credentials to dust for fingerprints, and homocides taking up their time. The whole system is overtaxed.
Call Dateline.
/.'ed it, some online publications are likely to take it up.
But the good thing is, since you
Public opinion and exposure can help embarass law enforcement that they turned the other cheek.
Though I could've sworn that the not-so-Patriotic Patriot Act is suppose to cover this.
I have 2 things that happened where the 'feds' were involved, and I can say from experience that this is exactly the response you will get from the feds for trying to do the right thing.
I have a dialup inet connection at home. Sux, but that's my only viable option at the moment. I stuck a 6.1 or 6.2 Redhat box on the modem and set it up as a firewall/default gateway for the other 3 (Windows) pc's in the house. The kids have to play online games, etc, ya know. I stupidly left the ftp server running for some reason. Worked flawlessly for 2 years. One day I came home and the box had crapped out in the midst of booting with a strange error. Finally got it up and things didn't even look right. Yup, I had finally had my first experience at being rootkit'd. Fortunately they had used a screwed up rootkit and it didn't like something about my system or the OS and it crashed on reboot.
I freaked out and called the FBI right away in case they wanted the box to 'collect forensic evidence' or something. The conversation went like this, and the money figure is the one he used:
"Hello, FBI"
"Hi, I got my computer system hacked into. What do we do now?"
"Uh, did you lose at least $50,000.00?"
"No..."
"Sorry, we could care less then. Goodbye"
My other story, and I was more upset on it, happened when I worked at the courthouse when the 'dad's'(or mom's) paid the support there so the court could track the payments, then we would deposit it and write our own check to the 'mom's' (or dad's) and mail them out. A person we sent a check to lived in an apartment, but had moved and hadn't given us his/her new address. Someone else was now living in the apartment where we sent the check. To top it off, the post office had mis-delivered the check to a different apartment in the complex. (I know, it is confusing) Anyway, the person who got the check didn't know that the person it was made out to had moved. This person, knowing it was a check for a substantial amount of money, went to the address on the envelope and told the person who (now) lived there that they would only hand over the check for a certain percentage of the amount!!! This person said she would think about it and immediately called us. At this point we have the perfect 'sting' waiting to happen, and all the authorities have to do is be present when the blackmailer returns to settle the deal! So I called the FBI and they said they didn't care, and I should call the postal inspectors office. So I did. This guy said if there wasn't 'thousands and thousands' of dollars at stake he wasn't interested in the least.
So here we have a real crime happening and no one cares, but when some kid goes out and knocks over a few mailboxes they throw the book at em. Those two events alone were more than enough to tell me to NEVER trust the federal gov't nor rely on them to do the right thing where individuals citizens are involved. and this was all before that moron Ashcroft got in charge. (who is unfortunatelly from my state, and boy were we glad to get rid if him, or so we thought!)
(Stolen sig) Remember: it's a "Microsoft virus", not an "email virus", a "Microsoft worm", not a "computer worm
Send it to charter. List at the end the OTHER people to ewhom you are sending it, and you'll need to send them all snail mail, with the two (yes, two- one to the folks you spoke to, one addressed to the CEO, which will be read by a secretary and passed on to someone whose job it is to keep these things quiet) to Charter certified mail, return receipt requested. Those others will go to:
Your US congressional reps- both houses, whether you voted for them or not; (i'm assuming you're in the US, if not go for the nearest equivalent of these)
The Better Business Bureau;
the state attorney general's office
the FBI office that you contacted;
The FCC;
Anyone and Everyone whom you think might be interested, NOT counting the media. Why not? Because you want to be able to prove that you gave them a chance to correct the problem before you take it further. You are certainly allowed to suggest that it might be possible, but mention first that you need a written response from them telling what they plan to do about this (tell them what you want this to be), and mention that you will seek the assistance of a lawyer if this clear threat to you as their customer is not immediately remedied.
Keep a copy of the letter. Offer to send supporting evidence AS SOON AS they have officially begun their remedial actions and you have received initial results. (or you may wish to send it sooner, at least the info that you feel comfortable having random secretaries seeing.)
IANAL, but I have good reason to recommend this method. Incidentally, it works for a LOT of customer issues, and you have to be sure to send out copies of follow-up letters to the same set of people. Make sure to document hours spent working on it, and all the people whom you've spoken with and when. Media is for after their failure to remedy the matter after 1 letter, just add it to the CC list. You might try writing the second letters as two- one to the company, one to the attorney general or congressional folks, and the other to the company, and include copies of both in the envelope to the company. Their failure to help is against entirely different laws. Use the words "acted in bad faith."
be persistent. It helps.
"I'd say 'Have a good time,' but arson is still illegal.
... like you covered all the bases you needed to cover. I'd start contacting some of the tech magazines (Wired, etc.) and provide them with everything you've got. Cast some negative light on the FBI's and Charter's lack of interest in getting involved. If charter has a user group (like Road Runner does at http://groups.yahoo.com/group/cable) I'd post it there as well. One of RR's top support guys frequents that group and has gotten the ball rolling on more than one occassion.
Drawing any negative publicity to this is likely the only way to get it looked into.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
I've tracked down fraud for a similar small telco company situation. We normally shut down credit card fraud accounts and just suck it up; it's not over the FBI $5,000 threshhold. However, early on, before we were more familiar with fraud patterns, we got some fraudster making calls to Afghanistan, Pakistan, Syria, Saudi Arabia, Greenland(?), etc.
Slightly paranoid, we passed the phone numbers and IP information onto the FBI to double-check that there weren't terrorism connections. The FBI were actually pretty prompt about communicating back and forth; hours and days, not weeks. And they were reasonably technically competent based on my minimal interaction.
The phone numbers called didn't match any known 'questionable' numbers being screened for by national security folks, and the jurisdiction got confusing because the fraudsters were routing through some hacked systems in Germany so we mutually just dropped the issue and soon enough the fraudster quit coming back after we blocked him enough.
It seems to me like the rule with the FBI is that $5000 of monetary damages must be done before they even start to give a sh10t. A nice laptop/desktop is well under that amount as are many things that a h4x0r might want. Seems to me like the FBI is just asking for a bunch of fraudulent $4999 computer equipment purchases or whatever. Or maybe someone is just sitting around right now working on a system to hit up every company they can find and do just under $5k of damages so that no one can do a thing about it.
I know there's probably something that makes this not work but it's still seems stupid that the FBI sets such an obvious line for criminals to fall just short of and it's fairly high, I mean I know plenty of people who would consider the risk well worth 5K if they had the skills to pull something like this off and some of them are close to being that talented.
-Tim Louden
An advantage of paying taxes is public services. Pay more taxes, (hopeful) get more services.
No internet taxes equates to no internet law enforcement. Instead we get traditional law enforcement that don't have the same values or boundries that the internet has.
Now after saying this, I've not seen any internet tax proposal that was more than just a money grab for some local government. And each such money grab did not offer the adding services to the internet.
What would be nice is if a large group of ISPs worked together to create an internet "law" enforcement agency that actually cared about catching hackers and stopping them BEFORE damages are done. For each of us it would only be a few more dollars per year in ISP charges, and we would gain an agency that did care about OUR interenet security.
I am living proof of the Peter Principle
Dude, this is Slashdot, for Chrissake. FBI are the bad guys. The guys hijacking the web servers were just free software guerilla fighters, protecting the right of information to be free!
Sheesh. You mean you prefer Big Brother to take care of this "crime", thus violating your basic civil liberties to get robbed?
Turns out the moron just downloaded some spyware. No one's DNS got hacked, but everyone got good & riled up.
That means:
a) he makes fyordor look like Cassanova
b) he IS a wanker
You guys are all doorknobs.
Of course Linux detects ARP broadcasts, otherwise you'd never to be able to talk to other machines on your local subnet! (Making you one very lonely pr0n surf3r)
I don't know why BSD bothers logging ethernet address changes, probably because Timmy O'Tool is a paranoid little dude.
The fact that the ISP gateway's MAC is changing probably means that you have a moronic ISP. Either that, or that a box on your local subnet has been compromised and is trying out a clever spoofing attack -- which would leave your internet service sporadic at best until they killed the real gateway.
Do daemons dream of electric sleep()?
The problem with "working up the ladder" is that you're dealing with folks who are just cogs in the machine. Either they're hemmed in by procedures, or they afraid to stick they necks out. Probably both.
Of course, it's still likely that whoever you get in contact with will just blow you off. That's especially true if the company has legal exposure. (As an ISP in this situation certainly would!) But at least you'll know that people with actual decision-making powers are aware of the problem.
If you must use Windows, then I fail to see what the point is in getting in your snide comments about the thing not being secure. If you're using Windows 9x, then you deserve whatever it is you're getting - if you're using Windows 2000 or XP then you're just plain stupid. Windows is as secure as you make it, just like any other OS. Using SSH doesn't make you any more 1337 if you don't know how to secure your computer(s). It just makes you look even dumber.
Of course, if this is indeed a case of spyware you let into your computer (because they hardly get in any other way), then not only are you stupid, you're just plain retarded, and you're strutting your stupidity in front of a few hundred thousand people.
OTOH, if someone did indeed hijack your ISPs DNS, then using a router and NAT with the IP addresses of the DNS servers hard-coded into the configuration would have saved you from this. If all you have between the cable modem and your PC is a piece of CAT5, you also deserve to be clobbered.
This may be harsh, but I have no patience for people who like to assert that Windows is unsafe when they really don't know what they're doing.
...in the attack. You didn't say the magic word:
TERRORIST!
Ed Wedig
Graphic design services
docbrown.net
One opinion you'll find in the incident response community is that you should already be on a first-name basis with LEO's before you need them. In other words, good old American know-who.
It can also help to have an amibitious prosecutor who wants to make front page news with a computer crime case.
and remind them that a simple google for ISP hack reveals that ISPs have spend hundred of thousands of dollars cleaning up after a penetration, and some closed shop *permanently*.
Charter is a big company. I know lots of people who may have been hacked in the past two days if this happened around here. What state / city are you in?
What you say is technically true, but ssh1 users are still vulnerable to man in the middle attacks even if RSA user authentication is used.
The attack relies on an incredibly non-obvious flaw in the ssh1 protocol which was fixed in the ssh2 protocol. While an attacker cannot get your passwords using this attack, he can interpose between the client and server and intercept all traffic for that session. The error message saying the server host key has changed is your only clue that such an attack is going on.
You can read about the details in this paper. Unless you are using ssh2, you should be very wary of sudden changes in the server host key, even if you are using RSA authentication, and even if you appear to be connected to the correct server.
I can tell you have never actually done this.
Well, I have. Law enforcement will follow up
by telling everybody that you went over their
heads and to the media *before* calling them,
and that if you had contacted them first everybody
would be warm and fuzzy.
And guess who everybody will believe? And guess
what happens the next time you try to contact
ANYBODY.
Good luck. The police and the FBI know better
than anybody how to lie and get away with murder.
In Los Angeles, the Rampart police division is
so corrupt they are losing officers to indictment
almost weekly... and the DA's office has a 100%
record of never questioning a statement by any one
of these indicted officers when they were busy
racking up their fraudulent arrest reports, even
when they were patently ludicrous.
And you tink these "people" want to help you?
The first thing to realise is that the NIPC is no longer an entity. What you really want to call is Homeland Security (dhs.gov under Threats and Protection). The second thing to realise is that although Charter's 'frontline' staff don't want to hear about it, get in touch with ANY sysadmin there and I guarantee the shit will hit the fan. It's all about actually getting hold of somebody who might actually give a shit about their companies servers. Something Cliff Stoll details very well in that excellent book plugged earlier :)
Google is a good start, and although often somewhat outdated, the list of NOCs at neither is useful (http://puck.nether.net/netops/)
Step 10 should be: realize about 30 seconds before Charter calls and threatens to sue you for posting unproven accusations, that you were a victim of C2Media's spyware.
Step 11... loss!!!
(See here for more info)
Poor Heeltoe. I'm sure he thought he'd be seen as a whistleblower, etc., but now everyone will remember him as a classic example of someone who calls tech support and blames the problem on the ISP, when it's bad software on his box.
Get off my launchpad!
Then for good measure, call the BSA and tell them all kinds of copyrighted warez are being served.
The police? They're a government entity. In the USA, we have learned the private sector gets things done.
1) Book Mark this site. This is the first and best place to go when hacked and is a great source of education in general for victims of hacking.
2) You're right about the FBI. They are very limited in their scope of assistance. The only other victims they would take immediate action with are attacks on other State, local or US governmental sites (ie. State Funded Universities, Governmental offices, etc.)
3) Scan your logs on a regular basis.
4) Check this link out. This is the NSA'a recommendations on how to hammer down Cisco Routers, Windows 2K, XP, and NT4 Operating systems. These should be used as a guide as following all the steps in this manual would turn your machine(s) into bastion servers.
5) Be Prepared for the ISP not talking to or Working with you on this issue. Prodigy, Qwest, and Sprint used to be and in some cases are REALLY bad at this.
Dolemite
______________________
Save the World! Use a Quote!
Try calling the your state police. Don't really know if it will help, but what you have just been through it couldn't hurt to try.
I don't suffer from insanity, I enjoy every minute of it.
The location of the paper is here.
(damn google for giving me an old link)
I've found that many spywarez install a hosts file, over your original file, and clocks in at almost 1MB. This may also be a source of your problems.
I always ssh to 192.168.1.13, which works just fine, and I don't use proxies, the larger concern is that an important, but a vestigal service got hijacked, namely dhcp.
Don't wait around for law enforcement. When someone lift's your wallet, whom do you call? VISA or the FBI?. Perhaps you need to learn from this hijack, don't go nuts, screaming rape... Fix it!, put in static IP's, don't use a proxy unless you control it, after all, your ISP could be lookin' at your passwords, and cookies etc. Use SSL and SSH, and know what's going on. When something goes boom, fix it.
File it under P for "Paranoia", but a worst-case scenario is that you stumbled onto the FBI's own hack job.
There could be a whole bundle of subpoenas giving them permission to monitor all communication on Charter's server... or Charter could have simply pointed an FBI agent toward the server room door and given him/her the key. Either way, you have no way of knowing that Big Brother is watching you.
Hopefully, if it's the feds doing the hacking, they're looking for something or someone in particular. Where a hacker might dig through all the transmissions that include 16-digit numbers, the feds may be looking for all requests that include a particular email address. Let's just hope that it's not *your* email address.
Or maybe they've got the digital signature of a prosecutable image -- if it comes across, they check out who it went to and who it came from. You'd better hope you hit the "back" button in time! Of course, you have the 4th amendment to prevent anything they discover from being used against you in court... but that doesn't keep them from using what they find out "off the record" to get "on the record" evidence they can use.
I'm not terribly concerned about the feds (or other gov't agencies) using such a hack to compile a dossier on every Netizen, simply because 1) the signal/noise ratio is too low and 2) the government's built-in inefficiency is the best guarantor of our continued freedom.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
See http://www.pacroot.com/main.shtml bypassing your ISP's domain server and find web pages on the net nobody else sees. Set your DNS server search order to 208.179.42.162 204.107.129.2 12.28.140.20 in that order.
Dammit, I'm trying to post an analysis of what I found about about these systems, but slashdot keeps punking me whining about garbage like junk characters and too few characters per line. I freakin give up.
Slashdot editors: Rely on moderators to cut down on problems like this, not catch-all algorithms. sheesh.
-R
Just contact the RIAA and let them know the ISP is being used, by these hackers, to distibute millions of dollars of copyrighted digital content.
Problem Solved!
Folks, this isn't flamebait, it's the truth. Moderators, do your worst.
I love all the "I hate the X&!#@ Cops!!" trolls that inhabit this place; youthful rage directed at "the man"... with no concept of what it would be like to live without them.
Here's my challenge to all those who hate the police so much: If you think you can do their job so much better than they can, go help them out. I'm serious... this is a put-up-or-shut-up challenge. I want you to spend some time in the belly of the beast.
When I was a teen, I didn't like cops... but a funny thing happened to me on the way to my current job, I became a police officer, and it's got to be one of the nastiest jobs in the world. As a doc, I deal with drunks/pimps/bangers/dealers all the time, but thankfully they are usually cuffed and/or exhausted by the time they get to me (and some of them STILL fight... ER workers get assaulted all the time by these types. Fortuntately, the pharmacy is mighter than the sword). I deal with them, but I have a full contigent of burly guys +/- drugs to help me out... taking them on mano-a-mano on the street is a very different scenario. I take care of the bad people, but I also take care of the cops that get hurt fighting them. BE THANKFUL cops are out there... you don't even want to know the kind of sociopaths cops deal with everyday, for pretty low pay. You want to live in a world without cops? Go ahead, but be prepared to do your own dirty work. Think you've got what it takes? You'd better be right, because you're betting you life and the lives of your family on it.
Yes, I can hear the "boo hoo! poor cop! go eat more donuts!" trolls now... save it. You trolls can scoff all you want. Feel free to live in your "no cops" world... sounds great on the surface... but getting your ass kicked by some gangbangers when you're walking home from the LAN party some night might change your tune.
If you've got a beef with the "racist, motherf*cking police" and want to change things, then quit complaining and start working. Learn something about the police... volunteer some of your time (it's called community service; look into it). Go to a reserve police academy and get sworn, do some ride-alongs, or donate some of your 3l337 technical skills to their investigative unit (maybe they need computer forensics help).
Try to make things better instead of indulging in typical slashdot cop-bashing... in addition to the satisfaction of helping out your community, you might be surprised by what you learn.
What have you got to lose? Do it.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
My other server is your Linux box
how much damage do you think the poster caused to his ISP's brand by crying wolf and claiming the DHCP server was own3d, instead of realizing he had been duped by some windows spyware?
i hope charter does not call the FBI, cause my suspicion is that is way more than 5000$.
Dev elpizw tipota, dev phoboumai tipota eimai lephteros http://euclidian.org
Here's how you remove it:
LOP Removal
Excerpt:
Lop masquerades as an mp3 search engine. It is capable of:
Hijacking your starting page
Adding the Lop Toolbar to Internet Explorer
Adding the Lop Toolbar to Windows Explorer
Causing frequent Windows Explorer & Internet Explorer crashes
Popup advertisements
Adding Lop links to your Bookmarks (Favorites)
Installing software on your PC without your consent
Tracking your site visits and reporting them back to Lop (for advertising purposes)
Now where's my check for the 5 minutes that it took to google for this? Your question of "Why doesn't these agencies handle these kinds of problems?" is ironically answered by your real issue. The FBI is not your local computer repair shop.
I would run a program like Ad-Aware to remove any other spyware that you have installed. And next time that you're "hAx0r3d" go to google and search for "hostnamethatisHax0ringme.com spyware"
"If someone took the time to call/write our CEO, they must be really frustrated. This can be one isolated incident, what happened to everyone who DIDN'T call? This is loosing us money!"
This same logic is used by Congressmen. If one person cares enough to write there "must" be other people out there who didn't.
The policy of the United States is worse than bad---it is insane. -- Ludwig von Mises, Economic Policy(1959)
He didn't actually get blown off. They said they'd look into it. But unless he put a ticket in, they have no way to get back to him. Every person that calls tech support thinks their issue is a priority. Which is why they don't want you to talk to a real live expensive tech person.
I think the submitter should cool his jets and post the story after they've had a chance to look at or ignore the problem. Give them a chance to get it resolved. *Then* go to slashdot/tv/radio/newspaper if it's still a problem.
You could always post a message on the CHTR Yahoo stock message board
If customer unrest doesn't bother them then perhaps investor unrest does...
The BSDWall project already done most of the work for you. Assuming that you have an old pc with a couple of NICs in it and a broadband connection, you should be able to build your firewall in an hour or less.
"bsdwall" is a Perl script that turns an OpenBSD box into a working firewall. The site includes
One minor quibble: bsdwall works properly with the latest OpenBSD (3.3), but the install instructions on on the BSDWall site are still for 3.2. Just substitute the 3.3 install floppy for the one mentioned on the website (or buy a CD) and remember that the prompts on the the screen won't exactly match the website's directions keystoke-for-keystroke.
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
Don't blame the cops. Some are good, some are bad - just like everyone else. They are not the problem. The problem is the lawmakers and administrations who try to create rules to dictate morality and/or earn extra cash. Neither of these is a good use for the law. Laws should mitigate the risk of harm to the general public, and/or seek restitution for actual harm done to persons or institutions through intentional action or inaction. Very few laws do these things. Most just waste our time, take from the poor and give to the rich, enforce someone else's standard of morality (Such as the good old "war on drugs" or censorship.) If lawmakers would stop stealing our money and wasting our time with frivilous rulemongering then the cops might actually have an opportunity to "protect and serve" rather than acting as glorified paramilitary drug enforcers.
hi, ... just my 2p ...
I have had (and am still having) to contact Comcast's technical support for their customers' machines that are infected with Nimbda and are attacking my web server. Ideally, these systems are violating Comcast's (and any ISP's) Acceptable Use Policies.
So, I first was just sending an email for each day's activity to their typical complaint email (abuse [atsign] isp.net) and receiving the automatic response. I figured I could build up a history of reporting before up'ing the ante with my provider.
After a month, I started calling technical support. This basically got me up to tier two (since no one on tier one knew what I was talking about). Later, I got more long distance numbers for internal Comcast contacts, but which, in reality, went no where or to a pre-recorded message.
Next, after two months, I filed a better business bureau (bbb.org) report. _This_ got their attention (when it eventually found the right department). I now have one tech and the tech's boss assigned to my problem. So, now I send my daily (ok, so, I dont send one every day, just one for each day's activity) acitivity to the default abuse line and to the two other people.
Actually, this has been effective. I went from seeing from 500 to 1200 hits a day from Nimbda infected machines to less than 300 a day (on average). There was even a day when it was less than 50, but I found out later that one of their network nodes went down.
sTc
Most things worth doing are worth doing twice. -- me I think or was that my boss' methodology?
I agree with your point of view... part of the reason the police get so jaded and unresponsive to smaller crimes is that THERE IS SO MUCH CRIME. If people in general would get their acts together and NOT COMMIT CRIMES, then there wouldn't be as much reason to say "F*ck the Police!".
Remember, it's not the cop's fault that there's so much crime. It's everyone's fault for not creating a decent society to live in. That's the real problem, and there's no easy solution that one person can spout off. This problem actually requires WORK and EFFORT.
Bah. It's much easier to say Fuck the Police.
Fuck the Police.
My husband is white. Obviously white. However, he shaves his head, and has a goatee. For a time, we also drove around in a 1979 Olds Cutlass, one of the cars Latino gangs favor.
For the time we owned the Cutlass, my husband got pulled over on a regular basis.
The M.O. was the same. Richie gets pulled over. He is instructed to put his hands on his head. The cops eyeball the car, then finally check him out. The blue eyes are a dead giveaway that the person they pulled over does not "fit the profile."
The cops then go into a very embarrassed hemming and hawing dance. "Terribly sorry, sir, continue on your way, have a good one."
I dread to think what would have happened had Richie actually been Latino. We now drive around in a beige Chevy Nova '86 (basically a Toyota Corolla) and he hasn't been pulled over since.
Lousy fuckin LAPD...
Knowledge is power. Knowledge shared is power multiplied.
...they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars.
That explains it. $ I used to think the world revolved around love (when I was a kid), but the sad fact is money is the key to the equation. And, even *if* you were a company that lost thousands of dollars, it's not a bank, and would probably not warrant any further investigation.
Kevin Mitnik was arrested because the companies were embarrassed that they were so vunerable - they had plenty of clout - both monitary and political, thus they were able to make Mitnick look like a total criminal to politicians who, in turn, were able to get the FBI more involved. You know, I'm almost positive that's the procedure for any LARGE company... the CEO talks to the Congressman, the Senator talks to someone else, and a new Public Enemy #1 is created. Beware of the upcoming Patriot Act II ! You could be next!
Personally, I'm surprised that you actually thought you could get some 'action' out of the FBI. Yeah right... like the enemy is going to help. They work for ever has the money or tells them to from up high... we, the serfs of cyberspace have to do all we can to take care of ourselves. That dosen't meant we can't help each other, but it just means we have to be ever-vigilant and more resourceful than ever.
Just remember, this government is doing nothing to help you and corporate America is figuring out how to pay you less and make you work more - blood from a turnip!
Good luck finding the perp,
young Sherlock!
anon, but not really - who is really anonymous?
Heh, just thinking of my local Fox station - they'd have a field day with this: ::scary music/graphics::
"Have CABLE INTERNET? YOUR passwords are being STOLEN! CHARTER doesn't CARE! FOX 5 DOES! Story at 10"
HAHAHA. I assume you mean Fox 5 in DC? That is exactly what they're like. They're so ridiculously sensationalist it's not even funny. I take that back. Sometimes it *is* funny.
I haven't read any responses yet... and maybe this has been asked for...
But can we get a follow up to this story in the next several days, weeks, months?
I would say that the vast majority of us operate from ISP provided DHCP and other services. Seems like many many of us could be vulnerable to this type of an attack...
And of course since it's just been posted on slashdot every kiddie and his brother will be trying to do this on mom's cable modem.
There's no shortage of investigative reporters or broadcast stations in St. Louis.
Channel 2 - KTVI - Elliot Davis
Channel 4 - KMOV - Jamie Allman
Channel 5 - KSDK - They have the n00b reporters do the investigative stuff
Channel 11 - KPLR - They have hot anchorwomen. I should watch more often... mmm... Melanie Moon...
The other three other stations in town don't do news. And of course, Charter will probably black these reports out...
Incorporate yourself, claim that it has caused you emotional and financial damages of over 100,000 dollars and then call the FBI.
just trade an MP3 and wait for the RIAA to contact the FBI for you!
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
For all you hacks out there that ever wondered if you would get caught doing this, here's your answer. Have fun. But whatever you do, do more than $5,000 in damage.
Because maybe then somebody will listen.
.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
True, snail mail will take a couple of days, but it will get there -- a phone call might not.
If the issue is important enough to you to spend a few bucks on, send it Priority Mail or FedEx or equivalent. Not only will it get there faster (especially FedEx etc), it will be perceived as More Important and less likely to get hung up with a secretary.
-- Alastair
Hope you didn't give them you're /. user id and pass.
The FBI is going to ignore anything unless you allege that you lost $5,000. In the real world, unless you see some fraud on your credit card after theives stole your number off your computer, they probably aren't going to care. Also, if someone uses your computer to attack and damage other computers (or even deface) that might get their attention. Here's the main collection of federal laws that apply to computer crime.
http://www.cybercrime.gov/cclaws.html
And here's the primary criminal law that applies:
18 USC 1030. Fraud and related activity in connection with computers
(a) Whoever--
(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y.[(y)] of section 11 of the Atomic Energy Act of 1954 [42 USCS Â 2014(y)], with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--
(A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
(B) information from any department or agency of the United States; or
(C) information from any protected computer if the conduct involved an interstate or foreign communication;
(3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5,000 in any 1-year period;
(5) (A) (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)--
(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $ 5,000 in value;
This is definitely spyware (lop.com). But I think there is a more serious issue at hand here. Isn't the spyware maker liable under Federal wiretapping laws? You might want to contact someone at the FCC.
So see...don't you feel better? I know I do
If the FBI won't listen to you, tell your news agency that terrorist hackers are trying to steal credit card numbers from people in the area to fund terrorism and that the FBI refuses to investiage...
--jeff++
ipv6 is my vpn
The last few weeks of school someone hacked our dns servers and started redirecting people who wanted bestbuy.com and a bunch of other sites to one of those generic cybersquater spam search sites.
Don't be. Serious threats get blown-off all the time by law enforcement and business. Sad, but true
You need to read Clifford Stoll's The Cuckoo's Egg. It is an amazing account of how he helped track down the Hanover Hacker (a paid Soviet spy).
The FBI blew him off too, at first. He discovered a hacker was moving through the UC Berkley computer systems at will and using it to crack other systems. He discovered this when he was investigating a 75 cent discrepancy in the departmental billing for computer time. The FBI told him: "don't call us unless it is at least $1 million in damages". Eventually he convinced one agent of the seriousness of the problem (HH was using Berkley and other systems to try to crack DoD systems). Over the course of 3 years, Stoll was instrumental in helping the FBI/CIA and others crack one of the biggest international computer spy rings ever. Stoll was a grad student in astronomy at the time. Great book. Oh and he threw in a really good chocolate chip cookie recipe too.
Get the book, you won't regret it.
I.V.
"These laws they're passing won't even compile anymore, let alone execute." - anon
He just needs to deliberately let a password be stolen, and then sue Charter for damages for not responding to his complaint by securing their server. Corporations are only motivated by money, so it only becomes a management concern when it affects their bottom line.
Calling Visa would work great too, but I wouldn't want to go so far as letting my card get stolen just for satisfaction.
The law isn't to protect you and me, it's to protect the people who pay the lawmakers....corporations. I gaurantee you if someone hacked into your PC, stole your credit card, and charged $1,000 to it the FBI wouldn't do sh!t. Factor in as much money as you want for your time in tracking it down. They wouldn't care, because you are not onpayroll at a corporation, so the damage is minimal. Money talks, same as always, and corporations have more of it than an individual. Now if you were a multi-millionaire and actively donated to political funds. I bet it would be different.
"The saddest words of mice and men, are not those which were, but should have been."
(just heard on a regional FBI phone system):
We're sorry, but all FBI agents are currently out pretending to be 11-year-old girls, dressing like britney spears, sitting in chat rooms and entrapping pedophiles. Please leave a brief message of your crime after the tone...
I am sure if you contacted the RIAA, and told them your collection of 5,000 mp3's had been taken, and are now being illegally shared around the world by the crackers, you wounld get some immediate results.
Who is the master of foxhounds, and who says the hunt has begun? -Pink Floyd
While you may think im joking i am serious.
None of this stuff is to protect the citizens. unless you are a large corporation or an elected official you are out of luck.
Im surprised they even talked to you at all personally. Even small companies have a hard time getting any help, they are too 'trivial' to bother with.
Not saying i agree, its just reality.. they DONT CARE about 'us'.
---- Booth was a patriot ----
I've had nothing but good experiences when dealing with the police and various government agencies (not law enforcement, though). IRS, EEOC, BXA - all have been very helpful. The one time or so I've had to deal with the police (because someone clipped my car, stopped, ran, etc.), two cars showed up instantly, and they caught the guy hiding in some bushes in a side street. True, police are generally nonchalant about incidents, but to a law-abiding person a big incident can really be a small matter in the larger scheme of things. If the police ran around frantically, getting emotionally involved in each incident, they'd be worn out by month end. The vast majority are professional, and I believe they care, but they deal with the cesspool of society all day.
Then simply file a tech support report which does not describe the problem in a way which would inform a listener, and mention the above name and password so that person can brief someone inside the office.
It means what we already knew: That you as a single person are of no value to your government. This is the real world in which corporations can get tax breaks, get away with multi million dollar fraud, sic the feds onto you for sharing an mp3, sue you for your life's savings and the world in which you are powerless. It's exagerated but this is why communism was so popular in the early 20th century. The commies promised to put the rich fuckers up against the wall and shoot them. (They did this of course, but thereafter they were the one's treating you like shit)
...and perhaps you should check your hosts file in c:\windows\system32\drivers\etc as well ;)
The next time you think big business and globalisation is fine and that those pesky anti-war demonstrators should get locked away, think of this again.
I know this is redundant, but it needs repeating since almost no one has paid attention. This really looks like spyware. Try going to http://www.p5115.tdko.com and see for yourself. I'm sure you recognize these sorts of sites. Notice that all links go to lop.com. A quick goolge search will reveal this info about lop.com.
It's no wonder nobody took him seriously. Sorry guy.
Do I contradict myself? Very well, then I contradict myself, I am large, I contain multitudes. -- Walt Whitman
1)If you are/were due a refund there are no penalties. If you owed you would have received a bill for late filing late payment and interest.
2)The Pitney Bose meter is not a valid proof of mailing- for exactly the reason you describe. Only the official rubber date stamp at the post office(and now UPS, and I believe FedEx)
So report this problem to all those financial companies with which you were going to communicate, as they might push it back out to their law enforcement helpers. If your data did travel through the trap, say you need fraud protection. If your data is not at risk, tell them that you can't do business with them due to this problem.
If there is another ISP, start switching. Tell your financial institutions you can't do business with them online until your switchover is complete. Even if they don't think your activity is worth much worry, they may be concerned about how many other people are doing the same thing -- and increasing their costs by requiring more manual processing.
Or if a federally-protected financial company is involved, report your problem to the FBI as a financial fraud issue. The FBI and local police get involved in bank robberies (although the FBI has cut back, multiple banks being affected should help get their attention).
Or report to the federal, state, and local authorities who protect or enforce those institutions. SEC? Federal Reserve (money exchange)? Federal account insurance? Bank's insurance company?
Did any of your financial institutions issue you a card with the logo of a credit card company? Report to that company that their service is in danger from this source.
This is something the poster of the artical downloaded. It's from C2 media Ltd. For a description on it, go to http://www.gowron.org/lopvirus.html
is it possible that charter was not infiltrated? and that they intentionally are pointing all their customers at lop.com's servers? if this were the case, i wonder if any laws are being broken at all.
There are so many, many items I'd like to refute in this discussion. Arrh. I guess I'll start here.
/. crowd. This theory is stupid on so many levels.
Shut up with this insane law enforcement hacker bullshite. If you are joking, I think your humor is a bit too dry for the
First, if the Feds wanted transmission records on somebody, you better believe they would just make Charter monitor the individual(s). They certainly would not fscking hack Charter's DHCP server. With the Patriot Act and legal precedent being set (like Verizon), it's getting more and more common for ISP's to cooperate with law enforcement quickly and quietly. (I have no hard facts to support this statement, only common sense and grapevine knowledge.)
Second, let's pretend that the FBI was hacking into ISP systems, and quite poorly might I add. Do you really think the lackey's answering the phones after hours are going to be in on this covert operation? Somehow I doubt it.
I'm not saying the US federal gov't doesn't hack into corporations and personal computers. In fact, from my understanding they definitely are penetrating selected systems. I just find this kind of paranoia and alarmism ("Let's just hope that it's not *your* email address.") repulsive.
Sorry for attacking you so much. It's Friday at 4:30 and the project lead just walked in to my office to tell me that I'm going to need to come in on Sunday to finish this fscking data conversion for Monday morning.
Depends on the size of the organization... With Charter that might work, but with a smaller company, the same tech. support rep that you spoke with is just going to have to look into the issue again and with no good will toward you for cutting him out of the loop. The appropriate approach is to ask for the Tech. rep's boss, and then his boss, etc, and stay on the line till you get an answer that you like. If you are persistent in the beginning the issue will get resolved much more quickly than if you mail something to the CEO. It will also prevent some unwitting tech. support guy from getting blind-sided by an issue he thought was resolved. Going to the CEO should be a last resort. I know for a fact that people who write letters to the CEO without making a good faith attempt to go up the ladder usually get written off as reactionary, over-zealous, and lacking perspective.
I can sit here and link countless stories of Police planting evidence, shooting innocent people, crashing into innocent people, lying in court, etc ... but instead I'll sum up the main problem, there's no oversight. The only time there is oversight is when things get so out of hand a Federal board is appointed. Internal affairs is a joke, they'll do their best to protect an officer unless it's a blatant unhideable act.
There needs to be a civilian oversight board to watch the actions of these cops like a hawk.
What he said :)
Plus you might want to read The Hacker Crackdown: Law and Disorder on the Electronic Frontier by Bruce Sterling as well.
Both Stoll's book and Sterling's are informative and fun reading.
You've got to wonder what all these Federal Justice employees do with their days.
Before I started my low-cost cruise missile project, I emailed the FBI and the relevant defense program, letting them know what I planned to do, offering to take on board any suggestions they might have and making my objectives quite clear.
I got no response at all, save an automated acknowedgement from the FBI.
After the project captured the media's attention and got broadcast around the world, the authorities stated that they weren't happy and that my actions were "unhelpful."
Well excuse me! Don't these people read their damned email? If they have a problem with what I'm doing why didn't they simply contact me in the several weeks between when I notified them and when the media picked up the story?
However, in the wake of the media-coverage and the authorities' apparent dissatisfaction with what I was doing, I sent a follow-up email to the FBI (using the contact form on their website) and the relevant defense agency.
Guess what -- still no response.
Has a stack of Federal donuts fallen over and crushed everyone responsible for dealing with incoming email or something???? Or maybe it's just easier to moan about things than actually do something about them.
Sigh!
until some business is impacted significantly. That is one of the more elaborate attacks I have heard of, and it looks pretty large scale as well. I'm not an expert on the FBI's policies, but I dont think they would even consider looking into this until after significat damage is done. I'm guessing you have been here: http://www.cybercrime.gov/reporting.htm to report a 'cybercrime', and were directed to another gov. agency, who could care less. Its pretty funny that the tech support people asked you to go file a ticket with their site. Thats just dumb. Calling them should start a ticket right away. Any security issue should be reported up to the sysop, who should take some action if they value their job at all. Most of the time I have found that many employees of big ISPs are technically inept and don't put much effort into dealing with problems. I have been a customer at a few service providers who went very quickly into chapter 11 after finding out about an attack like this too late. One was kind enough to inform us that attackers gained access to all of the Miva merchant accounts (online store, credit card info, etc). I was glad we were using paypal at the time.. Your ISP will probably realize too late that they are about to buy the farm.
TallGreen CMS hosting
Well, thanks for the warning. Highly unlikely, but if I'm ever in a position to do business w/ Charter Communications, now that I know they couldn't give a flying fuck about security, I'll be sure to stay the hell away.
[o]_O
That the guy who stole your camcorder proably stole a few more or other items that equal more than 500.00 total. And he gets away with it.. Nice.. Perhaps its time to change jobs...
i would love to see if this strategy plays out cause it's the best one i've heard thus far
;)
i myself have talked to the fbi (once as a victim, once as the falsely accused and indirectly ie through my father that last time)
and have been the victim of extended DDoS attacks which my cable provider (comcast cable in evansville indiana, at the time) totally refused to do anything about, this same guy cracked my server because i knew him and he did it to backstab someone else (yes machiavellian politics are alive and well) (and he had an account) so i had some information on him, i had traced the ips and found out the blocks and failing any action by anyone i posted to the Bugtraq Incidents list, which i highly reccomend to anyone... shortly thereafter i was contacted by other individuals who it turned out were after the same guy for some similar things and i gave them all the information i had and basically sat around and waited for the attack to stop (a 3-day weekend)
i don't really know what happened with it but at least the bugtraq list is somewhere to vent some of your frustration and show what you have and possibly get some help...
yea i ramble you don't have to read it
The IP range the author posted was within C2 Media's domain, a web image service (with notable links to spyware, see here http://forums.networknews.co.uk/thread.jsp?forum=2 &thread=4307). Would it even be beyond the unthinkable that the ISP redirected content through a set of caching-load balancing proxies to speed up their web user's download times (or enabling the aforementioned spyware)? Or that they might be using the DNS subdomains for a 3rd party integration project, such as with C2 media? This is a common enough practice when adding outside vendor's networks, especially for content caching.
The SSH key mis-representation is a little unsettling, but not out the of norm, if you were to attempt a load-balancing solution and not get it right the first time. This is consistant with the above theory. As well, the SSH solution might have been necessary for the admin's of the site, and since you are in the distinct minority still using a shell account and SSH to read your mail, that the admins decided that the trouble for a random user was not a big enough concern to care.
As for the ISP's response, they might have blown you off because you were pointing out something to them that wasn't the case?
Just pointing out that more often than not, it's people's (read ISP) own stupidity that is to blame, not the forces of evil. Well, maybe if you consider stupid people to be evil.
Contrary to popular belief, life is not a bitch. It is far far worse.
Drive down to the ISP and fill out a paper form insted. Calling on the telephone is the lamest thing to do to file a complaint. It all goes into the bitbucket. That's how the world works and especially how incompetant businesses work.
Two infinite things: your stupidity and mine. But I'm not sure about the latter. If my sig offends you, I'm sorry.
The Cuckoo's Egg is a bit dated (Using a paper clip across the phone contacts to simulate a dirty line?) but a great book nonetheless.
A variant of the planting evidence happened to me once. the cops do this dynamic entry raid, whole nine yards, battering ram the door, shotguns in the face in the middle of the night. And etc. They are on a drug raid. Deal is, there's no drugs. Never werer any drugs. I think to this day they got the wrong house, as somewhat nearby was a big rock and roll party 24/7 house, and someone just missed a street number in the middle of the night or something, but they would never admit it. Anyway, they grab some spices out of the kitchen. Next day, we are all arraigned-we got arrested and taken down to the jail of course. We get arraigned, there's the head cop saying to the judge they "analysed" the stuff and it was high grade whatever.
One of the scariest dang things to ever happen, be sitting there in court, completely innocent, poor, not much money to fight anything, and the cops lie through their teeth because they were embarassed over making a mistake.
Took me almost 3 years to finally beat it, eventually they just gave up, but I keep thinking, I wonder how many innocent people they put away? Not everyone has the resources to fight them.
I once was 3 days late sending in my tax return, because I'd misplaced my W-2s. The IRS noticed, and charged me interest for those 3 days. But the interest for that short a period was only a couple of bucks.
Bottom line...
They ignored you because even though someone was ripping people off, they weren't getting ripped off. Therefore it wasn't their problem.
Next time you report an incident like that, be sure to say you think they were sharing MP3s or using DeCSS to decrypt their DVDs. THAT will get the feds attention!
Its just sad what it takes to get people to do the right thing.
It is easier to build strong children than to repair broken men. -Frederick Douglass
...so you're the guy who got my stolen plutonium research reactor and gear! It got stolen and sold on ebay, but I was never able to figure out who got it!
WELL! I told MY DAD, and he's coming over to beat you up! And you'll know it's him because his name is Cornelius Iverson Avery, and he works at Global Observations Verandas, who install tourist lookout points with those pay per view drop in a quarter binoculars,and he's REAL IMPORTANT and a REAL BIG GUY and he's been tracking that ebay sale!
You better SAY YOU'RE SORRY and give me back my plutonium reactor!
I've seen a lot of credit card fraud in my work in ecommerce. The feds never wanted to hear about it unless it was at least $10,000.
there are 2 kinds of people. those who divide people into 2 kinds, and those who don't.
"After the tone, please state the nature of the emergency. Beep!"
You are incorrect. Alexa Internet briefly used this trick called a "driveby download." Others have since adopted it. User clicks on a banner, gets an ActiveX unsigned message, clicks YES and boom.
http://lists.insecure.org/lists/fulldisclosure/200 3/Jan/0475.html
But most of us don't automatically type "yes", instead, we ask ourselves "What changed", and we investigate, before handing out our passwords.
Do you practice what you preach?
I guarantee that, although it might be your right to do, it will just create more hassle for you.
Heh, I get Fox 5 in DC as well, and the one I always liked was:
BABY DIAPERS IN A CREEK NEAR YOU!!!!!!
You only see those stories when (Fox) News Corporation has no financial interests and links to the story.
. ht m
Otherwise, the corporate parent kicks in and filters your news (which is their motivation in providing news in the first place).
http://www.commondreams.org/headlines01/0423-03
Yeah right. Law enforcement doing something.
I had some wanna-be script-kiddie (yes, he was dumber than your average script-kidding) ransacking my website(he ran a site that he was trying to make almost identical to mine though I hand-coded everything on my site and he was trying to use OSS to make his), stealing email addresses, attempting to sell them as a spam list, and hammering my site nonstop in an attempt to lockup mysql and other services on my machine.
I had IP addresses, and actually KNEW who the person was (he was that dumb to connect to a Members area of the site (in which his IP/User Agent were logged)).
Anyhow, with 10 pages with of information, and 13 megs worth of logs, and close to 14 different Spam messages with his trying to 'spoof' email addresses and get multiple people in trouble, NO ONE was able to 1. stop this guy and 2. even wanted to help out.
Long story short, I ended up taking the site offline cause it began to be too much of a hassle, and with no one wanting to help someone (even with all the information i had) theres no point in keeping a site online.
Kinda like not owning a car because law enforcement wont look for the person who stole your car even though THEY have Lo-Jack, and your car has Lo-Jack. Whats the point in having it, if no one's gonna help you get your car back.
Use telnet over SSL (a/k/a telnets) instead of ssh. What confuses me is why ssh became such a standard, when telnets already existed.
You probably discovered something that was done as part of a government investigation. This would explain the lack of response from any of the advertised authorities.
I would contact your local police department. It may also be a good point to tell them that they might want to search for local Credit Card Fraud problems, because they could be associated with this matter. It appears that it would be much more of a local crime instead of a Federal Offence, simply because it does not have any grand financial loss. Local police departments are not all bad. In fact, most will gladly put you in touch with administrative personnel that are normally knowledgeable with computers. Just remember, Once you involve the legal system, You lose all rights to your equipment!!!
If you contact Law enforcement at all, they can come in and take your equipment with a court order at anytime, and they are generally NOT nice about it! Most of the collection personnel do not even know what the lawsuit is about, and as far as they know, youâ(TM)re a pedophile.
Generally, it is not this way with correct cooperation and procedures, however be prepared for anything.
Good luck.
My limited experience from a hijacked http-proxy was no respons from the police. So I called my bank and the got the snowball rolling to a very big ball.
.tas
The banks got some power to get the police to look in to things - they got a couple of good hotlines especially to the department of commerce and/or department of treasury.
The couple occasions I've talked to police about this sort of thing the first question asked was, "What was the value of the loss?"
Of course the FBI isnt going to do any investigating. Thats because they are the ones who hacked the server in the first place!
Total Information Awareness Baby!!!
Agreed. In writing, however you should not send it via snail mail, use fax. To two places, the CEOs office and tech support.
Get a fax number from the tech support person for submitting a report. Ask for the fax number of the CEOs office. If they won't provide it, hang up, call the front office and ask them for the number without explaining why. Most will provide this number.
The report should be as simple as possible with enough details that they can verify that they are under attack.
Provide a method for contacting you by phone. Identify yourself by your customer ID.
The cover page to the CEO should state clearly in a short note: that their ISP service is under attack now and passwords and possibly credit card information are being stolen from customers.
If you must include speculation on how this has been accomplished put it at the end of the report, along with speculation of damages you don't really know about.
You've done your bit. If the ISP doesn't do theirs after this, find another.
You should follow this up later with an email or a normal letter asking to be informed of the action that was taken and the results.
- AndrewN
Wouldn't help in this case but...
Whenever I used to call @homeless/charter for tech support, as soon as I got a person on the phone I would say "Sorry, I was in the queue for level 2 support and I got disconnected." That would always save me at least 10 minutes.
You know how communities with small or non-existant law enforcement agencies handled their problems. Usually, this happens in suburbs or rural areas. We have volunteers patroling the streets at night.. Usually armed only with sticks and a torchlight sporting an armband marked Neighbourhood Watch. A group of these guys, about 3 or 4 of them and usually acompanied by a policeman, fully armed of course would go make their rounds patrolling the neighbourhood.
You get the idea right?
Anyway, how about we form some kind of organization in every community all over the world, with close collaboration with the local law enforcement agency that helps investigate this kind of things at the local physical area where the crime was thought to be originally commited from
This is what I mean.. One guy reported a crime.. Upon investigation, he thought the crime was commited by some kiddie-scripter (or something) in a city 1000 miles away. As someone on this discussion pointed it out, the Charter, FBI and CIA/NSA whatever, not forgetting the Police, don't really have enough manpower anyway. What the local watch members can do is to assist in investigating and gathering of evidence, until there's enough to just simply call 'em lawmen to just come and cuff the suspect and pickup the evidence and ship 'em away to Gitmo Bay (and throw away the keys!)
I say this because something like this happens to me before.. Back during the late eighties, the time when ole BBS/fidonet days was glorious, some guy in another continent offered to sell some computer components to me. We met in some echomail conference and after several following-up via net mails, we agreed on the price. I've made some purchases before using this method and all of the previous sellers so far have been quite honest and since the correspondence from the guy seems to indicate that he's quite keen, well.. So I went for it. Sent the guy my money but after waiting for almost 2 months.. you guess it, the guy disappeared and so is my stuff which never materializes! Fortunately, I have some echo-mail pals living in the same city, so I asked for their help.
To make the story short, they found guy, and my echo-pals called me (over the phone!) one day asking what are they gonna do to the guy, now that they've found him.. I quote, 'We found him, so what you want us to do? Kill him?'. Of course I was horrified, but I just told 'em to just to get my money back. A few weeks later, in my snail-mail box, instead of the money, I actually got the goods that I ordered :-)
Of course I don't advocate intimidation nor vigilatism, but with close cooperation with local law enforcement agencies, this local net-neighbourhood watchmen with chapters located all over the world, it can actually be something effective. Not just investigating frauds and hacking activities, maybe even locating the local kiddie pornsters. But of course, we have to do our bit, and we means everyone!
Enough of my 2 cents (monopoly money)
Will sys-admin for food
BITCH!
He could have asked the tech support person for their name (or an alias, cubicle number, internal extension phone number) and an issue password (like "carnation in label") for identifying your conversation. Or just agree that your problem description will be "Jones said the 800 number in New York had 1,543 callers." (if "Jones" is someone's name he'll be asked about the message)
Then simply file a tech support report which does not describe the problem in a way which would inform a listener, and mention the above name and password so that person can brief someone inside the office.
Why all the cloak and dagger stuff? I don't think he's up against the CIA or the KGB here. It's a case of a DNS hijacking, not P2P file trading or anything serious like that.
As much as I like Tom Clancy, it seems that too much of a good thing is possible.
Good judgment comes from experience, and a lot of that comes from bad judgment.
What the hell was THAT story about?
Don't leave us in suspense!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
I would not want to deliberately let my password get stolen unless I consulted with a lawyer, if it were me.
Depending on the extent of the victimization by the scam and one's financial resources, hiring a private detective or "computer security consultant" to help collect evidence and track the criminals down may be an option.
If you could hand the FBI a package of evidence with provenance, maybe they could take action later... or maybe you could take civil action.
at least do some leg work your self, calling tech support should be the last resort because you know who you're going to end up talking to. I spent 5 minutes doing some research and found that those IPs lead me to lop.com and also to their wonderful bag of tricks: http://www.doxdesk.com/parasite/lop.html
U J: www.doxdesk.com/parasite/lop.html+&hl=en&ie=UT F-8
google cache:
http://216.239.39.100/search?q=cache:YWJyJu-dhn
I'm not surprised that they're up to doing this stuff.
http://tinyurl.com/3t236
Recently I noticed the following entries in one of my tcpdump logs..
... 100's of entries followed. All of them pointing to frag'd packets from ameritech's dns servers.
17:10:20.103603 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 3383 NXDomain 0/1/0 (64) (frag 61464:72@0+)
17:10:21.170817 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 2208 NXDomain 0/1/0 (64) (frag 61636:72@0+)
17:10:22.241344 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 27079 NXDomain 0/1/0 (64) (frag 61813:72@0+)
17:10:23.261662 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 53003 NXDomain 0/1/0 (64) (frag 61998:72@0+)
SBC's dns servers were under attack and sending out malformed packets for days... eventually I had to remove the dns entry altogether. They don't understand the need for network secruity. They don't seem to care about domains hosted on their dns servers, and they don't seem to understand that it bothers customers when they don't respond to incidents quickly. My 2 cents.
...but I'd think step #1 in preventing this kind of attack is to ssh to a raw IP instead of relying on a DNS...unless it's a dynamic IP? Then again, you'd never have known about it if you did that, but at least it would be harder to spoof on you.
As for no one caring, that's a damn travesty. I don't want to see one more fscking computer-related law passed in this country (yea, I'm an "USian", whatever the hell that means) unless the people who pass them plan on providing the manpower to enforce the rules when an actual crime has been commited. Honestly, if it worked against you, how do they know these guys aren't out sniffing logins to some protected bank system or something? Perhaps their not hacking banks, but they could be; plus it can already be proven they're up to something illegal.
Manpower, shmanpower, if they don't have time for you then they're not pooling their recources into the proper areas, and their just passing some of these laws from the influence of lobbyists or their own shenanigans. Sketchy as hell.
CAn'T CompreHend SARcaSm?
I've been thinking. Osama is still probably alive and hiding. This leads me to believe he is a homosexual. Think about it. It says in the Koran if you die in God's service you get 72 female virgins. Now Osama obviously believes he is doing God's work. (Of course believing doesn't make it true.) I don't know about the rest of you guys, but if I knew I was going to get 72 women, I'd be out in the desert with a bullseye taped to me.
Wow, you're thin-skinned. Doesn't that big chip on your shoulder make you walk funny?
Did they beat you? Did they call you everything but a white boy? Were you put in handcuffs? Thrown on the ground?
So they asked to see your ID, that's all. And you're upset? you cannot be serious. Think about it, there's few reasons for most people to be walking around at 3AM, and a lot of them have to do with various social pathologies... things scoflaws are often involved in. The cops were just curious, and you think they're "assholes" for that? You didn't even have to show them your ID; you could have politely declined and walked away (unless you were violating some obscure law, like a curfew... You're allowed to assert your "rights" to a cop, and be as big a smartass about it as you want.... but be sure you're not breaking the law before you antagonize a police officer, otherwise you'll blow any chance that he might cut you a break.) I'll bet if you had groups of youths wandering through your neighborhood at 3AM you'd wonder what they were up to... and those cops were wondering the same thing.
At least the cops knew something about geeks, enough to make a joke about it anyway... Jolt cola and pizza... heheh... That's actually pretty funny.
"assholes?" For that? You've got to lighten up, my friend... that angst is going to poison you.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I would be very careful to gather a lot of technical information and multiple refutable "experts" on your side about this. Because if you get it on the air, Charter is going to set up their "experts" saying that the technical claims are invalid. This argument will seem perfectly valid to the non-technical public, so you'll need some fire to fight back with. Preferably a LOT of fire.
But steer the hell clear of "Silicon Snake Oil".
There aren't a lot of books I regret reading, but that was one of them.
When I first got a dsl connection I figured I'd better lock a few more doors, so I did the sensible thing (I thought) at the time and bought a 'home' router, a Seimans 2604. It had built in PPPoE and made the hookup pretty transparent.
I'd had it about a week and was still playing with its settings, when one evening it refused to let me access it from its web server.
After an hours worth of unsuccessfully messing with that, I got to thinking maybe I had been attacked, but I have some guard dogs standing by that will log that, and at least attempt to lock the purps out.
Apparently the locks held, but there was a new line in hosts.deny placed there by the guard dog that recorded the address of the incoming attack that set off the guard dog.
There was also a new rule in the iptables ruleset, also placed by the guard dog, portsentry-1.1.
That was my clue that all was not well, and that possibly that the router was now a man in the middle. Or something.
The router went back to C.C. the next day, and a linksys was brought home, which has not allowed any repeats of that, in fact its blocked everything as no further logs have been written since.
The address of the attack source? One of the verizon.com dns servers I was supposed to be useing. The attack was reported to verizon at the time of discovery, but the veracity has been neither denied, nor confirmed in the past 2+ months since it happened by verizon.
Make of it what you will. Linux saved the day AFAIAC.
--
Cheers, Gene
A mostly retired old coot
Someone please remove this guyâ(TM)s right connect to the Internet!
2 07&mode=thread&tid=126&tid=111&tid=103&tid=99)
It reminds me of a Certified Microsoft Exchange Administrator who refused to disable e-mail relaying on his Exchange server. Even after many requests, he refused. Then he refused to create, and later read the postmaster e-mail because itâ(TM)s not part of the job. Then the company was placed on a black list and all he did was gripe. Note, I later found he had received 3 notices about being placed on the blacklist, but the Microsoft rep, said it was nothing, he blew it off. (http://slashdot.org/article.pl?sid=03/05/16/1946
It also reminds me of someone blaming the electric company for loss of data on their database server, because the administrator did not install a UPS.
Ok, letâ(TM)s get into something useful. Just like protecting yourself with a UPS, you have to do things âoeBEFOREâ you get attacked! Here are some suggestions:
BEFORE YOU ARE ATTACKED
1. Apply patches
2. Remove all services, except what is absolutely need
3. Follow the âbest practicesâ(TM) from Microsoft, NSA, SANS or someone.
4. Joint the local Infragard group so you can meet law enforcement before you get hacked. (www.infragard.net)
5. Create good backups.
6. Install a firewall and keep the logs on a system that can not be accessed from the internet.
7. Install virus protection on all your systems. Update the signatures regularly. Scan regularly.
8. Install âoePersonal Firewallsâ on each system (Stealth, do not allow outbound, unless you know what the program is doing)
9. Install Anti-spyware on each system. Update the signatures regularly. Scan regularly.
10. Never use the administrator account, or accounts with administrative privileges to run applications. Instead, create a user account and use it.
WHEN YOU GET HACKED
1. Create a paper log of everything you do during the incident.
2. Create 2 bit level backup of the system. At the time you suspected you were hacked. Use one to find out what the hacker did and the other as evidence for the FBI.
3. If your losses are tangible and you have real evidence, then the FBI will do a great job of working with you.
a. Tangible losses are typically greater then $10K. Note, this price does not include the purchase of a new firewall or software to âprotect your systemâ(TM). Nor does it include hiring a consulting to run a scan to perform an assessment. The objective here is to be âmade wholeâ(TM) and nothing more. But you would have learned this, if you ever attended an Infragard meeting.
4. Report the attack to NIPC (http://www.nipc.gov/incident/newincident.htm). A copy of this report is sent to the FBI.
5. When the agent arrives, provide a copy of the backup, your best practices documents and security policies when the FBI shows up. Also provide any other evidence you have found.
PROBLEMS WITH YOUR CURRENT APPROACH
1. If you were to bring this to a state or federal prosecutor, you would be waiting their time.
a. You have already destroyed the evidence by using the Microsoft file âbrowserâ(TM) to check on why you were having problems. At this point your attack is considered âhearsayâ(TM) and your hard drive could not be submitted as valid evidence.
b. Your loss can not be validated.
2. You scanned other systems without approval, is considered a crime in some states/countries
3. If you did not have a firewall, virus protection on your system, a best practices documents and a copy of your security policy in place then you may not be considered creatable to administrate the system.
I would suggest joining Infragard, learning to secure you system and taking a SANS class.
Yep. Actually, I am not sure I want a well-run gummint that enforces each and every of the hundreds of thousands of laws and regulations on the book.
Fortunately, as the French say, "La démocratie, c'est le bordel" (Democracy is a f*cking mess).
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
0. setup your own firewall with internal caching nameserver and DHCP. if your windows box is pulling dhcp address from your isp (and corresponding resolver config), you have more relevant problems due to fact your underwear has already been hanging in times square before you even touch the keyboard. See http://www.zelow.no/floppyfw/ or http://www.linuxrouter.org/
1. you should ALWAYS use fully qualified hostnames, there's no excuse for depending on domain search order for accessing secure sites.
2. ssh pub/priv keys were designed to alleviate dns spoofing, and the man in the middle message you received served its purpose. If any admin ignores the message and says "connect anyway" then keys in a passwd to boot, they *deserve* to be hacked.
3. if you have anything remotely to do with financial sites, you should know to DISABLE passwd authentication altogether, and only use authorized_keys.
4. never do general browsing/accessing rogue addresses from the same machine/network from which you access sensitive information.
ghostbusters!
In the fuckin midwest, they implemented a 10 p.m. curfew for 18 year olds. My friends and I were walking home about 10 or so, the cop comes up behind us lights blaring asks to see id. he said we were out past curfew and we would all be taken in. my friend looks at the clock on his dashboard, it says 9:53. We tell him to fuck off, take off for my house, and get my father outside. that shuts up the pigs real quick, an adult.
FUCK THE POLICE.
Baby Diapers?
Possibly in a creek near you?
Just playing off a hunch
+4 Informative
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
This guy is a moron. He's crying wolf to FBI when all that happened is that he got spyware on his personal computer. Running IE and executing everything it puts out in front of you should be grounds for lobotomy.
Having worked on end user tech support, I can understand why sleazy companies keep putting out more and more spyware crap - most people don't understand or even care. I once debugged end-user's crash issues and found out that he had half dozen different spyware proggies installed. I asked if he had noticed anything strange before, and he did say he was pissed due to his IE doing funny stuff (changing homepage etc..) - but he didn't care as long as he could open whatever webpage he wanted to get into. Only after his computer started to crash every time he launched IE he figured out that something wasn't right.
Companies pushing spyware/malware should be taken down hard and made to pay for the extra support costs and bandwidth their 'applications' cause.
Constrain MY FUD? Do you really want the Klan back? Because that's what you're going to get. The Klan originally started as groups of southern landowners back when there wasn't any law enforcement... they took care of their own problems, and look at the incredible evil that came of it. We are a nation of laws, not a nation of men; you really don't want the latter.
Are you seriously advocating road-ragers running grandma off the road? I've got a grandma... you probably do too. Oh yes, you'd see some of that vigilante justice you're talking about if punks ran peoples' grandmothers off the road because they forgot to set their alarm clocks, and were late for the taco bell job. Maybe your son would come home beaten to a pulp, or even in a body bag, because some grandmother's son took exception to YOUR son running her off the road.
What if your daughter is Tawana Brawley, and lied about the boy next door raping her? Maybe it was consensual, but he didn't call the next day, or may be it was consensual but you walked in on it and she was too afraid of you to admit it (I've personally seen both of these scenarios). On the basis of that, you're going to take someone's life?? Good God man... that's why courts came about, because the kind of justice you're talking about so often went terribly wrong.
Incidently, I personally agree wholeheartedly with you that police cannot protect individuals. The bad guys far, far outnumber the cops, and bad guys go to great lengths to avoid committing crimes in front of the police, which is why I support people carrying concealed weapons... you'd be surprised the number of cops who don't have a problem with that. That's right... you heard it here first... a (former)cop who thinks people should be able to defend themselves. With some training, I think it's a fine idea whose time has come.
You Britts will, of course, disagree... but the US is way past the point of no return with guns. 200 million+ are not going to EVER be rounded up, so you might as well level the playing field for joe citizen. Seems fair to me...
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
If the Feds work like the locals around here (Chatham Co Ga and surrounding areas) they might just get some sleazeball spyware stooge to do it for them and avoid all that pesky subpoena paperwork.
Course they hardly need to bother now, what with the Patriot Act.
Yeah, I'm paranoid. Right. Jeezus, I could tell you some tales. Maybe I will. Everybody starts crapping their pants if it even looks like I might. Like when I'm being robbed, and my lady is being held hostage again. Like now.
Blackmail and extortion? No, I just want what's mine, and it's so fucking simple to make me a happy camper. Everybody would win. What's the fucking problem? Jeez, I'd really hate to have to get pissed off or something. There'd be no mercy.
--rgb
First off, _any_ police force won't deal with petty theft. My friend had his car broken into but the cops won't invest any time in it because the damage/loss doesn't meet a certain value. Law enforcement only has a certain, finite amount of time/resorces they can spend investigating anything, so it's necessary (unfortunately) for them to prioritize what they can and can't look at.
-Bucky
...Somebody thinks they're observing an on-going attack. What do they do? Report it to the ISP which appears to them to have had its servers compromised. Then call FBI and other responsible authorities.
99 times out of a 100 (and this may well be one if the original poster has ordinary spyware on their machine), it's a false alarm. Somebody has a virus on their machine; it's spyware they unwittingly downloaded.
But, when you're the 1 time out of 100 and you're right, who do you get at the ISP or FBI? Somebody who's used to handling the other 99 calls.
There's also a real chance you might be getting someone who doesn't care. More likely, you've got somebody who cares, but doesn't know what to do. Hopefully, the most likely scenario is that you've got someone who knows what to do. But all three of these groups are going to sound the same at first. Why? Because they're all used to handling the other 99 calls.
You need a strategy for cutting through the BS and convincing them -- quickly and concisely -- that you're not one of those 99 callers, that there's on-going crime being committed, and that potentially large amounts of money are involved.
I have had a similar kind of problem with reporting network problems on a large ISP (Qwest), and I have developed such a strategy:
1) Find out how to contact the ISP's Network Operations Center (NOC).
2) Devise a simple test which they can run at the NOC to demonstrate the problem.
3) Call the NOC and (when they start to tell you how to file a report in the morning) say, "No. You do not understand. You have a serious on-going problem here which must be resolved immediately. If you do not, [insert concise description of the damage you think is likely here]."
4) Tell them to run your test.
5) If you know the answer, tell them how to fix the problem.
I developed this when I was doing a graveyard shift on which I frequently used Qwest's San-Francisco-Seattle backbone. They had one router on the pipe which would go down every couple months. I could detect the problem every time using traceroute. The NOC's response was invariably, "Copy the traceroute into an email and somebody will fix it in the morning."
I would respond, "No. Your main pipe between Silicon Valley and Seattle is down. If all those dot-commers wake up in the morning and find you've not been passing any packets for hours, there is going to be hell to pay. Run a traceroute to amazon.com."
The response almost immediately changed to: "Oh, my God. I'll get on it right away. Thanks a lot." Then I would tell them the name of the router which had to be power-cycled. And it would be fixed in a few minutes.
Here's how you would apply this strategy to the poster's situation:
1) Find out how to contact the ISP's Network Operations Center (NOC). If you don't have a direct number, try to get it from their support people. They know it. They may not be allowed to give it to you. They may prefer to connect you themselves. Try to act knowledgeable and give them good reasons why they should put you through. Sometimes the NOC will give you their number once they know you're for real. It might help to call it that ("NOC," pronounced like "knock"), but you should probably identify it at least once as "Network Operations Center."
2) Devise a simple test which they can run at the NOC to demonstrate the problem. This is very important. Preferably a single command which will elucidate the problem unambigously. (This would have stopped this particular poster's problem at the ISP. When the poster gave his demonstration to his NOC and they got different results, he would have known the problem was on his PC.)
3) Call the NOC and (when they start to tell you how to file a report in the morning) say, "No. You do not understand. You have a serious on-going problem here which must be resolved immediately. If you do not, [insert concise description of the damage you think is likely here]." Be poli
Eternal vigilance only works if you look in every direction.
Do you use online banking? Call your banks phone line to report the hacking. The bank will be able to do something because they have an actual security department with FBI contacts and they don't like when their customers getting ripped off because it's really bad for business.
Hey, I didn't say that the standard method of secret messaging should be used, that of emitting a coded contrail over the entire country so the recipient can't be detected.
Depends whether you want to get your message on the record quickly in case someone listens. Later you can build your railroad track to the ISP and send the detailed documentation.
/.
Competent admins do not ever change SSH server keys without notifying all legitimate users of client software.
If your admins are incompetent, neither CAs, nor stunnel/telnets will save you.
You should be connecting using a key that was not passed over any network, if you actually have a need for real security. Your admin should burn keys onto business-card format CDs - both server key fingerprints (to validate the servers to you) and client keys (so the server knows who is connecting).
If your security needs are so extreme that the predictability of the Diffie-Hellman key exchange algorithm when using known client keys matters, then use securid tokens or similar.
--Charlie
Man, what the hell am I talking about??? I'm on a proxy right now and I can still do my banking without warning. You obviously are correct...