Getting Law Enforcement Action for a Large-Scale Hack?

HeelToe asks: "Two nights ago, I sat down to do a few chores with finance websites and check my mail. To check my mail, I use an ssh connection and read it via mutt. I had already hit Slashdot for my semi-hourly dose of content, but then noticed my ssh client complaining about a difference between its cached copy of the server key and the server key presented, so I started investigation. After figuring out what was going on, I contacted the tech support line for my service provider (Charter Communications) to no avail, as well as the FBI and NIPC, again, both to no avail. There are all these laws and all this hype about enforcing these computer crime laws - what must an end user do to get some enforcement done? Read on for more, much more..." Update: 06/21 19:13 GMT by C :As it turns out, the issue wasn't a hack at Charter but a particularly nasty form of Spyware. Stll, the question is valid, and some of the suggestions already given, have been real informative. Keep 'em coming!

"So I determined that I was connecting to xxx.p5115.tdko.com instead of xxx. I started looking at dns settings. Of course, under Windows, the default is to accept the default dns domain specified by a DHCP server for the PC's ethernet connection. There are settings to disable this, but I hadn't thought about it until now. It turns out, Charter Communications' DHCP servers were infiltrated and were providing p5115.tdko.com as the 'Connection-specific DNS suffix', causing all non-hardened Windows (whatever that means in a Windows context) machines to get lookups from a hijacked subdomain DNS server which simply responded to every query with a set of 3 addresses (66.220.17.45, 66.220.17.46, 66.220.17.47).

On these IPs were some phantom services. There were proxying web servers (presumably collecting cookies and username/password combos), as well as an ssh server where the perpetrators were most likely hoping people would simply say 'yes' to the key differences and enter in their username/password.

Has anyone else seen this type of attack before? Pretty sneaky. I bet it would slip by most people that don't use anything but a web browser. This makes me want to step up my plans to put an OpenBSD firewall in place and allow it as little trust of the outside world as possible, providing more trusted DNS/DHCP services to the hosts on my network. It would be nicer to be able to boot the thing self-contained-and-configured off read-only media and have no writable access to anything from the operating system to totally prevent break-in/tampering.

With respect to the law enforcement issues. I first called Charter, and after 10 minutes on hold was told to submit a report to their abuse account. I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server. I hadn't yet reconfigured my Windows systems because I wanted to collect as much information as possible while the attack was still live. The long and short from the tech support rep was they'd look at it, but couldn't do anything with respect to responding to me about it unless I submitted that report.

I moved on to calling the FBI. The after hours person had no idea what evidence collection procedures I should follow, nor if their office would even be interested in investigation. I was told to call back during business hours. I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. I was told it would be reviewed in the NOC quickly and a decision made about further investigation. The rep answering the phone said to collect any and all information I could think of regarding the attack. I got a response later this morning that their NOC personnel had evaluated the report and decided not to investigate further.

I called the FBI back this morning, only to be told they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars. To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?

With respect to getting some action on any future attacks - what should I do? Who should I call? I'm not a h/\x0r, and I have reasonable investigation skills, but aren't there professionals doing this to uphold the law? What's the point of all those federal laws anyway? Monitoring of third party communications, without the consent of either party; unauthorized access to Charter's systems - the list can go on a lot further depending on the activity happening at those proxying servers. Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?

I found this situation and particular method of attack interesting... hopefully this was fun to read. If you have suggestions for what I should do in the future to handle attacks, I'd love to hear about it!"

frosty

mmmmm

i do it wrong!

Study: Females get aroused by both sexes

SUMMARY: A new study confirms what researchers have suspected for some time -- women may prefer to date one gender or the other, but they get sexually aroused by both.

It's no surprise that lesbians like to watch lesbian pornography. But the big news in a new study is that they also get turned on by watching heterosexuals and gay men have sex.

And straight women? They like it all, too.

The findings confirm what researchers have suspected for some time -- women may prefer to date one gender or the other, but they get sexually aroused by both.

Men, on the other hand, aren't nearly as flexible. Straight men like to watch women have sex, and gay men like to watch men. Case closed.

"This may well be relevant to the flexibility of female sexuality. I wouldn't be surprised if this is one reason why women transition more between sexual identities than men," said study co-author Michael Bailey, chairman of the psychology department at Northwestern University and author of "The Man Who Would Be Queen: The Science of Gender-Bending and Transsexualism."

In his study, completed over several years, Bailey and colleagues recruited 69 men and 52 women, both heterosexual and homosexual, to watch two-minute snippets of X-rated movies in a laboratory.

The men hooked themselves up to a rubber-band-like device that detected erections by measuring the thickness of the penis. The women used a small device that shines a light into the vagina and detects reflected light. According to Bailey, the vagina becomes darker during arousal.

The videos featured various types of sex (vaginal, oral and anal) and various types of partners (male-male, female-female, male-female).

The researchers will report their findings in an upcoming edition of the journal Psychological Science. They released an early report this month.

Heterosexual men were most stimulated by watching lesbian sex, followed by heterosexual sex. The gay men responded most to male erotica.

But the women -- straight or lesbian -- tended to enjoy watching all the types of partners have sex. Only 63 percent responded most to sex involving their preferred gender, a much lower number than among the men.

The study findings confirm the experiences of many women who find themselves suddenly developing a new sexual orientation, said Lisa Diamond, an assistant professor of psychology at the University of Utah.

"With women, the experience of sexual attraction doesn't revolve around the gender of the partner as it does around other things," she explained. "Women say, 'I didn't think I was attracted to women , and then all of a sudden, boom!' This fluidity does not appear to be as common among men."

The next step, Bailey said, is to study sexual arousal among bisexuals. Initial research suggests that bisexual men share something in common with straight and gay men -- they're significantly aroused by one gender more than the other.

http://story.news.yahoo.com/news?tmpl=story&cid= 10 1&ncid=1755&e=2&u=/po/studyfemalesgetarousedbyboth sexes

Re:Study: Females get aroused by both sexes

[BuckaBooBob]

Holy offtopic batman!

arg!

fp!

semi-hourly {:-/

did you mean half-hourly?

speaking of law enforcement and other agencies...

Friday, June 20, 2003 Posted: 12:23 PM EDT (1623 GMT)

PONTIAC, Michigan (AP) -- A city firefighter has been accused of pointing a gun at his wife when she tried to stop him from watching Internet pornography.

Lavoisier D. Washington, 38, of Pontiac, was arraigned Thursday on charges of felonious assault and carrying a concealed weapon. He was released on $5,000 bond.

Fire Chief Wilburt McAdams told The Oakland Press he suspended Washington without pay following the alleged incident on Wednesday morning and will try to fire the eight-year veteran of the department.
Daughter calls police

Reached by telephone Friday, a woman who identified herself as Washington's mother said her son didn't want to comment.

Oakland County Chief Deputy Prosecutor Deborah Carley said Washington's wife confronted him after finding him viewing a pornographic Web site for the second time in as many days.

---------------
"She was especially upset because he was accessing the site while the children were asleep in the same room," Carley said. "She told him she was going to cut the cable to the computer and went to get scissors.
---------------

"He got a gun and pointed it at her temple."

Weapon found
-------------

Carley said the children, who range in age from 11 to 17, awoke during the confrontation and tried to help their mother. A daughter left the house and called police.

Carley said Washington then went to his mother's Pontiac home and tried to hide the gun there. Officers, who arrested him as he walked outside, found a loaded semiautomatic handgun inside.

Re:Call tech support, but

[EvilTwinSkippy]

Eventually, you'll talk to someone at the ISP who can or will do something. If not, it's time to get a new provider.

Or use my old trick: BE the Internet Service Provider. Cable modems and the local phone company's DSL service provide way too much low hanging fruit for hackers.

For what these places charge for bandwidth you are better off getting a fractional T1 and splitting it with your nieghbors, or having a few doting small businesses pay you to host their websites.

Of course I haven't used windows in almost a year, and I convert old laptops to wireless dumb terminals. I got so sick of email games I have my own domain, hosted on my own (okay, temporarily work's) machine, hosted (until recently) in my living room.

I just bought a new house, and they haven't hooked up the DSL service yet. The good old fashioned kind with static IP's and a "we don't care what you do with it" usage agreement from a small player in the market.

Hmm. Does this post count as a rant or an ego stroking?

Re:This is giving me the cold sweats

[Rolo+Tomasi]

Run your own caching DNS which gets its info straight from the root servers. Still not perfect, but much better. Also useful against primitive DNS censorship techniques which are used in some countries. In a home environment, I recommend an OpenBSD router, which will do this and much more. Tutorial here.

Re:Call tech support, but

[ntsucks]

What do you expect, we elected "W" as president?

He is writting his own modern version of the Gettysburg Address, "..that this nation, under God, shall have a new dearth of freedom - and that this government of the Corporations, by the Corporations, for the Corporations shall not perish from the earth..."

(Original here.)