Getting Law Enforcement Action for a Large-Scale Hack?
"So I determined that I was connecting to xxx.p5115.tdko.com instead of xxx. I started looking at dns settings. Of course, under Windows, the default is to accept the default dns domain specified by a DHCP server for the PC's ethernet connection. There are settings to disable this, but I hadn't thought about it until now. It turns out, Charter Communications' DHCP servers were infiltrated and were providing p5115.tdko.com as the 'Connection-specific DNS suffix', causing all non-hardened Windows (whatever that means in a Windows context) machines to get lookups from a hijacked subdomain DNS server which simply responded to every query with a set of 3 addresses (66.220.17.45, 66.220.17.46, 66.220.17.47).
On these IPs were some phantom services. There were proxying web servers (presumably collecting cookies and username/password combos), as well as an ssh server where the perpetrators were most likely hoping people would simply say 'yes' to the key differences and enter in their username/password.
Has anyone else seen this type of attack before? Pretty sneaky. I bet it would slip by most people that don't use anything but a web browser. This makes me want to step up my plans to put an OpenBSD firewall in place and allow it as little trust of the outside world as possible, providing more trusted DNS/DHCP services to the hosts on my network. It would be nicer to be able to boot the thing self-contained-and-configured off read-only media and have no writable access to anything from the operating system to totally prevent break-in/tampering.
With respect to the law enforcement issues. I first called Charter, and after 10 minutes on hold was told to submit a report to their abuse account. I asked the tech support rep if they really wanted me submitting the incident report through a hijacked proxying web server. I hadn't yet reconfigured my Windows systems because I wanted to collect as much information as possible while the attack was still live. The long and short from the tech support rep was they'd look at it, but couldn't do anything with respect to responding to me about it unless I submitted that report.
I moved on to calling the FBI. The after hours person had no idea what evidence collection procedures I should follow, nor if their office would even be interested in investigation. I was told to call back during business hours. I did a little searching and found the National Infrastructure Protection Center. I gave them a ring and was asked to fill out an incident report. I was told it would be reviewed in the NOC quickly and a decision made about further investigation. The rep answering the phone said to collect any and all information I could think of regarding the attack. I got a response later this morning that their NOC personnel had evaluated the report and decided not to investigate further.
I called the FBI back this morning, only to be told they generally didn't investigate these types of crimes for individuals, but usually only for companies that had lost at least a couple thousand dollars. To inflate my ego a bit, I asked if I could count my time cleaning up/investigating as a loss of this magnitude and was told no, that it would have to be a financial loss like is associated with internet credit card fraud. Given how Kevin Mitnick was convicted and sentenced on 'evidence' that included employee time for investigation and cleanup, why is this any different for me?
With respect to getting some action on any future attacks - what should I do? Who should I call? I'm not a h/\x0r, and I have reasonable investigation skills, but aren't there professionals doing this to uphold the law? What's the point of all those federal laws anyway? Monitoring of third party communications, without the consent of either party; unauthorized access to Charter's systems - the list can go on a lot further depending on the activity happening at those proxying servers. Are these laws just tools to oppress unpopular computer criminals but just plain not enforced most of the time?
I found this situation and particular method of attack interesting... hopefully this was fun to read. If you have suggestions for what I should do in the future to handle attacks, I'd love to hear about it!"
You need the black private dick that's a sex machine to all the chicks.
Here's a hint baby: the man's been to my house!
It's a Republican administration.
Charter.com (and charterpipeline.com) are spamming fuckwits. They refuse to respond to spam complaints and their users probe my networks.
They are a rogue isp.
Funny shit, man. Guess it goes to show...porn and wives don't mix. (Or porn of wives for that matter...)
wives4fun.com
this history comes from the country that was hit by the 9/11 events, comes from the country that loves so much copyrigth holders that some senators even think in *destroying* end-users PCs as a legitimate way of figthing copyrigths.
...
...
...
...
...
/. ...
This history comes from the country taht even has now a Departement of Homeland Security whose job seems to collect as much data as possible about is own citizens to protect them from *terrorism*.
but, hey - the described events are *pure* terrorism from one side are pure negligency and irresponsabilty from another
If there is still some sense of rigth or wrong in the US one thing must happen quickly
get all those irresponssible people (both in the public and private sector) who simply didn Ât care fired imediately
if nothing happens, well maybe this was a beta testing of some carnivore type technology that went wrong
don Ât get me wrong on this : I trully love the US as a nation, but some people there should really get back to basic school just to learn a few things : the difference between black and white, the difference between rigth and wrong and above all get some common sense!
This kind of events were supposed to be only possible on Brecht tales or Orwellian stories not in a real nation, not in a real world
thankfully we still have
Cheers from Portugal
Sorry to be the one to drive this point home, but you are very naive. Unless you decide to devote massive amounts of time and money, begin your own investigation, and then find a sympathetic Souless Minion © in a law enforcement agency that can actually act against these individual(s), you are shit out of luck.
Case in point:
The Bush White House allowed 9/11 to happen.
If the government will stand by while huge amounts of evidence of impending physical terrorism are coming its way - WHAT MAKES YOU THINK THEY GIVE A FUCK ABOUT YOU?
Listen, this is a fascist state. Only those who can afford "protection" get it - look at the RIAA and MPAA. They first pay off the Democrats to enact the DMCA, and then pay off the Republicans to enforce it.
In fact they really aren't Republicans or Democrats - just moderate or antimoderate wings of the Corporate Party.
Hence, individuals - like yourself - enjoy no protection under the law as a victim - and is painted as a criminal by owning an Internet connected computer - whilst corporations can act above the law.
But is it legal?
I'll make it legal.
Sound familiar?
BTW - if you don't at least protect your network via something simple, like a basic router with popular ports forward to nonexistant IP addresses - you're asking for trouble. In your case, its like asking the police to investigate a break in on a house with no locks and screen doors.
You should have said that Muslims were stealing copyrighted music.
You were not hacked. You have spyware on your computer. Good lord.
Hilarious! This is the best "Ask Slashdot" ever.
"Someone hacked my ISP's DNS server! Oh no wait, It's just spyware on my computer from when I downloaded Kazaa."
This jackass is the reason those customer service people say "whatever" to shit like this.