Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap Author Receives FBI Subpoenas

Posted by timothy on from the mens-rea dept.

spafbnerf writes "Fyodor, author of the open-source network scanning tool Nmap, posted a story to the nmap-hackers list about having received a number of subpoenas from the FBI this year, demanding webserver log data, none of which produced anything, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request was narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"." Update: 11/25 20:21 GMT by T : Reader kv9 adds a link to Kevin Poulson's story at SecurityFocus.

11 of 390 comments (clear)

  1. Seems reasonable by Anonymous Coward · · Score: 5, Insightful

    That seems like a legitimate investigative technique. They're probably trying to match up different pieces of evidence to find the person behind things.

    1. Re:Seems reasonable by RonnyJ · · Score: 5, Insightful
      That seems like a legitimate investigative technique.

      Yes, though the main concern of mine is that he says the FBI were using subpoenas that were improperly served - how many people wouldn't bother checking, and just give up information straightaway?

  2. if the server goes down... by Anonymous Coward · · Score: 5, Informative

    the text is here

    Dear Nmap hackers,

    Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm
    hard at work on a holiday Nmap version which should be available by
    Christmas.

    But enough pleasantries -- I want to discuss a sobering topic. With
    increasing regularity this year, FBI agents from all over the country
    have contacted me demanding webserver log data from Insecure.Org.
    They don't give me reasons, but they generally seem to be
    investigating a specific attacker who they think may have visited the
    Nmap page at a certain time. If they see that an attacker ran the
    command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz"
    from a compromised host, they assume that she might have obtained that
    URL by visiting the Nmap download page from her home computer. So
    far, I have never given them anything. In some cases, they asked too
    late and data had already been purged through our data retention
    policy. In other cases, they failed to serve the subpoena properly.
    Sometimes they try asking without a subpoena and give up when I demand
    one.

    One can argue whether helping the FBI is good or bad. Remember that
    they might be going after spammers, cyber-extortionists, DDOS kiddies,
    etc. In this, I wish them the best. Nmap was designed to help
    security -- the criminals and spammers put my work to shame! But the
    desirability of helping the FBI is immaterial -- I may be forced by
    law to comply with legal, properly served subpoenas. At the same
    time, I'll try to fight anything too broad (like if they ask for
    weblogs for a whole month). Protecting your privacy is important to
    me, but Nmap users should be savvy enough to know that all of your
    network activity leave traces. I'm not the only one who gets these
    subpoenas -- large ISPs and webmail providers receive them daily.
    Most other major security sites probably do too. Most of you probably
    don't care if someone finds out that you downloaded Nmap, Nessus,
    Hping2, John the Ripper, etc. Nothing on Insecure.Org is illegal.
    But for those of you who do care, there are plenty of mechanisms
    available to preserve your anonymity. Remember this security mantra:
    defense in depth.

    Cheers,
    Fyodor

  3. Seems valid by Staplerh · · Score: 5, Insightful

    Even the Nmap Author seems to agree that it could help in the fight against these undesirable script kiddies, etc. However, I think it is great that this author has brought this to public attention, and will hopefully increase oversight of these cyber-investigations.

    Of course, we do need law enforcement and this is a legitimate field to investigate so that we can have protected web commerce. With eyes on their activities, we can hopefully keep the Internet free and safe. Thoughts?

    --
    "There's no success like failure, and failure's no success at all."
    - Bob Dylan
  4. FBI spies by Anonymous Coward · · Score: 5, Interesting

    Do you know that Google searches are subpoenable?

    So Googling your victim, for example, before committing the crime is not very smart.

    Unless of course you can randomly change your ip
    in a pretty large range of course, heh heh.

    1. Re:FBI spies by MikeFM · · Score: 5, Interesting

      Smart hackers never hack from an IP traceable to them anyway. That's why unprotected WiFi points are so useful. There is no way in heaven or hell to trace the connection back to the source. Of course there are lots of places you can jack in for a unlogged wired connection too. It's just to easy to keep from being traced.

      Fortunately most hackers are dumb and lazy so they aren't that hard to trace.

      --
      At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
  5. Bad joke... by gowen · · Score: 5, Funny

    No wonder he's reticent about providing information.
    Fyodors are supposed to remain closed at all times.

    (Sorry)

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  6. Re:New Christmas Version ... ? by Anonymous Coward · · Score: 5, Funny

    Making a list,
    Scanning it twice.
    The FBI knows,
    Who's naughty or nice...

  7. 'She'... in related news.. by pented_rage · · Score: 5, Funny

    The FBI has tracked down a perpetrated hacker after a slip-of-tongue by Fyodor in a recent nmap-hackers list posting, relating a female hacker using wget command to get nmap. After searching the homes of the 3 females known by Fyodor, they have identified and captured the assailant.

  8. Re:Valid investigation techniques? by nomadic · · Score: 5, Insightful

    Since when are fishing expeditions effective?

    Ask anyone who's ever caught a fish.

    Seriously, if they don't have any concrete leads, what are they supposed to do? Just stop investigating?

  9. Re:Trinity used Nmap....look where it got her. by JamieF · · Score: 5, Funny

    Yeah but for a while she had a boyfriend who could morph himself, move super fast... putting any sex toy or porn star to shame. Not a bad deal.