So, how much warrentless wiretapping and patriot act powers did it take to monitor a chat room?
How do you know what they used? This may have ended up with a few techs/agents sitting in front of a LCD watching the chats...It most likely *started* by trawling through "wiretap" traffic for keywords that identified the chat room.
It may not have taken many "warrentless wiretapping and patriot act powers" to monitor the chat room. But it's quite possible they were used to identify the chat room.
This means that anyone can physically break into a business, steal less than $50,000 and not be prosecuted? Oh, that wouldn't be a federal offence?
First, that's not in every jurisdiction. Just in some of the more overworked ones. The threshold is not just a total of what was stolen, it includes man hours (for recovery and [non LE] investigation), along with other resources.
Second, it's still a federal offence. Speeding is still speeding, even if you pass a cop doing 65 in a 55. But does he stop you? If the cop tried to stop eveyone doing 65 in a 55, he'd never get the guy doing 80 (and the real danger).
it is up to the authorities to secure better funding so they can handle what is clearly a massive problem
Can you post some links from a.gov site documenting these requirments? It would be nice to point the PHBs at it.
I wish I could. That list is based on plain old experience. There's no way they'd ever admit to that. Although, as you can see from the other comments, it pretty obvious.
Those are not "documented" requirements. They are plain realities.
to the eye of an average tax-paying citizen, me, it seems very much as if, because the average tax-paying citizen doesn't have large enough businesses or large enough losses, we don't rate any protection at all
That's just it... The thresholds are high - not because those are the glamerous cases (the vast majority are sensitive enough NOT to make it to the press), but because they have the greatest impact on our society, and hence, the taxpayers. For example:
a) A Government contractor housing sensitive information is compromised. The cost to the taxpayer is not obvious, but it *is* there. And it's a greater cost than you might imagine. Compromised technology and data exfiltration -- funded by taxpayers like you.
b) your company's website is brutalized, and perhaps the customer database is somehow compromized. The cost in rebuiding the servers is (if it's really big) around $10,000 in man hours. Explain to me how a price will be put on the customer database. This will have to be done by the already overworked prosecuter in court (assuming it ever gets there). Prosecution and sentencing are based on damage to society, in most cases.
Which one do you think the FBI is most interested in (for the sake of the taxpayer)? In the case of the first, *all* taxpayers bear a burden. In the case of the second... not so much.
Understand this. Cybercrime investigators are overworked well beyond what you can imagine. A threshold *has* to be established. If you fall below that threshold, I'm sorry. Secure your systems.
The days of sending out the fire department to get little kitty out of the tree are over. This has nothing to do with "ignoring the little guy". It's economy of resources.
So, in loose translation, the FBI doesn't have to/want to do their jobs with regard to cyber-crime because the Ass't. US Attorney won't do theirs
You completely missed the point. There's *already* too much work. It's not a matter of not wanting to do their jobs, it's a matter of having way too much work already. Re-read my original post again, *slowly*, if you must.
And as one of the "Hacker Hunters" (pffft), I can tell you that it's not the FBI (or any other LE agents) that don't care.
There's *no* point in an agent taking a case or even wasting his/her time returning your call (one of many every day) when he/she already knows that an Assistant United States Attorney (AUSA) won't take the case for prosecution. The threshold set by AUSAs can amazingly high for damages in most cases. Where I work, it is around $50,000 before they'll even talk to you. There's just too much already out there.
Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.
Unprosecutable because:
1) damages don't meet the threshold.
2) the system was unpatched and "invited" the hacker in - I hate this the most.
3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experience shows that the effort put forth to go after these idiots is not worth the 30 days probation a juvenile gets in MOST cases - damage dependant.
Experience will tell you what kind of effort your phone call is worth to an investigator. After he delete's your message, there are probably 3 or 4 more waiting to make their own report.
The agency I work for forwards intrusion reports to us via e-mail. I ignore 90% of them. If I responded to them all (or even half), I'd NEVER have the time to go after the important ones. That's life.
Slashdot Mirror
"honey, do you know what this switch does?"
"No, dear."
"Okay, I'm going to flip it...watch to see what happens."
"Okay"
"On"
"Nothing"
"Off"
"Nothing"
"On"
"Still Nothing"
"Off"
"Nope, I still can't see what it does..."
How do you know what they used? This may have ended up with a few techs/agents sitting in front of a LCD watching the chats...It most likely *started* by trawling through "wiretap" traffic for keywords that identified the chat room.
It may not have taken many "warrentless wiretapping and patriot act powers" to monitor the chat room. But it's quite possible they were used to identify the chat room.
\5
So, when Linux is used on your "primary Desktop", how do you handle PKI?
First, that's not in every jurisdiction. Just in some of the more overworked ones. The threshold is not just a total of what was stolen, it includes man hours (for recovery and [non LE] investigation), along with other resources.
Second, it's still a federal offence. Speeding is still speeding, even if you pass a cop doing 65 in a 55. But does he stop you? If the cop tried to stop eveyone doing 65 in a 55, he'd never get the guy doing 80 (and the real danger).
I agree. And I'm willing to take donations.
I wish I could. That list is based on plain old experience. There's no way they'd ever admit to that. Although, as you can see from the other comments, it pretty obvious.
Those are not "documented" requirements. They are plain realities.
That's just it... The thresholds are high - not because those are the glamerous cases (the vast majority are sensitive enough NOT to make it to the press), but because they have the greatest impact on our society, and hence, the taxpayers. For example:
a) A Government contractor housing sensitive information is compromised. The cost to the taxpayer is not obvious, but it *is* there. And it's a greater cost than you might imagine. Compromised technology and data exfiltration -- funded by taxpayers like you.
b) your company's website is brutalized, and perhaps the customer database is somehow compromized. The cost in rebuiding the servers is (if it's really big) around $10,000 in man hours. Explain to me how a price will be put on the customer database. This will have to be done by the already overworked prosecuter in court (assuming it ever gets there). Prosecution and sentencing are based on damage to society, in most cases.
Which one do you think the FBI is most interested in (for the sake of the taxpayer)? In the case of the first, *all* taxpayers bear a burden. In the case of the second... not so much.
Understand this. Cybercrime investigators are overworked well beyond what you can imagine. A threshold *has* to be established. If you fall below that threshold, I'm sorry. Secure your systems.
The days of sending out the fire department to get little kitty out of the tree are over. This has nothing to do with "ignoring the little guy". It's economy of resources.
And as one of the "Hacker Hunters" (pffft), I can tell you that it's not the FBI (or any other LE agents) that don't care.
There's *no* point in an agent taking a case or even wasting his/her time returning your call (one of many every day) when he/she already knows that an Assistant United States Attorney (AUSA) won't take the case for prosecution. The threshold set by AUSAs can amazingly high for damages in most cases. Where I work, it is around $50,000 before they'll even talk to you. There's just too much already out there.
Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.
Unprosecutable because:
1) damages don't meet the threshold.
2) the system was unpatched and "invited" the hacker in - I hate this the most.
3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experience shows that the effort put forth to go after these idiots is not worth the 30 days probation a juvenile gets in MOST cases - damage dependant.
Experience will tell you what kind of effort your phone call is worth to an investigator. After he delete's your message, there are probably 3 or 4 more waiting to make their own report.
The agency I work for forwards intrusion reports to us via e-mail. I ignore 90% of them. If I responded to them all (or even half), I'd NEVER have the time to go after the important ones. That's life.