(This is probably going to be long winded). Let me tell you about some experiences I have had with (unsucessfully) tracking down two hackers/hacker groups. These are both REAL stories regarding Montana Internet, which is the local ISP I helped found and I still am doing all the system administration for. Experience One. Roll back the clocks to 1995. Montana Internet had just got off of the ground. We put our first customers online late in 1994, and was just getting a userbase. We were the first and only ISP in town. Sometime during february (I believe), we became aware that our core system was "owned" by what we still believe was a group of hackers. We contacted the FBI. To make a long story short, and since my memory of the chronology is not as good as I remember it, here are the key points I remember: 1) The FBI seemed interested, but seemed unwilling/unable to proceed with any formal investigation without "hard evidence". The fact they were on our system obviously did not fall into this. 2) The hackers at one point sent us e-mail to our admin email box offering their services. The FBI wanted us to try to get them on the phone so we could "record them". 3) At some point, the hackers were actually DIALED INTO our hunt group on a regular basis. The phone company wouldn't even consider tracing the call even though a) we belived it was likely the callers were using some method of defrauding the telco and/or b) we didn't want the information ourselves, we just wanted them to get it so that law enforcement could subpoena it. The FBI was no help here. And the "auto traceback *whatever" wasn't in existance yet. 4) In the end, we ended up just shutting down and disconnecting for a week while we re-built (much more securely) from the ground up. Fortunately, we had no competitors and our customers were understanding (I think the front page newspaper article actually helped our business). Summary: We could have nailed these people to the wall if law enforcement would have helped. Experience Two. I believe late 1998 and early 1999 (maybe 97-98, i'd have to look it up), we started getting complaints about a user which was "hacking into systems" and doing "not good things". We recieved 2-3 complaints about the same time, shortly after this user got on our system. One of the complaints was from a major city in the US. The user had hacked into their web server and done some damage. AND they were hot to press charges. Our policy in these matters are basically to disconnect the user UNLESS leaving the user on the system would help build a legal case against them. We also have a policy of not releasing individual identities or logs without a subpoena. Again to shorten the story, we ended up recieving a subpoena. After we released the information, the Feds became involved because "They had been after this person for a long time". Here's the real irritating thing. If the Feds would have moved we could have either set up some sort of "wiretap" (after an appropriate court order) or assisted with anything else they wanted. They could have busted this guys door down and taken him to jail and made an example of him, but nada. After a couple/several months of working with the Feds off and on (about once every 2-3 weeks it seemed), and, in our belief NOT making any headway, our user suddenly requested a service disconnection because his family had to move out of town in a hurry because of some new job or family emergency or something. We immediately notified the Feds, and, of course, as far as we know, they did nothing. Now, there is ONE point in both of these.. In BOTH cases, we were close enough to the person doing this stuff that all it would have been TRIVIAL for the FBI to identify and/or capture the person involved. The problems we have today involve having to TRACK the user back to the source. However, how many times has someone actually KNOWN WHERE THE HACKER IS and who he is and yet the FBI wouldn't do anything? So, to get back to the thread, what would I like to tell the government? First, to get the feds to DO Something when there is an actual, live person doing this type of stuff. Figuring out the source of the current hacks is probably going to be a big project. Why not devote resources to going after those people that we've already tracked down? Second, we MIGHT need some protection from the law in being able to both track down someone and also to prevent these types of intrusions in the future. Primarily, clarification of anti-trust laws and also federal wiretap laws as they relate to these type of activities. Please note that I am generally against the government getting involved in the day-to-day operations of the internet. I am, however, in favor of the government doing anything they can to help US fix the problems. Please note that these opinions are my own. And may or may not be that of anyone I work for. - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------