From: Brad [mailto:brad@americanisp.net] Sent: Thursday, July 12, 2001 9:18 AM
On Thu, 12 Jul 2001, Roeland Meyer wrote:
From: up@3.am [mailto:up@3.am] Sent: Thursday, July 12, 2001 7:23 AM
I can't help but believe that if even 20% of them were caught and had to spend just a little time (even hours) with the cops, and had their peecees confiscated, you'd not be seeing nearly the problems we are now.
This is the main point, a script-kiddie hunt, with prosecution, is the ONLY real deterrent. Throw some of them in hotel greybar and remove them from computing, for life, and we may see some of this turn around.
I am just concerned about our current legal systems being able to handle such cases efficently. Well.. Perhaps I should not use 'legal systems' and 'efficently' in the same sentence, but you get the idea ;)
Think "Kaspureff" (AlterNIC). They went after, and nailed, him with gusto and efficiency. I think that the largest problem is "selective prosecution". A couple of years ago three MHSC servers were root-kitted via the BIND interface. It took 18x7 man-hours to scrub and bare-metal recover, without the suspect backups, those three servers. Even then, we couldn't jump the FBI's $60K damages hurdle. Yet, Kaspureff, with a lot less provable damage, got caught, grilled, and chilled. For those that don't know, this case is the best and most well-known example of [arguably] deliberate DNS cache poisoning on record. If you don't remember it then you need not comment. The point is that our legal systems can move with great alacrity, given sufficient motivation.