What would you tell the White House?
On Sun, 13 February 2000, Randy Bush wrote:
politicans think engineers will try to apply a clueless and inappropriate technical solution to non-technical problems. and they're right.
True. Nevertheless the White House is having a meeting on Tuesday about last weeks Internet incidents. Several people from this list, and other Internet CEO's have been invited. But not everyone will have a chance to say something. If you had the opportunity, what would you tell the politicans? Try to avoid technical jargon. Imagine someone from the Old Executive Office Building is reading this list and will need to summarize the suggestions. If you say "do nothing," please try to justify your position with something more than the government is clueless. For example, how effective was the private sector response.
If you had the opportunity, what would you tell the politicans? Try to avoid technical jargon. Imagine someone from the Old Executive Office Building is reading this list and will need to summarize the suggestions.
My suggestion would be pretty simple: this sort of denial-of-service attack is already grossy illegal in all 50 states and probably under federal law as well, so no new laws are needed. The problem is figuring out who's behind it. Furthermore, ISPs and NSPs have plenty of incentive to track the bad guys down now that their noses have been rubbed in it. The only thing I'd ask from the government is a limited anti-trust waiver so that competing ISPs and NSPs can set up joint task forces and the like to track and respond to such attacks without having to worry that they'd be seen as colluding too much under anti-trust law. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Nevertheless the White House is having a meeting on Tuesday about last weeks Internet incidents. Several people from this list, and other Internet CEO's have been invited.
and everyone i know, including we, are sending junior note-takers.
If you had the opportunity, what would you tell the politicans?
i don't tell politicians. i am too busy trying to keep my side of the sidewalk clean. randy
Sean Donelan wrote:
If you had the opportunity, what would you tell the politicans?
"Enforce the laws that are already on the books." (Now where have I heard that before?) When FBI refuses to investigate incidents with less than $80K damage it only encourages the vandals. A few high-profile arrests in lesser cases would discourage them. Easy. The international aspects are much more challenging. Should countries which refuse to cooperate in tracking down offendors be classified in much the same way as terrorist nations are handled now? Should nations refuse to connect their portions of the Internet to such cyber-terrorists? What about transit via other nations, dialin, satellite? ---------------------------------------------------------- Mike Bird Tel: 209-742-5000 FAX: 209-966-3117 President POP: 209-742-5156 PGR: 209-742-9979 Iron Mtn Systems http://member.yosemite.net/
Ditto... Imagine if they only prosecuted burglars for more than $80K. Yes there does need to be some sort of clip level but its far to high. I don't know if its $80K but its far too high. The best kept secret in America is "what is the real speed limit". Ask a cop and he will tell you "it depends". The same should be true of computer crimes. Mike Bird wrote:
Sean Donelan wrote:
If you had the opportunity, what would you tell the politicans?
"Enforce the laws that are already on the books." (Now where have I heard that before?)
When FBI refuses to investigate incidents with less than $80K damage it only encourages the vandals. A few high-profile arrests in lesser cases would discourage them. Easy.
The international aspects are much more challenging.
Should countries which refuse to cooperate in tracking down offendors be classified in much the same way as terrorist nations are handled now? Should nations refuse to connect their portions of the Internet to such cyber-terrorists? What about transit via other nations, dialin, satellite?
---------------------------------------------------------- Mike Bird Tel: 209-742-5000 FAX: 209-966-3117 President POP: 209-742-5156 PGR: 209-742-9979 Iron Mtn Systems http://member.yosemite.net/
(This is probably going to be long winded). Let me tell you about some experiences I have had with (unsucessfully) tracking down two hackers/hacker groups. These are both REAL stories regarding Montana Internet, which is the local ISP I helped found and I still am doing all the system administration for. Experience One. Roll back the clocks to 1995. Montana Internet had just got off of the ground. We put our first customers online late in 1994, and was just getting a userbase. We were the first and only ISP in town. Sometime during february (I believe), we became aware that our core system was "owned" by what we still believe was a group of hackers. We contacted the FBI. To make a long story short, and since my memory of the chronology is not as good as I remember it, here are the key points I remember: 1) The FBI seemed interested, but seemed unwilling/unable to proceed with any formal investigation without "hard evidence". The fact they were on our system obviously did not fall into this. 2) The hackers at one point sent us e-mail to our admin email box offering their services. The FBI wanted us to try to get them on the phone so we could "record them". 3) At some point, the hackers were actually DIALED INTO our hunt group on a regular basis. The phone company wouldn't even consider tracing the call even though a) we belived it was likely the callers were using some method of defrauding the telco and/or b) we didn't want the information ourselves, we just wanted them to get it so that law enforcement could subpoena it. The FBI was no help here. And the "auto traceback *whatever" wasn't in existance yet. 4) In the end, we ended up just shutting down and disconnecting for a week while we re-built (much more securely) from the ground up. Fortunately, we had no competitors and our customers were understanding (I think the front page newspaper article actually helped our business). Summary: We could have nailed these people to the wall if law enforcement would have helped. Experience Two. I believe late 1998 and early 1999 (maybe 97-98, i'd have to look it up), we started getting complaints about a user which was "hacking into systems" and doing "not good things". We recieved 2-3 complaints about the same time, shortly after this user got on our system. One of the complaints was from a major city in the US. The user had hacked into their web server and done some damage. AND they were hot to press charges. Our policy in these matters are basically to disconnect the user UNLESS leaving the user on the system would help build a legal case against them. We also have a policy of not releasing individual identities or logs without a subpoena. Again to shorten the story, we ended up recieving a subpoena. After we released the information, the Feds became involved because "They had been after this person for a long time". Here's the real irritating thing. If the Feds would have moved we could have either set up some sort of "wiretap" (after an appropriate court order) or assisted with anything else they wanted. They could have busted this guys door down and taken him to jail and made an example of him, but nada. After a couple/several months of working with the Feds off and on (about once every 2-3 weeks it seemed), and, in our belief NOT making any headway, our user suddenly requested a service disconnection because his family had to move out of town in a hurry because of some new job or family emergency or something. We immediately notified the Feds, and, of course, as far as we know, they did nothing. Now, there is ONE point in both of these.. In BOTH cases, we were close enough to the person doing this stuff that all it would have been TRIVIAL for the FBI to identify and/or capture the person involved. The problems we have today involve having to TRACK the user back to the source. However, how many times has someone actually KNOWN WHERE THE HACKER IS and who he is and yet the FBI wouldn't do anything? So, to get back to the thread, what would I like to tell the government? First, to get the feds to DO Something when there is an actual, live person doing this type of stuff. Figuring out the source of the current hacks is probably going to be a big project. Why not devote resources to going after those people that we've already tracked down? Second, we MIGHT need some protection from the law in being able to both track down someone and also to prevent these types of intrusions in the future. Primarily, clarification of anti-trust laws and also federal wiretap laws as they relate to these type of activities. Please note that I am generally against the government getting involved in the day-to-day operations of the internet. I am, however, in favor of the government doing anything they can to help US fix the problems. Please note that these opinions are my own. And may or may not be that of anyone I work for. - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
First, to get the feds to DO Something when there is an actual, live person doing this type of stuff. Figuring out the source of the current hacks is probably going to be a big project. Why not devote resources to going after those people that we've already tracked down?
this is a very good point. a lot of the more adept people have backdoors on hundreds, if not thousands, of machines all over. the fbi may have thought you're problem was one lone little insignificant person but what is very likely is that was one instance of many more systems the same person has hit. -brett
First, to get the feds to DO Something when there is an actual, live person doing this type of stuff. Figuring out the source of the current hacks is probably going to be a big project. Why not devote resources to going after those people that we've already tracked down?
this is a very good point. a lot of the more adept people have backdoors on hundreds, if not thousands, of machines all over. the fbi may have thought you're problem was one lone little insignificant person but what is very likely is that was one instance of many more systems the same person has hit.
This has improved markedly over the last few years (particularly as a result of ISP security people with inside contacts in the FBI educating them about these events), however getting law enforcement to care about computer crimes is still an uphill battle. Depending on who you talk to, you can get immediate all out response or it can sit long enough that there is no chance of getting anything done. I think that perhaps the best thing to bring to washington is the need for education of law enforcement. Not just special divisions but to give at least some idea to everyone. ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------
its kind of hard for them to understand the problems since they do not really have the expertise that is here. Wayne Bouchard wrote:
First, to get the feds to DO Something when there is an actual, live person doing this type of stuff. Figuring out the source of the current hacks is probably going to be a big project. Why not devote resources to going after those people that we've already tracked down?
this is a very good point. a lot of the more adept people have backdoors on hundreds, if not thousands, of machines all over. the fbi may have thought you're problem was one lone little insignificant person but what is very likely is that was one instance of many more systems the same person has hit.
This has improved markedly over the last few years (particularly as a result of ISP security people with inside contacts in the FBI educating them about these events), however getting law enforcement to care about computer crimes is still an uphill battle. Depending on who you talk to, you can get immediate all out response or it can sit long enough that there is no chance of getting anything done. I think that perhaps the best thing to bring to washington is the need for education of law enforcement. Not just special divisions but to give at least some idea to everyone.
---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer
----------------------------------------------------------------------
-- Thank you; |--------------------------------------------| | Thinking is a learned process so is UNIX | |--------------------------------------------| Henry R. Linneweh
Garlic wrote:
The best kept secret in America is "what is the real speed limit". Ask a cop and he will tell you "it depends". The same should be true of computer crimes.
In Ohio you have the posted speed limit (65 rural, 60 in the suburbs, 50 on the inner-city stretches of freeway). But the police can nail you for less if the driving conditions don't support driving that fast. The law refers to "driving too fast under the current driving conditions". -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, President, Chief Website Architect and Janitor sjsobol@NorthShoreTechnologies.net - 888.480.4NET - 216.619.2NET
At 04:15 PM 02/13/2000 -0800, Sean Donelan wrote:
If you had the opportunity, what would you tell the politicans? Try to avoid technical jargon. Imagine someone from the Old Executive Office Building is reading this list and will need to summarize the suggestions.
What else is there to say? Other than vendors, engineers, and smart people everywhere are working diligently with their customers, and within the Internet Service Provider community and Internet community at-large, to help: o Mitigate these attacks, o Develop ways to prevent them in the future, o Develop ways to help service providers & law enforcement identify & prosecute the perpetrators, o Help identify ways to strengthen their products and even deficiencies in the Internet Protocol suite, ...and help make the Internet a better place for e-commerce, etc., to flourish. I think I would also reiterate that no one is particularly at fault in these recent attacks, its just that the Internet was designed to be "open" and, as such, the underlying protocols were never really designed to resist exploits like the ones we have seen recently. It is a community problem, and it is important that we, as a community, do not overreact. - paul
Greetings all, I remember that the topic of possibly adding an Abuse contact in the ARIN database was brought up many months ago. Unfortunately I don't remember what the outcome was. I, like many others, have had to replace my real email address with the abuse@ address due to a deluge of email (especially from those who are using BlackICE defender), along with threatening phone calls from customers, the RCMP and copyright control groups. Furthermore, our abuse team will be posting an ARIN/RIPE/APNIC lookup tool on their publicly-available web page, and have expressed a preference to have their email address included in the ARIN whois. If anyone has a few-paragraph synopsis of the issues raised during the previous discussions, or your own opinons, please feel free to respond. You all may respond privately if you believe that rehashing this discussion is counter-productive. Thanks, Andrea. *********************************************************** Andrea Abrahamsen (nee Di Lecce) (416) 935-6485 SMC Platform Specialist, Network Operations Rogers Cable Inc. 1 Mount Pleasant Road, Toronto, M4Y 2Y5 ***********************************************************
participants (12)
-
Andrea Abrahamsen (Di Lecce)
-
brett watson
-
Forrest W. Christian
-
Garlic
-
Henry R. Linneweh
-
johnl@iecc.com
-
Mike Bird
-
Paul Ferguson
-
Randy Bush
-
Sean Donelan
-
Steve Sobol
-
Wayne Bouchard