[1923] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: WARNING: Break-in attempts

daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Jun 22 02:28:29 1998

Date: Sun, 21 Jun 1998 12:52:28 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>
cc: Shaun Hedges <shedges@shaw.wave.ca>, linux-security@redhat.com
In-Reply-To: <199806210631.IAA01608@cave.BitWizard.nl>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Sun, 21 Jun 1998, Rogier Wolff wrote:

> He modified the systems he attacked without consent or approval of the
> owner. 
> 
> The modification consists of getting stuff into the log files.

If you mean probing the system remotely "modified" it by appending the log
files....I'd say that's one hell of a stretch.  Opening connections to a
few ports is not necessarily a breakin.

> As far as I'm told, this would be enough to get a conviction in the
> state of Oregon, and possibly many more. 

I doubt that.  Having recently dealt with the FBI in a case where real
damage was done, I was quite surprised to find just how hard it is to get
the FBI to take an interest and how hard it is for them to get the US
Attorney to give them the go ahead to investigate a case.  You need to be
able to show that thousands of dollars of damage has been done.  An
unsuccessful breakin attempt doesn't cause a whole lot of financial 
damage.  Then, even if you can show sufficient damage was done, you have a
good chance of finding the person responsible is a minor (under 18 in the
US), and the FBI can do nothing to them.  I guess I was unfortunate that
neither the compromised system nor the person who compromised it, nor any
of the other systems he was traced to were in Oregon.

> It happened to Randal Schwartz, read about it at
>    http://www.lightlink.com/spacenka/fors/
> 
> Americans, it could happen to you next time, do something about it!

Has anyone seriously looked into challenging the constitutionality of
Oregon's computer crimes law?

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post