[10052] in Commercialization & Privatization of the Internet
Concerning CERT
daemon@ATHENA.MIT.EDU (Barry Shein)
Sat Feb 5 05:29:45 1994
Date: Sat, 5 Feb 1994 05:29:18 -0500
From: bzs@world.std.com (Barry Shein)
To: sob@tmc.edu
Cc: karl@mcs.com, com-priv@psi.com
In-Reply-To: Stan Barber's message of Sat, 5 Feb 1994 03:47:39 -0600 <199402050947.DAA04020@tmc.edu>
>From: sob@tmc.edu (Stan Barber)
>It appears that both you and Karl want something fast (where fast is faster
>than CERT) that can't be provided by working together through user groups or
>professional associations.
Fast? Make me an offer.
But I don't think the inapplicability of user groups or professional
associations is due to speed alone.
Perhaps the communications problem here is we are each seeing a
different sort of problem.
Maybe you just want some bug fixes, patches, info about things related
to security you may want to look at hard etc.
What I want (and need), and I don't think I'm the only one, is a lot
broader, tho it includes some of that.
What I want is something a lot closer to a law enforcement agency.
This whole thing is a lot more like what an attorney-general fraud
office handles. Not just how to protect yourself (tho that's useful),
but also the ability to investigate and bring a few perps to justice.
I want someone I can call when I am watching someone crack into a
security site, or passing dozens of bad credit cards etc who does
something, not just asks me to e-mail the story for archiving.
I want someone perhaps I can send good green money to who will
pro-actively inform me in useful and good detail of cracks they have
run into recently that might conceivably affect me. I really don't
want to find out again that this problem was reported to someone N
months ago but I never found out about it cuz they wanted to give the
vendor a chance to develop a patch or whatever reason. What about the
people who were being cracked for 7 months? What's the holdup here?
I want someone who spots the patterns cuz usually it's one or a very
few creeps doing the same thing all over the place and if someone had
the job to track them down I'll bet they'd catch a few. I cannot do
that even if I try except when I am extremely lucky. I am not involved
with law-enforcement investigatory agencies.
I will also chit-chat with everyone I know as I do now, sit and listen
attentively to lists where such things are discussed, etc.
But if this problem was reported in great detail at least 7 months
ago, and it persisted, and it likely was a very small group of people,
and thousands of sites affected over that time, and no one apparently
was even slowed down it's pretty obvious why. No one was trying very
hard, or no one who might have tried had the resources to do so (I
think CERT falls into the latter category, they don't have the
charter.)
This is a far bigger issue than just chit-chatting about ways to close
holes.
I'll repeat myself: There are really evil criminals out there doing
things like this. I have dealt with them.
I have even had them call my house at 5AM trying to intimidate me.
This is not "let's sit around and drink a few beers and exchange war
stories", this is real stuff. There's also livelihoods, jobs and lots
of money involved. There are even people out here willing to spend
money towards some solutions, but ya know what? There's no one taking
that money.
When the problems are on the scale of "tens of thousands of systems"
this is beyond pranks. This is something more akin to organized crime.
That's a helluva lot of effort (or, less likely, a helluva lot of
people involved in the same prank over and over.)
Yes, let's do babble at each other as you suggest, it cannot hurt, it
will almost surely help. I see a lot of things running a system like
this. Things I'm loathe to just jump onto a public newsgroup with for
various reasons (for one thing look how easily conversations get
distracted into bizarre things.)
But there's something more needed here, at least eventually.
Trust me, we're not dealing with things that changing the permissions
on a few files more often is going to solve. A few arrests would go a
lot further, as well as a sense that one is likely to be arrested
before they can manage to compromise tens of thousands of systems over
several months! That's a whole lot of hurt to just end up in a "how to
patch your kernel" report.
>God bless you all (even you Barry!) and Good night.
You too, sorry about the heat but gee golly willikers.
-Barry Shein
Software Tool & Die | bzs@world.std.com | uunet!world!bzs
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
