Re: Who's liable? - fbi

From: Alvin Oga (
Date: 10/14/01

Date: Sat, 13 Oct 2001 15:59:52 -0700 (PDT)
From: Alvin Oga <>
To: "Jay D. Dyson" <>
Subject: Re: Who's liable? - fbi
Message-ID: <>

hi ya

out here ( san jose area ) ... the agencies out here are
fairly lenient and good about investigating computer crimes...

they ( fbi ) get involved when "it" becomes a felony across
interstate lines or gov't property... ( think a felony is anything that
was $10,000 or more in damages ... forgot .. "a small amount"

think they did confiscate some smurf attacker's PCs..
( can't get confirmation etc...since it was under investigation at the time
- told um the sites that maintains potential smurf amplifiers sites etc
- took a month or so of "watching the smurfing going on" ....but dont
  think the smurf'ers been back since

have fun linuxing/securing..

On Sat, 13 Oct 2001, Jay D. Dyson wrote:

> On Sat, 13 Oct 2001, Michael F. Bell wrote:
> > Lets say you are a small realty agency, and you provide internet access
> > to your employees and one of your employees hacks into the Whitehouse
> > website from your internal network.
> <snip>
> > Who is liable?? What can the FBI do at this point?
> No liability is identified at the time. But I guarantee you that
> the FBI will confiscate all machines on site and send them off for
> forensics evidence gathering. Don't bother objecting that it will cause
> your business undue hardship. LEAs don't care. Period.

> Depends on the damages. If they reach a certain amount, the FBI
> will be called in and we're back to situation one as described in the
> earlier part of my reply. If the damages are minimal and don't warrant
> FBI involvement, then eBay will simply absorb the loss, (hopefully) make
> appropriate updates to their security policies, practices and procedures,
> and mush on.
> In the final analysis, any system that can't do even basic
> auditing and accountability on their networks will -- at the very least --
> wind up on many an admin's firewall blacklist. I've been doing as much
> with abuse-friendly networks since the '90s. At most, the FBI will be
> called in and will (in the name of the law) rip that network's systems
> down to the wires.

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: