RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: mike.h (mike.h_at_stemik.com)
Date: 05/30/03
- Previous message: Lipski, Andrzej: "RE: Security for Notebooks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Fri, 30 May 2003 14:35:00 -0400
If the messages are, in fact, illegal threats AND CREDIBLE, then do not
delay contacting law enforcement.
Even if the sender is in the US, spoofing headers is relatively easy, so
there's no guarantee that the message can be traced by that method. A lot
depends upon the technical sophistication of the sender. In other words,
even if Yahoo cooperates in the investigation, that alone may not be
sufficient to discover the sender's identity. It may be possible to back
trace through the log files of the various systems through which the mail
passed. The writers of some viruses have got themselves caught this way.
Typically, log files are not kept very long, and only a law enforcement
agency would have the authority to demand them from the owners.
This is a lot of work, and there's no guarantee of success, so it's rarely
used in such cases. If the threats are targeting someone who is not "in the
public eye", it's very probable that the recipient knows the sender. Any
respectable investigator would begin with the "disgruntled" employees,
"jilted" boyfriend, or other classic "hate crime" candidates known to the
sender.
It would be nice to think that people smart enough to be sophisticated
hackers would also be smart enough not to engage stupid or illegal behavior,
but unfortunately, technical skill and emotional maturity are independent
qualities.
mike.h
-----Original Message-----
From: Shawn Duffy [mailto:pakkit@codepiranha.org]
Sent: Thursday, May 29, 2003 1:49 PM
To: Jay Woody
Cc: stephenbbaker@hotmail.com; security-basics@securityfocus.com
Subject: Re: Distressing, possibly life threatening emails from free
accounts (yahoo, hotmail
You need to get the original headers from the recipient of the message.
That will have the sender's IP address. From there you can send the
headers to Yahoo's abuse department (don't know the address offhand). Who
knows if it will actually be addressed by them but that is all you can do.
If they ARE life-threatening then your best bet is to contact your local
law enforcement agency, give them the headers and the emails, and they
will submit a subpoena or search warrant to Yahoo for user records. Yahoo
HAS to respond to those. However, if the offending user is outside the
US, there still may ne nothing they can do. Though Yahoo will close the
account. Either way, you will never know the identity of the real sender,
at least from this... the law enforcement agency won't tell you who it is
once they have the records, nor should they, and neither will Yahoo.
Shawn Duffy, CCNA CCSE
email: pakkit at codepiranha dot org
web: http://codepiranha.org/~pakkit
gpg key: http://codepiranha.org/~pakkit/pakkit.asc
gpg fpr: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A
having problems reading email from me?
http://codepiranha.org/~pakkit/pgp-trouble.html
On Wed, 28 May 2003, Jay Woody wrote:
> Send them an e-mail telling them they have won $1,000,000 and you need
> their name and address.
>
> JayW
>
> P.S. We just went through this too and there is basically nothing. We
> started blocking mail from that address, but they can just get another
> one if they are really persistent. We changed the person's e-mail
> address also, from John.Smith to John.X.Smith or something like that too
> for external mail. About all you can do is get the police or FBI
> involved. Sorry.
>
> >>> "steve baker" <stephenbbaker@hotmail.com> 05/27/03 11:38AM >>>
> One of our users has received questionable and possibly life
> threatening
> emails from a yahoo account that was created recently. They have
> approached
> us to find out as much as we can pertaining to the person sending it.
>
> Of course, we are not YAHOO so we cannot determine anything about the
> mail
> other than the content.
>
> How can we find out who sent this?
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > > > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Lipski, Andrzej: "RE: Security for Notebooks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
