Re: Crackers & the law

jayjwa <jayjwa@nowhere.org> wrote in
news:slrnchv7ci.ktj.jayjwa@atr2.ath.cx:

> I was just wondering, what are the chances of someone getting
> caught/prosecuted for cracking a system? It seems like it's a very low
> percentage of all the systems cracked.

There arent really that many systems cracked. There are alot of systems
taken over by trojans, or viruses, or malwared to the point of crashing;
but not alot of cracks.

> I've sent a couple of abuse
> reports before, and even on smaller networks, the compromised systems
> where still up, still there, attacking like usual. It doesn't seem like
> much is ever done about it.

What would you want done? Its easier to get a site shut down for porn or
even being rude in newsgroups than it is for cracking, because they can
be verified by the root of the hosting system.

Jail time is even more difficult because you need to show that there was
damage or money loss.

> Is there anyone that's either had someone
> prosecuted for being caught cracking their system or even know of a
> case in which the crackers where caught?

Sure. Ive tracked rootkitters back to their home site, verified other
systems they cracked, proven what sites they got their kits from
(disclaimers on such sites about the files being for learning only are
worthless protection to them by the way), and Ive gotten them all
punished.

The punishments were varied. Accounts deleted. Sites deleted. Their local
paper informed of their actions. Getting their mommy and daddy to take
away their computer. Getting them kicked out of school. Or a lawsuit.

Getting them "caught and jailed" is unlikely unless you are a major
company and the story hit the papers. Then they need to protect their
image so it is worthwhile to keep the machine aside and untouched for a
court case. Part of the reason you dont see alot of that from smaller
sites is the standard answer for a cracked machine of "reformat and start
over". That wipes out the evidence. Few people bother to do any forensics
on a cracked box anymore.

> I'm not so much refering to large world-incidents like with the Sasser
> or Agobot authors, but rather someone exploiting any old system. What
> are the laws in various different countries?

Ahhh thats where it gets fun. I did sysadmin work for an ISP that was
owned/operated by a law firm. I informed the bosses of a cracking where I
was in conversation with the kid. One of his comments was "I am in
xxxxxx. I do not fear your FBI". I was told to give this response... "Why
would we want to have police in this? That will get us nothing. You have
damaged our reputation, our business, cost us money and overtime to fix
it. Very expensive in the US. We will sue you, in your country. You might
not own much more than that computer, but what you do own, your parents
own, your ISP, and anyone who helped you get online will be ours." As far
as I know there is no country where you cannot sue for damages, and some
of them have very scarey legal actions for that. Later we were joking
about it and an additonal comment came up that countries in which it is
difficult to do a court thing for one reason or another tend to have
really cheap options for having someone pay them a "personal visit". >:)

DISCLAIMER: of course I am not personally recommending any of this.

Gandalf Parker
-- There is no such a thing as having "too many" locks on your door.
But there is such a thing as having ridiculous number of locks.

"Gandalf Parker" <gandalf@most.of.my.favorite.sites> wrote in message
news:Xns9546751D39FD5gandalfparker@208.201.224.154

> Jail time is even more difficult because you need to show that there
> was damage or money loss.

You are confusing civil and criminal cases. Civil cases do not involve jail
time.

> Getting them "caught and jailed" is unlikely unless you are a major
> company and the story hit the papers.

Yes, you are very, *very* confused.


--
use hotmail for email replies

"ynotssor" <ynotssor@example.net> wrote in
news:2ocn4oF95g2jU1@uni-berlin.de:

> "Gandalf Parker" <gandalf@most.of.my.favorite.sites> wrote in message
> news:Xns9546751D39FD5gandalfparker@208.201.224.154
>
>> Getting them "caught and jailed" is unlikely unless you are a major
>> company and the story hit the papers.
>
> Yes, you are very, *very* confused.

I didnt mean to give the impression that the size of the company made a
difference in the law. Ive rarely seen smaller companys pursue it down that
road.

Gandalf Parker

"ynotssor" <ynotssor@example.net> writes:

]"Gandalf Parker" <gandalf@most.of.my.favorite.sites> wrote in message
]news:Xns9546751D39FD5gandalfparker@208.201.224.154

]> Jail time is even more difficult because you need to show that there
]> was damage or money loss.

]You are confusing civil and criminal cases. Civil cases do not involve jail
]time.
While in theory what you say may be true, in practice he is right. damages
is what catches the police attention.


]> Getting them "caught and jailed" is unlikely unless you are a major
]> company and the story hit the papers.

]Yes, you are very, *very* confused.

NO he is not. The police tend not to go after criminal prosecutions unless
there has been a large loss of money (real or imaginary). It costs them
toomuch time and effort to make it worthwhile otherwise. Just as you are
unlikely to get police attention if you say some mugger just robbed you of
10 cents.

unruh@string.physics.ubc.ca (Bill Unruh) wrote in
news:cfrgrj$pf1$1@nntp.itservices.ubc.ca:

>]> Getting them "caught and jailed" is unlikely unless you are a major
>]> company and the story hit the papers.
>
>]Yes, you are very, *very* confused.
>
> NO he is not. The police tend not to go after criminal prosecutions
> unless there has been a large loss of money (real or imaginary). It
> costs them toomuch time and effort to make it worthwhile otherwise.
> Just as you are unlikely to get police attention if you say some
> mugger just robbed you of 10 cents.

Thanks, but to be fair there is also the fact that small companies arent
likely to set aside the computer and logs (for evidence in court), pester
the detectives to see if they have new info, pursue new info themselves
and provide it to the detectives (usually an important thing since IT's
will tend to know some tricks that the detectives dont), and show up in
court. They usually just reformat and start over.

Ive done forensics for alot of companies but the smaller ones treat the
report more as just hints on what to do to prevent it better, and
something interesting to talk about during lunch.

Gandalf Parker
-- Oh bother, my honeypot is empty again