I see your point and agree that it could use qualification. We can only
surmise what their intent is with this bullet item. I am inclined to
think that there are two aspects to this:
1) To remind folks not to do stupid things like taunting a hacker "We know
what you're doing...you're going to jail...blah...blah". This probably
will only make things worse for the attacked systems.
2) They hope that by not contacting the party you will allow
law enforcement to take the case. If you contact the attacker, they
will know they've been caught and will probably leave or destroy evidence
of their intrusion. This probably most closely relates to the cybercrime
funding issue.
I don't think that they are trying to keep you from contacting the
technical contacts from the source domain. I got this pamphlet at a
presentation by our local FBI "cybersleuths". The FBI was pretty
clear that they don't necessarily want to take over an incident
investigation; rather, they would like to at least know about it for their
statistics. It is still really up to the parties to investigate and do as
they wish and ask the FBI to investigate, if desired.
-Jason
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
On Mon, 22 May 2000, Paul D. Robertson wrote:
> Date: Mon, 22 May 2000 11:21:21 -0400 (EDT)
> From: Paul D. Robertson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: NIPC and the community at large...
>
> I've just had a gander at a small 3-page fold-out brochure from the
> U.S. National Infrastructure Proctection Center (No publication number),
> and under "What To Do When You Have Been Victimized", the final bullet
> item is "DO NOT contact the suspected perpetrator."
>
> I'm wondering if this is the start of an end-run around the usual
> community practice of contacting technical contacts during incidents? I
> know there's probably a lot of "Cybercrime" funding at stake here, and I'm
> sure that contacting a single attacker is sometimes a bad idea, but given
> that this is a terse little handout, I worry about the implications of
> emphatic statements without serious qualification.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
--
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
