On Fri, Aug 06, 2004 at 11:00:15PM -0400, Fred wrote:
> On Fri, 2004-08-06 at 11:52, Jeff Kinz wrote:
> ...
> > That said, however, definitely file a report with the Police or FBI.
> > Adding more numbers to that category of crime will raises the budgetary
> > value of enforcing those laws at all levels and so eventually law
> > enforcement will get more resources to follow up, but only if we report
> > the crimes.
>
> The last thing I would want to see is the FBI or the Police grow
> *stronger* from stuff like this. They are bad enough as it is.
I understand concerns about taking liberties with liberty, but you
hurt yourself in that area too, by not reporting these crimes.
By reporting these crimes you help generate data that raises these types
of crimes importance in enforcement mindset, which will eventually
result in resources being allocated away from taking "liberties with
liberty", (if that is your concern), and putting them into tracking
down attackers. (It is understood that these two areas are not
totally exclusive.)
> All in all, I wonder if there is anything meaningful to do to stop such
> attacks, other than securing the system. If the script kiddie lives
> across the street, maybe. If he lives on the other side of this planet,
> probably not.
The same technology which makes it easy for a script kiddie to attack
across the globe with ease can eventually be leveraged to track them
down anywhere on the planet. "Script detectives". This leveraging,
combined with international agreements (some already on place) on cyber
crimes will eventually make it possible to prosecute such global script
kiddies. This won't discourage the professional cyber criminal who is
actually stealing money much, but it should significantly reduce the
number of casual incidents which simply deface or disable a site,
All reputation is local. If a person is identified as a cyber criminal
on the internet, their geographic neighbors can become aware of their
proclivities. Especially if an effort is made to transmit information
about their activities to those geographic neighbors.
("Madam Google, knows all, tells all, please put $2 in the box.")
In most communities that will result in some damage to their local
reputation. (In a few others it may enhance it, of course).
Eventually, due to the speed and ease with which this info can reach
local neighbors and have a person identified to his/her real community
as a criminal. That can cause a change in behavior after a few examples.
> The chances said attacker is local is quite remote. Probably some bored
> person in Russia or South Africa or Taiwan or who knows where.
The chances the attacker is any particular place is quite remote. The
chances that they are local is biased by the fact that the USA has one
of the largest bodies of computer users on the globe. Distance is
pretty much irrelevant. Access to an internet cnxn is what matters.
>
> > If they are not local, the community which they live in is probably
> > interested in knowing who they are and what they do as well.
>
> location. Perhaps he did it anonymously at an Internet Cafe somewhere --
> tons of them in Europe and other parts of the world, and *no security*
> on most of those systems whatsoever. A attacker could very easily stick
> in a floppy or cdrom and upload his attack not leaving a trace.
This does not prevent them from getting caught:
http://www.linux.ie/pipermail/ilug/2004-April/013049.html
> > Also - would you consider putting up a honeypot? If they attacked once,
> > they may try again and it would be much easier to find out who it is
> > if a honeypot is active.
>
> Maybe, but why waste the effort? Just secure the system so it can't be
> compromised again.
hmmm - "We shouldn't try to identify attackers." ? Interesting
philosophy. I wonder ......
> It's a Wild, Wild, Wild Internet. Despite the problems with viruses,
> worms, DoS attacks and spam, I like the fact that it is still free and
> wild, despite the best efforts of governments and corporations. Let's
> seek technological solutions to protect ourselves, not legalistic or
Any solution will HAVE to be technological, but technology alone will
not be sufficient. We will need to use police type agencies to do the
actual apprehension and prosecution. Thats what we pay them for after
all. The folks on this list may be up to securing their systems on
their own, but the general public is not.
> bureaucratic ones. After all, we are in our element here. No need to run
> to mommy government -- she can't help us anyway.
>
> --
> Fred -- [EMAIL PROTECTED] -- place "[hey]" in your subject.
> There are inflows and outflows -- and you're just a little node.
> Know then, what transcendental sets have you.
>
> _______________________________________________
> gnhlug-discuss mailing list
> [EMAIL PROTECTED]
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>
--
Linux/Open Source. The New Base.
Now All your base belongs to you, for free.
Jeff Kinz, Emergent Research, Hudson, MA.
_______________________________________________
gnhlug-discuss mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
