Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What would you tell the White House?

  • From: Forrest W. Christian
  • Date: Mon Feb 14 01:11:29 2000

(This is probably going to be long winded).

Let me tell you about some experiences I have had with
(unsucessfully) tracking down two hackers/hacker groups.  

These are both REAL stories regarding Montana Internet, which is the local
ISP I helped found and I still am doing all the system administration for.

Experience One.

Roll back the clocks to 1995.   Montana Internet had just got off of the
ground.   We put our first customers online late in 1994, and was just
getting a userbase.   We were the first and only ISP in town.

Sometime during february (I believe), we became aware that our core system
was "owned" by what we still believe was a group of hackers.  We
contacted the FBI.   To make a long story short, and since my memory of
the chronology is not as good as I remember it, here are the key points I
remember:

1)  The FBI seemed interested, but seemed unwilling/unable to proceed with
any formal investigation without "hard evidence".   The fact they were on
our system obviously did not fall into this.

2)  The hackers at one point sent us e-mail to our admin email box
offering their services.   The FBI wanted us to try to get them on the
phone so we could "record them".

3)  At some point, the hackers were actually DIALED INTO our hunt group on
a regular basis.   The phone company wouldn't even consider tracing the
call even though a) we belived it was likely the callers were using some
method of defrauding the telco and/or b) we didn't want the information
ourselves, we just wanted them to get it so that law enforcement could
subpoena it.   The FBI was no help here.  And the "auto traceback
*whatever" wasn't in existance yet.

4)  In the end, we ended up just shutting down and disconnecting for a
week while we re-built (much more securely) from the ground up.
Fortunately, we had no competitors and our customers were understanding (I
think the front page newspaper article actually helped our business).

Summary:  We could have nailed these people to the wall if law enforcement
would have helped.

Experience Two.

I believe late 1998 and early 1999 (maybe 97-98, i'd have to look it up),
we started getting complaints about a user which was "hacking into
systems" and doing "not good things".  We recieved 2-3 complaints about
the same time, shortly after this user got on our system.

One of the complaints was from a major city in the US.  The user had
hacked into their web server and done some damage.   AND they were hot to
press charges.   Our policy in these matters are basically to disconnect
the user UNLESS leaving the user on the system would help build a legal
case against them.   We also have a policy of not releasing individual
identities or logs without a subpoena.

Again to shorten the story, we ended up recieving a subpoena.  After we
released the information, the Feds became involved because "They had been
after this person for a long time".

Here's the real irritating thing.   If the Feds would have moved we could
have either set up some sort of "wiretap" (after an appropriate court
order) or assisted with anything else they wanted.   They could have
busted this guys door down and taken him to jail and made an example of
him, but nada.

After a couple/several months of working with the Feds off and on (about
once every 2-3 weeks it seemed), and, in our belief NOT making any
headway, our user suddenly requested a service disconnection because his
family had to move out of town in a hurry because of some new job or
family emergency or something.   We immediately notified the Feds, and, of
course, as far as we know, they did nothing.

Now, there is ONE point in both of these..    In BOTH cases, we were close
enough to the person doing this stuff that all it would have been TRIVIAL
for the FBI to identify and/or capture the person involved.

The problems we have today involve having to TRACK the user back to the
source.  However, how many times has someone actually KNOWN WHERE THE
HACKER IS and who he is and yet the FBI wouldn't do anything?

So, to get back to the thread, what would I like to tell the government?

First, to get the feds to DO Something when there is an actual, live
person doing this type of stuff.  Figuring out the source of the current
hacks is probably going to be a big project.   Why not devote resources to
going after those people that we've already tracked down?

Second, we MIGHT need some protection from the law in being able to both
track down someone and also to prevent these types of intrusions in the
future.  Primarily, clarification of anti-trust laws and also federal
wiretap laws as they relate to these type of activities.   Please note
that I am generally against the government getting involved in the
day-to-day operations of the internet.   I am, however, in favor of the
government doing anything they can to help US fix the problems.

Please note that these opinions are my own.  And may or may not be that of
anyone I work for.

- Forrest W. Christian (forrestc@imach.com) KD7EHZ
----------------------------------------------------------------------
iMach, Ltd., P.O. Box 5749, Helena, MT 59604      http://www.imach.com
Solutions for your high-tech problems.                  (406)-442-6648
----------------------------------------------------------------------






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.