NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2000-03

Subject: Re: Cracked; rootkit - entrapment question?
From: David Brumley (dbrumleyRTFM.STANFORD.EDU)
Date: Fri Mar 17 2000 - 15:11:26 CST

Next message: laLune: "Re: Port 1243"
Previous message: Michael Stone: "Re: Cracked; rootkit - entrapment question?"
In reply to: Robert G. Ferrell: "Re: Cracked; rootkit - entrapment question?"
Next in thread: Eric the Fruitbat: "Re: Cracked; rootkit - entrapment question?"
Reply: David Brumley: "Re: Cracked; rootkit - entrapment question?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Read:
http://www4.law.cornell.edu/uscode/18/1030.html
for the actual statute. After that it's a matter of being a priority for
the FBI (I'm sure they are overworked and have to take cases they think
have a reasonable chance of success).

-david.

On Wed, 15 Mar 2000, Robert G. Ferrell wrote:

> >I keep reading various news articles that indicate that federal law
> >currently states that the FBI is not allowed to investigate if they believe
> >that the damage is under 5,000 dollars per computer
>
> It really isn't a matter of not being "allowed" to investigate; it's more that
> they have great difficulty getting the US Attorney's Office to prosecute cases
> where significant monetary damage isn't demonstrated. You see, once a year they
> have to justify their budget requests to Congress. Congress likes to see hard
> figures. They don't appropriate money for investigating "loss of trust" in a
> company due to an intrusion.
>
> I've seen signs that this attitude may be changing, but it's a very slooooow
> process.
>
> RGF
>
> Robert G. Ferrell, CISSP
> Information Security Officer
> National Business Center, US DoI
> Robert_G_Ferrellnbc.gov
> ------------------------------------------------------------
> Nothing I have ever said should be construed as even vaguely
> representing an official statement by the NBC or DoI.
> ------------------------------------------------------------
>

--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumleyStanford.EDU
Phone: +1-650-723-2445    WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121    PGP: finger dbrumley-pgpsunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
  Securing NT.  Insert Linux boot disk to continue......
	    "I have opinions, my employer does not."

Next message: laLune: "Re: Port 1243"
Previous message: Michael Stone: "Re: Cracked; rootkit - entrapment question?"
In reply to: Robert G. Ferrell: "Re: Cracked; rootkit - entrapment question?"
Next in thread: Eric the Fruitbat: "Re: Cracked; rootkit - entrapment question?"
Reply: David Brumley: "Re: Cracked; rootkit - entrapment question?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]