[Dshield] South Carolina, Computer Crime, Bell South, and Related Frustrations (I'm as mad as Hell, and I'm not going to take this anymore!)
Jon R. Kibler
Jon.Kibler at aset.com
Fri Aug 23 15:18:27 GMT 2002
Greetings To All:
If you live or work in South Carolina, have business operations in South Carolina, or you have had your computer systems and/or networks probed or attacked from a source in South Carolina, or if you have had problems with Bell South customers probing and/or attacking your networks, PLEASE HELP!
Where to begin???....
A few of you are probably old enough to remember the 1970s move "Network" (Robert Duvall, Faye Dunaway), where Duvall plays a TV network news anchor that is just one incident short of absolutely losing it -- when on the air he suddenly implores his viewers to... Get up right now, and go to the window, open it, and stick your head out, and yell: "I'm as mad as Hell, and I'm not going to take this anymore!"
Unfortunately, after a couple of long days of doing battle over several nuisance hackers with various ISPs (most notably Bell South), I feel that I am just about to that point. I am mad as Hell over ISPs stone-walling all efforts to prosecute their customers who violate both their AUPs and the law -- and I am not going to take it anymore! IMHO, their stone-walling almost makes ISPs co-conspirators in their miscreant customers' deeds. The ISPs love to arbitrarily and capriciously "extend and enhance" Federal Internet Privacy laws to the point that Computer Crime Laws have become almost unenforceable. It also seems like they would rather support their customers' criminal acts than to lose the revenue those customers generate.
OKAY. End of RANT!
To address these problems, we are trying to formulate an effective strategy to make it easier to go after some of the more offensive hackers by forcing better cooperation from ISPs. Without saying exactly what our tactics will be, I can say that this will be a long, nasty, and intense fight -- but one we do not plan on losing. However, we cannot accomplish this goal without some help from other security admins. Thus, I am writing for your help.
First, a heads-up on changes to South Carolina's Computer Crime Act. It was revised twice during the 2002 Legislative Session and was signed into law by the Governor on July 2, 2002. An official version of the new law is not yet available online, so I have included an unofficial copy (merged current law with changes) as an HTML attachment to this document.
The law has some significant changes that I believe have the potential to make it easier to prosecute hackers and pressure ISPs. Some of the changes I like most are:
o Just about any device containing a microprocessor is now considered a 'computer' and subject to the offenses covered under this law.
o Any attempt to commit an offense under this law is equivalent to the successful commission of the offense.
o The venue of the law is such that a crime is defined to have occurred in the State of South Carolina if the person committing the crime, anything used to commit the crime, or the target of the crime is in South Carolina.
o Each and every attempted or actual act is considered a separate violation of the law, AND each computer and/or network affected by the violation of the law constitutes a separate violation.
o The changes also make illegal unauthorized port scans and related probes to obtain "information about a computer, computer system, or computer network not necessary for the normal and lawful operation of the computer initiating the access."
o The law also explicitly criminalizes using MTAs to send mail to parties other than the authorized users of that computer or computer network (i.e., use of open relays to send SPAM), using open proxies to access other systems, and other similar hacks.
o The law makes the unauthorized installation of a root-kit, the intentional contamination of a system with a virus or worm, the introduction of a Trojan Horse, or taking unauthorized control of a system a felony.
Again, I have attached an unofficial copy of this new law for your perusal... these are just some of my favorite highlights.
How do I think this law will work to our benefit? Because the law creates substantial penalties that make it worth while for prosecutors to pursue relatively minor offenders.
For example, if you have a network of 25 systems, and someone launches a DOS attack against your network -- say 10,000 PINGS OF DEATH -- this would constitute 250,000 violations of the law (10,000 unauthorized accesses, times 25 effected systems, equals 250,000 violations). Most jurisdictions would call such an attack only a single violation of the law and probably decline to prosecute the offender. However, the new SC law makes the attack something that is attractive to prosecute. (Wouldn't your local DA or Solicitor like to say they prosecuted someone for 250,000 counts of Computer Crime?) Also, consider that in this example the fine could range as high as $50,000,000 for a first offense ($200 per violation) of this magnitude.
Needless to say, we plan to exploit the various features of this new law to our maximum advantage in our fight against hackers and their ISPs who seem more interested in protecting their customer base than being good netizens. We also plan to demonstrate that many ISPs -- especially the big regional/national TelCos and CableCos -- are significantly contributing to computer crime under this law through their willful inaction. This is where we need your help -- we need hard data to make our case!
1) If you have computer systems located in South Carolina, we REALLY want to hear from you! Trying to quantify to number of attacks (including port scans, etc.) against SC based systems is CRITICAL to our effort.
2) Regardless where you live, if since July 2, 2002, you have been attacked by a system you believe is located in South Carolina, we REALLY REALLY REALLY want to hear from you! We must try to quantify how much computer crime originates from our state. (By attack, we mean any incident that originated from South Carolina that violates the law, such as port scans, routing email through open relays located in South Carolina, and other deliberate types of attacks/abuses under the law.)
3) If you have had a network security incident that you have traced to a Bell South customer (any state), we also want to hear from you. We are trying to document complaints to Bell South, and their resulting action or inaction.
4) If you have had network security problems with other ISPs with operations in South Carolina, we will be documenting these incidents as well, but we are going to give our priority to Bell South (unless it looks like some other ISP in SC is a worse source of problems).
5) PLEASE DO **NOT** SEND your data at this time! Accumulate it, secure it, and please hold it for potential use!
6) What we would like to receive over the next few days is just a 'heads-up' that you have had an incident that may be relevant to our investigations. Also, should new incidents arise, please let us know that too. All information received will be held in strictest confidence.
Please send incident related 'I want to help' information to: secrpt at aset.com
I suspect that this posting will generate a lot of comments. Please post those comments back to this mail list and do not copy them to the above secrpt address.
I thank everyone in advance for any and all help they can give to this effort.
Jon R. Kibler
Systems Architect/Chief Technical Officer
Jon.Kibler at aset.com
Advanced Systems Engineering Technology, Inc.
389 Johnnie Dodds Blvd., Suite 205
Mt. Pleasant, SC 29464-2969 (Charleston)
Phone: (843) 849-8214
Fax: (843) 849-8215
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list