Home page logo
/

basics logo Security Basics mailing list archives

Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: Bennett Todd <bet () rahul net>
Date: Wed, 28 May 2003 15:46:06 -0400

(a) For death threats, start by contacting the FBI (or, if you're
    not in the US, whatever org has local jurisdiction). You need to
    notify the cops first. Urgently. They should advise you for
    everything to follow, but if you aren't lucky to get someone
    who's been down this road before, my _guess_ is that the next
    step will look like:

(b) Look at the actual message headers, examine the chain of
    Received headers, track the sender as far as you can. Either
    they _really_ emailed from {yahoo, hotmail, etc} or they forged
    those addrs from elsewhere, in which case track down the owner
    of the IP from which they forged the email (whois can help).

(c) email postmaster () {domain}, root () {domain}, abuse () {domain}, for
    each domain from which the attacks came. Include complete
    headers along with the messages, explain that your user has been
    threatened and you're working with the {appropriate} police to
    track down the offender. For detailed traceback you should (I'd
    hope) need a court order to receive results, but an advance
    notice that an offence has been committed, even before the court
    order is in place to authorize them to release sensitive log
    data, should help them to capture and preserve needed evidence.

But you really _really_ want to consult with the relevent police
agency before you take any other action; death threats are serious
stuff, not fiddling abuse.

-Bennett

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]