Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Careless LEO Forensics and Suicides
From: "J. Oquendo" <sil () infiltrated net>
Date: Wed, 5 Oct 2005 21:22:43 -0400 (EDT)

On Mon, 3 Oct 2005, Stefano Zanero wrote:

I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.

This seems to be one of the problems with P2P networks along with clueless
(l)users who end up downloading viruses, worms, malware, spyware,
scumware, INSERT_OTHER_ware. It is something that can also be used as an
excuse by someone who was actually downloading something he or she
shouldn't have been downloading. For one thing, P2P is still tip-toeing
through legal issues here and there, but to think that someone won't use
that as a defense would be moronic. In fact I wonder how many subscribers
here will be looking into the legalities of this for legal matters

In Italy, "trading" this type of material is a distinct charge from
"owning" it.

This is both a pro and a con as well. Supposing someone visited you, say
an old college buddy. Let's say he didn't like you much and dropped a USB
Key with 512mb of crap on it. Officials come and arrest you. It would be
difficult to prove it is not yours at least over here in the US it would
be, if that person who dropped the USB key took the time to do it right.
Consider that same person now selling those USB keys. I'd prefer to see
the seller (if proven to be guilty of selling that crap) have his weiner
lopped off. The person in possession however is more trivial. Is it really
their's? Do they have psychological problems?

I ask you this question: why doesn't law enforcement bother to conduct
an analysis of the computer evidence looking for indications of
third-party intrusion and malware?

I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.

It's not in their best interest to do so. Many tend to forget law
enforcement is a business just like any other. Budgets have to be met and
far too often it would be IN their best interest to 1) keep their quotas
in order, 2) keep their budgets met with "Oh my gosh, we have
10,000,000,000,000,000 more cyber child porn cases this month... We're
underfunded and need more money"

There is simply no way for law enforcement to know the difference
between innocent and guilty persons based on hard drive data
circumstantial evidence.

Actually there are ways it takes some time to sift through the garbage. I
will give you an example of something I KNOW happened. In a semi-recent
case concerning computer intrusion, the defendant was sentenced to prison
for "hacking into his former employer." What the feds either didn't take
time to realize - or didn't care about - was that at the time of the
alledged attack, the defendant was on a plane. Defendant even had plane
tickets to prove this. It never came out in court though. DA's shot it
down because "after all the hacker was telekinetic anyway". Appeal? Don't
bother asking.

As for people committing suicide, I believe those who did commit suicide
actually were in possession with intent. If not why commit suicide. I
would have fought tooth and nail.

J. Oquendo
GPG Key ID 0x97B43D89

"How a man plays the game shows something of his
 character - how he loses shows all" - Mr. Luckey
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]