Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Careless LEO Forensics and Suicides
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 4 Oct 2005 14:31:06 -0400 (EDT)

On Mon, 3 Oct 2005, Stefano Zanero wrote:

I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.

This seems to be one of the problems with P2P networks along with clueless
(l)users who end up downloading viruses, worms, malware, spyware,
scumware, INSERT_OTHER_ware. It is something that can also be used as an
excuse by someone who was actually downloading something he/she shouldn't
have been downloading. For one thing, P2P is still tip-toeing through
legal issues here and there, but to think that someone won't use that as a
defense would be moronic. In fact I wonder how many subscribers here will
be looking into the legalities of this for legal matters pending.

In Italy, "trading" this type of material is a distinct charge from
"owning" it.

This is both a pro and a con as well. Supposing someone visited you say an
old college buddy. Let's say he didn't like you much and dropped a USB Key
with 512mb of crap on it. Officials come and arrest you. Would be
difficult to prove its not yours at least over here in the US it would be
if that person who dropped the USB key took the time to do it right.
Consider that same person now selling those USB keys. I'd prefer to see
the seller (if proven to be guilty of selling that crap) have his weiner
lopped off. The person in possession however is more trivial. Is it really
their's? Do they have psychological problems?

I ask you this question: why doesn't law enforcement bother to conduct
an analysis of the computer evidence looking for indications of
third-party intrusion and malware?

I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.

It's not in their best interest to do so. Many tend to forget law
enforcement is a business just like any other. Budgets have to be met and
far too often it would be IN their best interest to 1) keep their quotas
in order, 2) keep their budgets met with ?Oh my gosh, we have
10,000,000,000,000,000 more cyber child porn cases this month... We're
underfunded and need more money?

There is simply no way for law enforcement to know the difference
between innocent and guilty persons based on hard drive data
circumstantial evidence.

Actually there are ways it takes some time to sift through the garbage. I
will give you an example of something I KNOW happened. In a semi-recent
case concerning computer intrusion, the defendant was sentenced to prison
for ?hacking into his former employer?. What the feds either didn't take
time to realize was that at the time of the alledged attack, the defendant
was on a plane. Defendant even had plane tickets to prove this. It never
came out in court though. DA's shot it down because "after all the hacker
was telekinetic anyway". Appeal? Don't bother asking.

As for people committing suicide, I believe those who did commit suicide
actually were in possession with intent. If not why commit suicide. I
would have fought tooth and nail.

J. Oquendo
GPG Key ID 0x97B43D89

"How a man plays the game shows something of his
 character - how he loses shows all" - Mr. Luckey
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]