Security Incidents: Re: Cracked; rootkit - entrapment question?

[JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)]

I have had a lengthy discussion with the FBI on this very issue, just last
month. It is entrapment only if you are law enforcement. Since you are not,
you can do whatever you want. If the attacker is caught because of a false
front you have set up then the police and FBI can still act and prosecute.
Just because the shell you set up is not real does not exonerate the
perpetrator of a crime equivalent to breaking and entering, so-to-speak.

I am in the process of doing the same thing. I am setting up a shadow
intrusion detection system. I am also going to set up several dummy systems.
Right now, I have some things wide open in an attempt to catch some people
that have been poking around where they ought not to be. The 'wide-open' is
heavily monitored and very restricted in reality. However, the perp coming
in is not aware of this.

I'm all for catching and prosecuting everybody from the full-fledged
attacker right down to the 'script kids'. I have ZERO tolerance for this. I
would also like to see some type of cooperative interaction between ISP's
and security people to ensure a rapid reaction. I have a case open with the
FBI. This particular incident took place during the last week of December
and the first week of January. I still have not had any resolution to it.
This is not a criticism of the FBI since the people there are really doing
all they can. Our current legal system is simply not conducive to rapid
response, yet rapid response is what is needed before some person trashes a
syslog containing the only proof tying an event to a perpetrator.

If we have validation for encryption and certificates, couldn't we use some
similar type to validate us as security personnel so we can be verified for
our requests for syslogs from ISP's? That way, we could track down these
people very quickly. I've talked with ISP's during an attack, they have
isolated who it is, but they cannot divulge any information to me so I can
prosecute them. This makes our job a whole lot harder and the consequences
of attacking almost non-existent

And, just for posterity's sake, I do not consider a hacker the same as an
attacker. Maybe I show my age here, but that just isn't the way it started
out.

So much for my soapbox time. This just really flames me.

Cheers,

Jeff

> > > > > > > > > > > > > > > > > > > > > > > > > > <<<<<<<<<<<<<<<<<<<<<<<<<<
Jeffrey L. Nelson        | Cleveland Motion Controls
Network Manager          | 7550 Hub Parkway
                         | Cleveland, Ohio 44125
jnelson () cmccontrols com  | 216-642-5147
> > > > > > > > > > > > > > > > > > > > > > > > > > <<<<<<<<<<<<<<<<<<<<<<<<<<