RE: Recent Attacks

["Joseph Judge" <joej () ultranet com>]

I agree and disagree with Ryan's comments ... 
(and like Steve and mjr's in general :-)

I disagree with the:
> intelligent thought into what the damages really were.  I still say the
> attacker couldn't have done 1.2B in damages, and that's the "crucifixtion"
> dollar amount.  "

I agree with the:
> If someone decides that mapping out the Internet to produce nice-looking
> graphs constitutes a criminal port-scanning attack, you would want to have
> someone force the prosecutors to name reasonable damages, right?  You
> wouldn't want some idiot fed saying "This guy attacked every single
> machine on the Internet for severl years, and caused trillions in
> damages." 

Having spent a very small amount of time in DC with attorneys/etc on 
a "hacking case" -- I am impressed with how far they go to _really_
try to understand what happened and its impact. 

Real damages or not ... people are people. We want to set examples to
deter, we want to summararily execute criminals we "know" are guilty,
and we let OJ free to golf his remaining days away.

I think MJR is right -- there are a _lot_ of folks getting _very_ 
tired of the abuses and, on the other side, the lack of security 
fundamentals when it comes to many sites.

        - joe


        [begin ramblings]
This is the 2nd time in the past few days that Steve mentioned
"time = money". I'm starting to think that some folks don't quite 
understand that there is _serious_ money involved. (Clearly,
this must be the case - since he had to send it twice :-)

Time is not some intagible thing -- where Joe Blow missed his 
trade for 1000 shares of Cisco (damn, lost $5000 / $10000 
/ $100000). Joe Blow feels the tangible loss.

If you could, for example, delay the reporting of NAV prices
for a mutual fund then you could cost that company $millions
in SEC fines + the reputational loss. Is $1.2B in damages
fair - could be.

... and there are large financial services companies using the
Internet for gathering pricing information (currently: this
is their secondary channel, they still have leased lines for
primary).
        [end ramblings]

        -joe



> -----Original Message-----
> From: owner-firewall-wizards () lists nfr net
> [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Steven M.
> Bellovin
> Sent: Friday, February 18, 2000 2:57 PM
> To: Ryan Russell
> Cc: Marcus J. Ranum; Philip J. Koenig; firewall-wizards () nfr net
> Subject: Re: Recent Attacks 
>
>
> In message 
> <Pine.GSO.4.10.10002172007460.4305-100000 () www securityfocus com>, Ry
> an Russell writes:
>
> > Hang on now, that's too easy an example.  I'm not THAT
> > lenient.  What I'm saying is that if Amazon normally
> > does 1M$/day, and on the day od the DDoS attacks,
> > they only do 800K$... but then do 1.2M$ the next day..
> > were there damages beyond investigative costs?
> And E-trade, where *timing* matters a lot to their customers?
>
>               --Steve Bellovin