Dailydave mailing list archives
Re: Weev's collateral damage.
From: "J. Oquendo" <joquendo () e-fensive net>
Date: Wed, 21 Nov 2012 13:21:21 -0600
On Wed, 21 Nov 2012, Daniel Clemens wrote:
Raises Hand ( 1 ) . A few times.... In one case that I can share I was sitting through the Jury selection process. It was interesting since this ended up being a child exploitation case and the defendant was stating that somehow a 'virus' has systematically downloaded , organized and labeled his collection. I didn't make it through the second round of selection after they asked if anyone had 'forensic experience' or 'malware analysis experience'. They somehow thought that since I had a clue then this wasn't good for the weirdo even if their defense was weak. Takeaway; We have to remember each side has a role to play. I think it has more to do with the the record that if you have federal charges brought against you, they will win 99% of the time. They generally don't pick up cases they will loose easily. The threat of ignorance by the our population is a greater threat than the `computer experts`. One would have to disagree. Each case is different. While we can agree that they will have a hard time statistically, we can't say the end will always be despair. In the end our justice system doesn't suffer fools lightly. This goes both ways for idiots as well as those who would attempt to corrupt the system through common 3rd world methods.
I don't know how many instances of malware I have analyzed in say the last two years. Had I to guess... To the tune of at least 80-100 samples easily. Minor stats for lack of me documenting it all https://www.virustotal.com/user/efensive/ http://www.malgenomeproject.org/policy.html (#23) I have TO DATE yet to find/analyze an instance of malware that dumped, pulled or pushed child porn onto a machine or from a machine. Not to say it doesn't exist... However, evidence is evidence and this is what matters at the end of the day. The fact you can label someone a weirdo shows you were likely not a good pick. Not being critical but you need to put aside personal prefs, likes and dislikes as a juror. As for the "takeaway" I can tell you from experience, there is a lot that never makes the light of day in a trial. This is evidence that gets argued way before jurors are seated. Much of this evidence is helpful/hurtful to either party. This is the game of a trial - "how best to present things that are favorable to your cause" where an argument by either side, dictates what a jury will and will not see. In weev's case, his attorney may not have been fully prepared to deal with this tidbit. There aren't that many "techie" lawyers and both sides will butcher technology descriptions often annoying and confusing the jury. As for "more to do with the record" this is a farce. It all boils down to politics and money period. I have had companies I provided incident response/forensics compromised, worked with authorities in document EVERY DETAIL to the letter and that includes chain of command response/documentation, etc. To date, this number has been 4... All four instances? Nada. Zip, zilch, nothing. Wasn't sexy enough to go after some telco fraudsters. Now, when you throw uber companies into the mix, "nefarious" characters. Its a no brainer. The mere fact weev has a prior on his record, gives a DA the green light to make it a spectacle (set an example). Next up? Don't know maybe a cybercrime center with weev as the prime case... Been there done that. Logically, justice should be just that justice. Do not let our interpretations and realities of justice fool you. Its all about the Benjamins at the end of the day and the high likelihood the prosecutor need buffer his/her resume for their foray into the private sectors of law. "Responsible for the prosecution of the most dangerous cybercriminal who compromised a Fortune 50" ... So boring/distorted most of these cybercrimes are. Again, from experience, NO ONE here will see/know/understand that case. To do so, one need get every transcript, read through it all, see all evidence presented. dot dot dot... Been there done that. Had two machines worth of EVERYTHING printed submitted as evidence. Really? Yes two machines with man pages, whatever was installed in /usr/local/share, etc. all printed. Obviously when pallets full of "evidence" was presented it showed overwhelmingly... You get the point. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Weev's collateral damage. Dave Aitel (Nov 21)
- Re: Weev's collateral damage. Ali-Reza Anghaie (Nov 21)
- Re: Weev's collateral damage. J. Oquendo (Nov 21)
- Re: Weev's collateral damage. Don Bailey (Nov 21)
- Re: Weev's collateral damage. Daniel Clemens (Nov 21)
- Re: Weev's collateral damage. J. Oquendo (Nov 21)
- Re: Weev's collateral damage. Charisse Castagnoli (Nov 26)
- Re: Weev's collateral damage. J. Oquendo (Nov 21)
- Re: Weev's collateral damage. Kristian Erik Hermansen (Nov 21)
- Re: Weev's collateral damage. Ali-Reza Anghaie (Nov 21)
- Re: Weev's collateral damage. gold flake (Nov 26)
- Re: Weev's collateral damage. Ali-Reza Anghaie (Nov 21)
- Re: Weev's collateral damage. Dan Tentler (Nov 21)
- Re: Weev's collateral damage. Jeffrey Walton (Nov 21)