Re: Holy Crap: Using a Command Prompt is 'SuspiciousBehavior'

["Andre' M. DiMino" <adimino () shadowserver org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The cop talks about his experience as that is the requirement for an
affiant in a Probable Cause statement.

Also, the PC statement is not there to accuse or charge, but to state
the reasons for requesting the warrant. Depending on they type of case,
consent to search is usually requested first, and if denied, the PC
process begins.

Often, a great deal is learned about other parties and individuals by
examining the initial suspect's computer. Many times also, that suspect
is cleared and the investigation follows another trail.

Andre'


Andre' M. Di Mino - SemperSecurus
The Shadowserver Foundation
http://www.shadowserver.org
Skype: sempersecurus
AIM: sempersecurus

"Make sure that nobody pays back wrong for wrong,
but always try to be kind to each other and to everyone else."
1 Thessalonians 5:15


quispiam lepidus wrote:
> On Wed, Apr 15, 2009 at 1:47 PM, Larry Seltzer <larry () larryseltzer com> wrote:
> > I read the whole warrant and I think Paul has a point. The point about
> > using 2 operating systems is strange and irrelevant, but there's a lot
> > more in there than just accusing him of being technically sophisticated.
> > And while there's definitely the accusation in there of evidence of
> > crimes, I'm still not sure what he's accused of. Is it the outing
> > incident? Is it the accusation that he hacked into the BC grading system
> > to fix grades? Is it his "cache of approximately 200+ illegally
> > downloaded movies as well as music from the internet"? That he "jail
> > breaks" cell phones ("possibly stolen ones")?
> >
> > I suppose the lines about how sophisticated he is (the guy's name is
> > Riccardo F. Calixte) are in there to tell the Judge that he's capable of
> > the mass-e-mailing.
> >
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blogs.pcmag.com/securitywatch/
> > Contributing Editor, PC Magazine
> > larry.seltzer () ziffdavisenterprise com
>
> I wondered the same thing. The EFF appear to be alluding to the fact
> he's being charged for the gay profile + emailing to campus mailing
> list of said profile.
>
> I don't get how they think someone who's capable of changing grades
> would leave behind all of the evidence he did. They also stated he
> worked for the IT dept. Surely he'd be aware of the type of logging
> enabled on the campus network?
>
> Maybe the room mate in question is behind it all, they had a falling
> out, he accessed the accused PC, and did the rest himself. It'd
> explain all of the logs left behind ;)
>
> I love how the cop talks about his experience in the warrant
> application :) Also the justification on what they should take (people
> write down passwords you know!), "anything that can be used to store
> computer data, CPU's, scanners, books, yada yada". The central
> processing unit isn't somewhere i'd usually store data, especially
> when my pc is turned off. Scanner? Please. Books? Better take all the
> pens and paper in the house too.
>
> It reminds me of when a certain skiddie got busted a few years ago,
> and they took his alarm clock (non digital!).
>
> Anyways, I'll be interested to see how this one plays out.
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEUEARECAAYFAknlycoACgkQPJaIJoADD64dFQCXQ0SDwcGiPdrHxarit+SNCq6k
fwCgj8zXVAE8rMlR/lvmDg0jLvjFmV0=
=Y4jk
-----END PGP SIGNATURE-----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.