Security Incidents mailing list archives
Re: Cracked; rootkit - entrapment question?
From: bob () CAVU COM (Bob)
Date: Wed, 15 Mar 2000 12:21:04 -0500
Seth Georgion <sysadmin () sassproductions com> wrote:
I keep reading various news articles that indicate that federal law currently states that the FBI is not allowed to investigate if they believe that the damage is under 5,000 dollars per computer and if they find out,
... The $5000 limit is on the recently enacted computer crime law. However, there is no lower limit on computers used in interstate commerce, banking, those owned by the federal government, or used in a crime that the FBI otherwise has jurisdiction over. The interpretation by the FBI's Atlanta office is that if the compromised computer does something as trivial as surf the web site of a computer in another state or someone occasionally dials into the computer from another state that that qualifies as interstate commerce. Thus essentially every computer on the Internet is under the FBI's jurisdiction.
By the way our company investigated pursuing damages once, just for kicks, and our legal representatives informed us that damage can only be calculated as loss of critical business and whatever the dollar amount per hour of the employees involved amounts to. This would only include time spent fixing it not time BSing and investigating and stopping work just because you'd like to verify that all 24,000 company computers weren't subject to attack.
... Despite "tough talk" by Reno and Clinton the FBI's computer crime departments are very underfunded and so they can investigate only the most serious cases. While the Atlanta office will not state what their formula is, I suspect $5000-$10,000 would be in the "ballpark", though I've seen them investigate smaller cases. They encourage the reporting of all cases to them. Law enforcement and the courts use different classes of financial loss. Outright theft of money, goods, and services is the most serious and is a crime in its own right. Demonstratable loss of business is less severe. Personnel losing productivity and having to spend time correcting the problem is considered least severe, particularly the time of salaried people. Frequently this cost will not be considered. Do keep in mind that many states have developed expertise in fighting computer crime. Georgia, Virginia, and New York are three. Bob Toxen http://www.cavu.com Fly-By-Day Consulting, Inc.
Current thread:
- Re: Cracked; rootkit - entrapment question?, (continued)
- Re: Cracked; rootkit - entrapment question? Lison, Nathan (Mar 02)
- Re: Cracked; rootkit - entrapment question? Adam Pendleton (Mar 02)
- Re: Cracked; rootkit - entrapment question? Jason Lewis (Mar 02)
- Re: Cracked; rootkit - entrapment question? Roy Wilson (Mar 02)
- Re: Cracked; rootkit - entrapment question? Filip M. Gieszczykiewicz (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 03)
- Re: Cracked; rootkit - entrapment question? Lison, Nathan (Mar 03)
- Re: Cracked; rootkit - entrapment question? Chuck Phillips (Mar 04)
- Re: Cracked; rootkit - entrapment question? Hal Lockhart (Mar 15)
- Re: Cracked; rootkit - entrapment question? Bob (Mar 15)
- Re: Cracked; rootkit - entrapment question? CL: Nelson, Jeff (Mar 15)
- Re: Cracked; rootkit - entrapment question? Jon Lewis (Mar 16)
- Re: Cracked; rootkit - entrapment question? Michael Stone (Mar 17)
- Re: Cracked; rootkit - entrapment question? Robert G. Ferrell (Mar 15)
- Re: Cracked; rootkit - entrapment question? Eric the Fruitbat (Mar 17)
- Re: Cracked; rootkit - entrapment question? David Pick (Mar 20)
- Re: Cracked; rootkit - entrapment question? David Brumley (Mar 17)
- Re: Cracked; rootkit - entrapment question? Eric the Fruitbat (Mar 17)