Security Incidents mailing list archives
RE: backdoor
From: "Liam Grant" <Liam.Grant () exodus net>
Date: Tue, 25 Jun 2002 07:53:38 -0700
Not to comment on the rest of the discussion, but in answer to the question of whether people have been charged for leaving machines up after compromise. I am aware of at least one case in the US, reported in the media, where a small ISP was being DoS'd (along with their customers). They managed to get a temporary restraining order requiring the disconnection and proper securing of the computers of 5 major companies taken over and used in the attack. The judge ordered all machines in the hosting data center belonging to those companies disconnected until such time as the owners could show due diligence and care in preventing further attacks through their machines. This is a long way from criminal neglect, and I don't know the further disposition of the case, but it ain't peanuts. Will you be held responsible if your machines are used to attack someone else and you don't do anything (or enough)? It depends on the jurisdiction and the judge. This was before 9/11, so take that into account in the response also. Liam Grant Senior Security Consultant Exodus, A Cable & Wireless Service Delivering the Internet promise www.exodus.net liam.grant () exodus net (781) 522 7621 Office (617) 201 9035 Mobile Address 175 Wyman Road, Waltham MA 02451 [Statements above do not reflect the opinions of my employers.] -----Original Message----- From: Christopher L Calvert [mailto:ccalvert () us ibm com] Sent: Sunday, 23 June, 2002 10:35 PM To: incidents () securityfocus org Subject: Re: backdoor
S.O.P. (Standard Operating Procedures) describe that a compromised box should be considere lost and be installed from scratch.> If you want to play with in isolation to learn more about the culprit that
is your decision. However leaving a compromised system online makes you guilty of criminal neglect. (Aiding and embedding criminals and all that sort of thing.)
This is very commonly quoted to me as a justification for all kinds of security requirements. I have never found case law that supports this point of view; I am even still looking for the actual law or decision that makes this point. I could easily be wrong, and I do agree strongly with the premise but this advice if not legally substantiated is bad. Does anyone have concrete legal case law or decisions to support this point of view and have civil or criminal charges been filed and won on this point as it applies to compromised systems? Thanks... -- Chris
As there is never a good waranty on trying to clean a compromised box you should not attempt it. (After all the box would most likely not be compromised if you were on the front of things.) Hugo.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: backdoor, (continued)
- Message not available
- Re: backdoor Jonas M Luster (Jun 24)
- Re: backdoor Hugo van der Kooij (Jun 26)
- Re: backdoor Greg A. Woods (Jun 26)
- Message not available
- Re: [incidents] Re: backdoor Jonas M Luster (Jun 25)
- RE: [incidents] Re: backdoor Don Weber (Jun 26)
- Re: backdoor Eric Rostetter (Jun 26)
- Re: backdoor Valdis . Kletnieks (Jun 26)