> On Thu, 20 Mar 2008, Alex Eckelberry wrote:
>
> > The FBI has recently adopted a novel investigative technique: posting
> > hyperlinks that purport to be illegal videos of minors having sex,
> and
> > then raiding the homes of anyone willing to click on them.
>
> That's just weird. Since the "video" files contained nothing illegal,
> they must take "clicking on them" as an indicator that other illegal
> things went on in the house containing the computer with the IP address
> in question. Does that stand up in court? If so, why does it stand
> up?
> Where's the presumption of innocence?
>
> Couldn't someone like the recently apprehended SWATTER "lil Hacker"
> make
> some people's lives miserable by gaining access to an IP address via an
> open wireless AP and "clicking on a video"? Couldn't the nearly super-
> powered Red Army CyberWar Battalion hack into, say Michael Hayden's
> home
> PC, and send "click" to the "video", getting the FBI to do a little
> Harrasment & Interdiction on someone who has to be the Battalion's
> Greatest Enemy?
>
> Why do they need someone to "click on a video" if Carnivore I mean DCS-
> 3000
> is so frigging good? Can't the NSA just give the FBI a few hints about
> who
> to monitor based on the Tap Rooms in AT&T central offices? Maybe they
> will
> after Agent Mulder kicks in Hayden's door at 3am some morning.
>
> Also, how do they account for programmatic access? Googlebot, msnbot
> "Yahoo!
> Slurp", and a few other apparent bots scan my web server all the time.
> For
> giggles, I put a "robots.txt" file forbidding access to a couple of
> enticingly
> named directories ("porn", "payroll", stuff like that) that didn't
> actually
> exist in the htdocs/ directory. At least one person or bot has tried
> to access
> those directories. I have to conclude that a mis-guided recursive
> "wget" of
> the wrong IP address might get my door kicked in and all my computers
> confiscated.
> _______________________________________________
[Tom Replied With:]
Maybe the reason someone like the recently apprehended SWATTER "lil Hacker"
doesn't do that is because there's no money in it?
Unless they were to threaten to cause legal issues until the potential victim
were to pay some amount of money.
Thomas J. Raef
e-Based Security, LLC
http://www.ebasedsecurity.com
[EMAIL PROTECTED]
1-866-251-5803
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1335 - Release Date: 3/19/2008 9:54
AM
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
