Actually, the FBI will not take the case depending on where the incident
is occuring because each field office (56 of them) has a declination
level, based on loss, that they get from the US Attorneys Office in the
Federal Judicial District that they are in. The $ amount of loss will
be different from office to office. It is also a function of the amount
of resources available to that office.
Thus I would still check with the local FBI office and if the Cyber
Crime Supervisor can not help, ask for a referral to a local agency or
task force that will work the case.
ron wilczynski
Jay D. Dyson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 6 Dec 2005, [EMAIL PROTECTED] wrote:
a customers server got hacked.. binary in tact, seems like they were
DDoSing.. strings brings up the irc server, channel name, key.. where
is the fbi address where i can send this information to?
The FBI will not take the case unless you can provide concrete
evidence that your customer suffered more than $10,000 in losses due to
the intrusion. Failing that, there's nothing the FBI will do unless
your customer is very well-connected politically.
I recommend using this this incident as an object lesson in
developing and implementing policies and procedures for intrusion
forensics for your customer. That way, when (not if) the day comes that
you qualify to haul in the FBI, the evidence chain will be unassailable.
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee."-. >====<--.
C|~~|C|~~| \------ Jay D. Dyson - [EMAIL PROTECTED] ------/ | = |-'
`--' `--' `-- The only real 'exit strategy' is victory. --' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQFDlxi5dHgnXUr6DdMRAqdPAKDBKJpD+m2EN7jRBuuXqLnvrjNxSwCbBxMw
gluKaQIUAkWUwlBXOPn/H00=
=iEWj
-----END PGP SIGNATURE-----
