Re: How to catch a cracker in the US?
On 3/13/14, 7:35 PM, Larry Sheldon larryshel...@cox.net wrote: Not sure I can agree with that. I have been in this game for a very long time, but for most of it in places where the world's population cleaved neatly into two parts: Authorized Users who could be identified by the facts that they had ID cards, Badges, and knew the door code; and trespassers who were all others. Then you new kids came along and (pointlessly, in my opinion) divided the later group into the two described above. See, the way *I* learned it was that part of the creed of the hacker involved why would I want to play with your systems, mine are much cooler.; that is, by definition a hacker is in the first group. --Josh
Re: How to catch a cracker in the US?
On Mon, Mar 17, 2014 at 10:21 AM, Sholes, Joshua joshua_sho...@cable.comcast.com wrote: On 3/13/14, 7:35 PM, Larry Sheldon larryshel...@cox.net wrote: Not sure I can agree with that. I have been in this game for a very long time, but for most of it in places where the world's population cleaved neatly into two parts: Authorized Users who could be identified by the facts that they had ID cards, Badges, and knew the door code; and trespassers who were all others. Then you new kids came along and (pointlessly, in my opinion) divided the later group into the two described above. See, the way *I* learned it was that part of the creed of the hacker involved why would I want to play with your systems, mine are much cooler.; that is, by definition a hacker is in the first group. The point is that 'computer security' involves innovation as much as is done at hacker spaces (which can be geared to hardware or computer security or whatever). I think the difference you're trying to argue is the legality and not the task or process. I think calling the illegal form of the study of computer security cracking, the legal form hacking and people who are cracking who don't know what they're doing script kiddies is irrelevant, useless, and causes useless debates (that I started) like this.
Re: How to catch a cracker in the US?
On 3/17/2014 9:10 PM, shawn wilson wrote: The point is that 'computer security' involves innovation as much as is done at hacker spaces (which can be geared to hardware or computer security or whatever). I think the difference you're trying to argue is the legality and not the task or process. I think calling the illegal form of the study of computer security cracking, the legal form hacking and people who are cracking who don't know what they're doing script kiddies is irrelevant, useless, and causes useless debates (that I started) like this. CORRE! -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
On 3/13/14 6:22 AM, Sholes, Joshua wrote: If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. And both terms are so defined in RFC 1392, dates January 1993. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: How to catch a cracker in the US?
On 03/16/2014 08:51 PM, Jay Hennigan wrote: On 3/13/14 6:22 AM, Sholes, Joshua wrote: If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. And both terms are so defined in RFC 1392, dates January 1993. ... but that's only informational. :)
Re: How to catch a cracker in the US?
On 14 March 2014 05:14, shawn wilson ag4ve...@gmail.com wrote: On Mar 13, 2014 7:37 PM, Larry Sheldon larryshel...@cox.net wrote: .. Sorry for my note. Didn't mean it to sidetrack the question (I probably should've). /me o_O Social perception of hacking affect law-making. Computing security is controlled by moral panic and security theater. Maybe someday a young men will enter prision, for possession of hacking tools... a compiler and a debugger. Fighting paranoia and moral panic is something we should be doing. Making the distinction hacker vs cracker is like a small effort for this. -- -- ℱin del ℳensaje.
Re: How to catch a cracker in the US?
On 3/13/14, 12:35 AM, shawn wilson ag4ve...@gmail.com wrote: A note on terminology - whether you know what you're doing, actually break into a system, or obtain a thumb drive with data that you weren't supposed to have - it has the same end so I'd refer to it by the same term - hacking. Trying to differentiate terms based on skill, target, or data type is kinda dumb. If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. People who are culturally younger tend use hacker, as you are doing, for the former and as far as I can tell no specific term for the latter. If you ask me, this is something of a cultural loss. --Josh
Re: How to catch a cracker in the US?
On Thu, 13 Mar 2014 13:22:40 -, Sholes, Joshua said: If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. For the old-schoolers, a cracker would violate the CFAA to get into a system. A hacker would produce a long list of ways to get in without violating the CFAA. Unfortunately, we no longer have a well-established word for the latter class of people. pgpf2zAaXWLs2.pgp Description: PGP signature
Re: How to catch a cracker in the US?
On Thu, Mar 13, 2014 at 10:13 AM, valdis.kletni...@vt.edu wrote: On Thu, 13 Mar 2014 13:22:40 -, Sholes, Joshua said: If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. For the old-schoolers, a cracker would violate the CFAA to get into a system. A hacker would produce a long list of ways to get in without violating the CFAA. Unfortunately, we no longer have a well-established word for the latter class of people. You're all talkin' 1990s redefinitions here. 1980s crackers cracked the copy protections on software (DRM in modern parlance) while hackers broke in to online systems. Even that is a redefinition. Before that, hackers were anyone who jovially pranked a system in a manner typically unlawful which involved creativity and technical challenge. For example, hackers might arrange for live cattle to appear on the top of the great dome at MIT. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
On Thu, Mar 13, 2014 at 11:45 AM, James R Cutler james.cut...@consultant.com wrote: And Bill documents yet another redefinition. Prior to that time, at MIT a hacker produced a novel variation of technology using it in ways not previously envisioned but not necessarily unlawful. Mating two different generations of telephone keysets or reducing a complex rack mount filter to a single small circuit board with an FET or two are just a couple of examples. One was just a hack, the other an elegant hack. We just called Hi James, Correct me if I'm wrong, but by the time hacker emerged as a word distinct from hack it already carried implications of mischief and disregard for the rules in addition to the original implication of creatively solving a technical challenge. Is that mistaken? Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice? Marcus, if you have not already connected with them, ping me offlist and I will try to connect you with our FBI cybercrime contact. A preservation letter from them to Comcast, to start, will likely be far more effective than one from you. I'm sorry for not responding sooner; I only just saw this as I'm on digest here. Anne Anne P. Mitchell, Attorney at Law CEO/President Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003
Re: How to catch a cracker in the US?
Re: hackers vs crackers I was at one of the early Hackers Conferences in the late 1980s, organized by Stewart Brand (The Whole Earth Catalog, The Well.) The attendees were quite impressive, not sure why I was invited :-) Todd Rundgren, Jerry Pournelle, Ted Nelson, the founders of a number of now big famous companies who probably would rather I didn't list their names, etc were all just some of the attendees. Although there were a lot of computer and network people they were maybe a bare majority. There were also authors, social innovators, artists, etc. Just interesting people. The press heard the word HACKERS and showed up convinced this was a black hat conference. Nothing would dissuade the reporters and wow people tried. They kept churning out 6PM news reports and articles during the conference about how this was a black hat conference where nefarious no-goodniks had gotten together to create evil plots to (who knows what?) Based on nothing, absolutely nothing. They were even given access to the conference to see what was going on for themselves. All because of the word hackers in the conference name. And this was the late 1980s, few of them even knew what a hacker might hack. But it was good press (as in: got eyeballs)! And then of course law enforcement saw the TV spots etc. and showed up to ask some questions and infer some threats. Fortunately not much bad really happened but it was more than a little distracting from the intent of the conference which was just to bring some really bright and creative people together with little structure and let them interact. Hmm, I vaguely rememember someone was in the midst of a criminal case or on parole for something like political activism and was forced to leave (not by the conference, by their parole officer or lawyer or court or some such) because their status forbid consorting with known criminals and they were just asking for trouble. A lot of us vowed to try to keep the hackers vs crackers distinction alive in the public's mind but I can't say it worked. Having lost that battle I guess the term Makers is used today. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: How to catch a cracker in the US?
On Thu, 13 Mar 2014 12:46:06 -0400, William Herrin said: Correct me if I'm wrong, but by the time hacker emerged as a word distinct from hack it already carried implications of mischief and disregard for the rules in addition to the original implication of creatively solving a technical challenge. Is that mistaken? To the contrary - there was a period of time when hacker included those who were responsible for creative hacks that followed the rules *as they actually were*, not as they were generally believed to be. It had the virtue of never having been tried before. James T Kirk was (will be?e?) an old-school hacker of epic level. (Contemplate for a bit why Kirk wasn't bounced out on his butt from the Academy) pgpMkYI6p6jCa.pgp Description: PGP signature
Re: How to catch a cracker in the US?
On 3/13/14, 11:09 AM, valdis.kletni...@vt.edu wrote: On Thu, 13 Mar 2014 12:46:06 -0400, William Herrin said: (Contemplate for a bit why Kirk wasn't bounced out on his butt from the Academy) Apparently the thinking about hacking was a little more permissive in 1966. signature.asc Description: OpenPGP digital signature
Re: How to catch a cracker in the US?
On Mar 13, 2014, at 12:46 PM, William Herrin b...@herrin.us wrote: On Thu, Mar 13, 2014 at 11:45 AM, James R Cutler james.cut...@consultant.com wrote: And Bill documents yet another redefinition. Prior to that time, at MIT a hacker produced a novel variation of technology using it in ways not previously envisioned but not necessarily unlawful. Mating two different generations of telephone keysets or reducing a complex rack mount filter to a single small circuit board with an FET or two are just a couple of examples. One was just a hack, the other an elegant hack. We just called Hi James, Correct me if I'm wrong, but by the time hacker emerged as a word distinct from hack it already carried implications of mischief and disregard for the rules in addition to the original implication of creatively solving a technical challenge. Is that mistaken? Regards, Bill Herrin Bill, Mistaken? Yes. As of early 1960’s - See history of WTBS, Ralph Zaorski, Dick Gruen, Alan Kent, and many others - The then current usage of “hacker” was simply one who produced a “hack” - an unusual or unexpected design or configuration or action which either did the same old thing done more simply/elegantly or which did something new or unexpected altogether. Putting an Western Electric power plant on an Automatic Electric step-by-step for the East Campus telephone switch was one of my “hacks”. James R. Cutler - james.cut...@consultant.com PGP keys at http://pgp.mit.edu signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How to catch a cracker in the US?
On Mar 13, 2014, at 12:24 PM, William Herrin b...@herrin.us wrote: I'm afraid my google-fu doesn't reach back to the 1960's. You don't happen to have a handy reference do you? http://en.wikipedia.org/wiki/Hacker_%28term%29
Re: How to catch a cracker in the US?
On Mar 13, 2014, at 3:24 PM, William Herrin b...@herrin.us wrote: On Thu, Mar 13, 2014 at 3:15 PM, James R Cutler james.cut...@consultant.com wrote: As of early 1960's - See history of WTBS, Ralph Zaorski, Dick Gruen, Alan Kent, and many others - The then current usage of hacker was simply one who produced a hack - an unusual or unexpected design or configuration or action which either did the same old thing done more simply/elegantly or which did something new or unexpected altogether. Hi James, I'm afraid my google-fu doesn't reach back to the 1960's. You don't happen to have a handy reference do you? Regards, Bill Herrin I carry that data in wet storage, interfaced via voice or eyes-on-screen/fingers-on-keyboard. I haven’t been on the MIT campus for more than a few minutes since late 1963. Regarding the Wikipedia entry for “Hacker”: The TMRC/MITAL history ignores the pioneering audio systems work that came out of WTBS (pre-sale to Ted). Ralph Zaorski and Barry Blesser were the best around at that. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How to catch a cracker in the US?
On Mar 13, 2014, at 2:30 PM, James Downs wrote: On Mar 13, 2014, at 12:24 PM, William Herrin b...@herrin.us wrote: I'm afraid my google-fu doesn't reach back to the 1960's. You don't happen to have a handy reference do you? http://en.wikipedia.org/wiki/Hacker_%28term%29 http://www.catb.org/jargon/html/H/hacker.html
Re: How to catch a cracker in the US?
On Mar 13, 2014 7:37 PM, Larry Sheldon larryshel...@cox.net wrote: On 3/13/2014 8:22 AM, Sholes, Joshua wrote: On 3/13/14, 12:35 AM, shawn wilson ag4ve...@gmail.com wrote: A note on terminology - whether you know what you're doing, actually break into a system, or obtain a thumb drive with data that you weren't supposed to have - it has the same end so I'd refer to it by the same term - hacking. Trying to differentiate terms based on skill, target, or data type is kinda dumb. If one came up in this field with a mentor who was old school, or if one is old school oneself, one tends use the original (as I understand it) definitions--a cracker breaks security or obtains data unlawfully, a hacker is someone who likes ethically playing (in the joyful exploration sense) with complicated systems. People who are culturally younger tend use hacker, as you are doing, for the former and as far as I can tell no specific term for the latter. If you ask me, this is something of a cultural loss. Not sure I can agree with that. I have been in this game for a very long time, but for most of it in places where the world's population cleaved neatly into two parts: Authorized Users who could be identified by the facts that they had ID cards, Badges, and knew the door code; and trespassers who were all others. Then you new kids came along and (pointlessly, in my opinion) divided the later group into the two described above. Sorry for my note. Didn't mean it to sidetrack the question (I probably should've). /me o_O
RE: How to catch a cracker in the US?
From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Tuesday, March 11, 2014 8:06 AM Although it's questionable whether or not it's possible to remotely absolutely ascertain whether the attacking machine in question was being operated by miscreants unbeknownst to its actual owner. Though it's 100% correct would this withstand in the court? e.g. nope wasn't me downloading that movie, must have been a hacker misusing my PC, I didn't even know there's a torrent client as you guys call it installed on my PC I only use it to play solitaire.
Re: How to catch a cracker in the US?
On Mar 12, 2014, at 5:10 PM, Vitkovský Adam adam.vitkov...@swan.sk wrote: Though it's 100% correct would this withstand in the court? TIINAL - The Internet Is Not A Lawyer. ; --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: How to catch a cracker in the US?
On Tue, Mar 11, 2014 at 3:00 AM, Markus unive...@truemetal.org wrote: I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice? Hi Markus, A couple of suggestions: 1. Ask Comcast to preserve the records associated with the IP addresses and timeframe in which the problem occurred. They can't give them to you absent a valid US subpoena but they can save them from automatic deletion while you work on that. 2. Be specific about the problem. Be liberal with the shared details! Comcast can be your partner in this endeavor. If you treat them as your enemy by being cagey, they may behave as your enemy by doing the minimum required by law. Which turns out to be not much. 3. Once you have done these things, then go to the police. Share information about your specific contact with Comcast with the police and share your specific police contact with Comcast. This will start them talking, which is half the battle in getting the police to investigate a computer crime. Who knows, U.S. authorities may already be investigating the same user which would make your job so much easier. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
On 3/12/2014 5:41 AM, Dobbins, Roland wrote: TIINAL - The Internet Is Not A Lawyer. NANOGINTI There ARE rules in the environment, however. For example, there is one that I am too lazy to look-up that argues for the use of a .sig separator -- . --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
I heard cheese works really well for catching crackers. Sent from my T-Mobile 4G LTE Device Original message From: Larry Sheldon larryshel...@cox.net Date: 03/12/2014 9:08 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: How to catch a cracker in the US? On 3/12/2014 5:41 AM, Dobbins, Roland wrote: TIINAL - The Internet Is Not A Lawyer. NANOGINTI There ARE rules in the environment, however. For example, there is one that I am too lazy to look-up that argues for the use of a .sig separator -- . --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
On 12 March 2014 14:56, William Herrin b...@herrin.us wrote: .. Who knows, U.S. authorities may already be investigating the same user which would make your job so much easier. lurker mode offAlso, if you just want a deterrent. Having a cop visit the home of the cracker just making questions may send the message we know where you live, so calm the fuck up./lurker mode on -- -- ℱin del ℳensaje.
Re: How to catch a cracker in the US?
Hi, I found that finding them on IRC, or wherever it is that they congregate, and simply talking to them until they incriminate themselves tends to work best. I also found that firewalls, IDS, security audits, antivirus, antimalware etc work almost not at all. The reason for this is pretty simple. Cybercrime is not a technical problem and does not have a technical solution. The solution is just like any other criminal act, find them, get them to confess, and then put a real world face and location to the IRC persona. Easy. Andrew On 3/12/2014 12:16 PM, Warren Bailey wrote: I heard cheese works really well for catching crackers. Sent from my T-Mobile 4G LTE Device Original message From: Larry Sheldon larryshel...@cox.net Date: 03/12/2014 9:08 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: How to catch a cracker in the US? On 3/12/2014 5:41 AM, Dobbins, Roland wrote: TIINAL - The Internet Is Not A Lawyer. NANOGINTI There ARE rules in the environment, however. For example, there is one that I am too lazy to look-up that argues for the use of a .sig separator -- . --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
Ha! ³Easy², in my personal experience (having once upon a time caught a hacker in .ro, but it took six months of work to seal the deal with handcuffs). -- Josh Sholes On 3/12/14, 12:37 PM, Andrew D Kirch trel...@trelane.net wrote: Hi, I found that finding them on IRC, or wherever it is that they congregate, and simply talking to them until they incriminate themselves tends to work best. I also found that firewalls, IDS, security audits, antivirus, antimalware etc work almost not at all. The reason for this is pretty simple. Cybercrime is not a technical problem and does not have a technical solution. The solution is just like any other criminal act, find them, get them to confess, and then put a real world face and location to the IRC persona. Easy. Andrew On 3/12/2014 12:16 PM, Warren Bailey wrote: I heard cheese works really well for catching crackers. Sent from my T-Mobile 4G LTE Device Original message From: Larry Sheldon larryshel...@cox.net Date: 03/12/2014 9:08 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: How to catch a cracker in the US? On 3/12/2014 5:41 AM, Dobbins, Roland wrote: TIINAL - The Internet Is Not A Lawyer. NANOGINTI There ARE rules in the environment, however. For example, there is one that I am too lazy to look-up that argues for the use of a .sig separator -- . --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
On Wed, Mar 12, 2014 at 04:16:13PM +, Warren Bailey wrote: I heard cheese works really well for catching crackers. That's racist.
Re: How to catch a cracker in the US?
Since when do crackers have a stated ethnicity? Isn¹t racism based on race, and not flour content in a baked snack? LOL We accept crackers of all types here.. Flour, rice, wheat, grain, etc. On 3/12/14, 10:14 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Mar 12, 2014 at 04:16:13PM +, Warren Bailey wrote: I heard cheese works really well for catching crackers. That's racist.
Re: How to catch a cracker in the US?
On Wed, Mar 12, 2014 at 1:21 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Since when do crackers have a stated ethnicity? Isn¹t racism based on race, and not flour content in a baked snack? LOL http://en.wikipedia.org/wiki/Cracker_%28pejorative%29 -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
Being caucasian myself, I am inherently aware of the terminology “cracker. How a joke relating to catching crackers with “cheese” was translated into a racial slur is completely beyond my comprehension. In my country, we eat cheese with crackers .. So it would be safe to assume the entirety of my comment was related to molded milk fat and baked grain. ;) On 3/12/14, 10:56 AM, William Herrin b...@herrin.us wrote: On Wed, Mar 12, 2014 at 1:21 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Since when do crackers have a stated ethnicity? Isn¹t racism based on race, and not flour content in a baked snack? LOL http://en.wikipedia.org/wiki/Cracker_%28pejorative%29 -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
And if they were the intended application of the term, I would think that “cheese” would not the the appropriate choice to catch them. However, cheese and crackers would seem to be more a snack, which is at least how I interpreted that original comment. Perhaps I need to drink more… Scott -Original Message- From: William Herrin b...@herrin.us Date: Wednesday, March 12, 2014 at 1:56 PM To: Warren Bailey wbai...@satelliteintelligencegroup.com Cc: nanog@nanog.org nanog@nanog.org Subject: Re: How to catch a cracker in the US? On Wed, Mar 12, 2014 at 1:21 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Since when do crackers have a stated ethnicity? Isn¹t racism based on race, and not flour content in a baked snack? LOL http://en.wikipedia.org/wiki/Cracker_%28pejorative%29 -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
RE: How to catch a cracker in the US?
There's an almost, I don't know the right word, jealous reaction to someone asking for help like this sometimes where people speculate on the legal success etc generally concluding failure. There are many good reasons to try to track a criminal. For one thing, often this is not their only criminal activity so plausibly denying this one activity may not help them in the end. But not if everyone throws up their hands and focuses only on the difficulties! Also, if they stole money or identity information and used it then there should be a trail of that activity. If I steal your credit card and it got used and it got used by the person you suspect stole it for other reasons (e.g., a phishing site was running at their IP) then that's a pretty good hint beyond just proving the one fact (it was their IP.) On the one hand this is not a great forum for getting this advice because of this sort of thing, people who have little to offer in advice start speculating on legalities etc. OTOH, it is likely that people on this list have had first-hand experience with this sort of thing and can usefully recommend what the OP might do next. I've had good and not so great experiences, but it's changed over the years. I've seen real creeps tracked aggressively in real time with warrants flying. I've also had LEO shout at me that they have only very limited resources which sounded like if they rob a congressman call us, otherwise call your congressman and get us more budget first! -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: How to catch a cracker in the US?
On Wed, Mar 12, 2014 at 2:01 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Being caucasian myself, I am inherently aware of the terminology cracker. How a joke relating to catching crackers with cheese was translated into a racial slur is completely beyond my comprehension. Hi Warren, Were you not aware that in the U.S., every statement you could possibly make as well as no statement at all is racist, sexist or in some other way impugns anyone wishing to take offense? The retort, That's racist! is made tongue in cheek. Similar to Freud's phallic symbols, it's offered in response to the use of any word or phrase which has the slightest connection in any context to racism. Which is most of them. If I said, The snow is falling, covering the dirty city in a layer of pristine white, it would be perfectly normal for someone to jokingly return, That's racist! By describing the *city* as *dirty* and then changed not just to *white* but *pristine* white I practically begged for it. When someone says something that actually is racist, we have a whole different vocabulary for expressing disgust. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
So like.. Nerds have a sense of humor all the sudden?? Did I miss a slashdot post or something? ;) (and I used nerd lovingly..) On 3/12/14, 12:48 PM, William Herrin b...@herrin.us wrote: On Wed, Mar 12, 2014 at 2:01 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Being caucasian myself, I am inherently aware of the terminology cracker. How a joke relating to catching crackers with cheese was translated into a racial slur is completely beyond my comprehension. Hi Warren, Were you not aware that in the U.S., every statement you could possibly make as well as no statement at all is racist, sexist or in some other way impugns anyone wishing to take offense? The retort, That's racist! is made tongue in cheek. Similar to Freud's phallic symbols, it's offered in response to the use of any word or phrase which has the slightest connection in any context to racism. Which is most of them. If I said, The snow is falling, covering the dirty city in a layer of pristine white, it would be perfectly normal for someone to jokingly return, That's racist! By describing the *city* as *dirty* and then changed not just to *white* but *pristine* white I practically begged for it. When someone says something that actually is racist, we have a whole different vocabulary for expressing disgust. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
On 3/12/14, 2:05 PM, Scott Morris s...@emanon.com wrote: Perhaps I need to drink moreŠ If you¹re on this list, that¹s practically a given regardless of circumstances. ‹Josh
Re: How to catch a cracker in the US?
On Wed, Mar 12, 2014 at 3:50 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: So like.. Nerds have a sense of humor all the sudden?? Did I miss a slashdot post or something? Geeks, man. Geeks. Nerds have pocket protectors. -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: How to catch a cracker in the US?
I just thought it was Nerds didn't have social lives (not likely to be drinking) They fail the blood alcohol test on sign up to the list here. Regards Alexander Alexander Neilson Neilson Productions Ltd alexan...@neilson.net.nz 021 329 681 On 13/03/2014, at 8:57 am, William Herrin b...@herrin.us wrote: On Wed, Mar 12, 2014 at 3:50 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: So like.. Nerds have a sense of humor all the sudden?? Did I miss a slashdot post or something? Geeks, man. Geeks. Nerds have pocket protectors. -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 smime.p7s Description: S/MIME cryptographic signature
Re: How to catch a cracker in the US?
On Mar 11, 2014 3:09 AM, Dobbins, Roland rdobb...@arbor.net wrote: On Mar 11, 2014, at 2:00 PM, Markus unive...@truemetal.org wrote: Any advice? Start with CERT-BUND, maybe? That is the correct answer, if you want something less settle (and possibly illegal), there were discussions on 'hacking back'. That is, basically having malicious documents with fake (or not) bank/personal information. If you can find who is using the info (some Comcast business IPs have the address in whois) and go OSINT from there (though if you go this route, try to contact LE before you post something and burn bridges). A note on terminology - whether you know what you're doing, actually break into a system, or obtain a thumb drive with data that you weren't supposed to have - it has the same end so I'd refer to it by the same term - hacking. Trying to differentiate terms based on skill, target, or data type is kinda dumb.
Re: How to catch a cracker in the US?
On Tue, Mar 11, 2014 at 2:00 AM, Markus unive...@truemetal.org wrote: Hi, Your goal should be to keep together and preserve all the evidence/documentation you have: make sure you have and can verify the authenticity and chain of custody for all relevant materials that you say evidence attacks and their source, including your trap and how that works, and how it proves the apparent source/origin, contact the local authorities. By the way, without surveillance of the source network, it is really quite impossible to 100% prove that a given IP address is not running a bot and not being used as a proxy or traffic relay. This does not necessarily preclude contacting Comcast as well, to request they preserve records. I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice? Thank you! Markus -- -JH
How to catch a cracker in the US?
Hi, I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice? Thank you! Markus
Re: How to catch a cracker in the US?
On Mar 11, 2014, at 2:00 PM, Markus unive...@truemetal.org wrote: Any advice? Start with CERT-BUND, maybe? Although it's questionable whether or not it's possible to remotely absolutely ascertain whether the attacking machine in question was being operated by miscreants unbeknownst to its actual owner. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
