-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I guess the thing your customer can do is fill in the form at webpage of fedpol www.cybercrime.admin.ch. Like Eva Bollmann had told us at the swinog7 they will forward the request to the legal authority of Brazil. But I guess if there aren't hundreds of same requests nothing will happen.
Bye Thomas -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBP8n4iHHDqx7NFj+9EQITmACfeqr3H86YLUB26d0jYuTGJGUN9JIAnj9A h24QtoCmjG0C3Ogd9n6qLu0O =+LFa -----END PGP SIGNATURE----- -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Olivier M. Gesendet: Sonntag, 30. November 2003 14:03 An: [EMAIL PROTECTED] Betreff: [swinog] server cracked & defaced: legal steps? Hello, Yesterday morning (Saturday), a toyOS^Wlinux server I am "co-administering" has been cracked using a kernel exploit. According to the system and security update logs, it should have been safe (patched) against this threat, but it seems the "online update" thing had a problem. Well, that is not the point of my post: the cracker/script kiddie has left many clues on the server, and according to several logs I belive his IP is 200.158.156.249, from Brasil: inetnum: 200.158.128/18 aut-num: AS27699 abuse-c: ABL226 owner: TELECOMUNICACOES DE SAO PAULO S.A. - TELESP ownerid: 002.558.157/0001-62 responsible: Paulo Arthur Juliano address: Av. Paulista, 2300, 19� andar address: 01310-300 - Sao Paulo - SP (at least the IP which has been used to do the attacks... that may of course be a kind of gateway or anything) He defaced all the homepages running on that server with some stupid text, which caused much trouble and ruined the day of some people (incl. mine, but backups were uptodate so it helped a lot :-). Now, the server owner would like to do something (legal) against the cracker: I guess that is quite difficult, but what do you think: is there *any* way to prosecute him ? First by getting his name from the provider, and then by via fedpol/interpol? Have you done that before? Thanks in advance for your feedback & regards, Olivier ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
