From: John Bambenek (no email)
Date: Thu Nov 13 2008 - 07:30:39 EST
Something to keep in mind. I don't believe it was McColo that was the
end provider of "badware" per se (and I could be proven wrong), they
simply played the enabling role by hosting it and looked the other way.
Now don't get me wrong, they ought to be kicked offline for
externalizing their costs on the rest of us, but what criminal charges
could be filed here? I'm not a lawyer but the person actually
committing the crime and a person who willing provides tools to someone
committing a crime are in completely different boats.
We could criminalize hosting malicious tools, but then what of nessus,
nmap, wireshark and the host of security tools that are effectively
"dual use"? Child porn being an obvious exception of course, but the
point remains. Negligence is bad and perhaps there are criminal
remedies that can be brought to bear (I'm not a lawyer, I don't play one
on the intarwebs) but I would imagine they would be minor in comparison.
That said, of course this information should be turned over to law
enforcement. It often is.
Charles Wyble wrote:
>> On to the question about how network operators can help LE: *Collect
>> the data that proves a company such as Intercage/McColo is harboring
>> cybercriminals* and get with your local FBI/Secret Service field
>> office (or your state's Attorney General's office) (or both) and
>> submit a complaint at IC3's website (www.ic3.gov) because we have an
>> excellent team of analysts that track information like that. Package
>> up the evidence you have and send it out.
> Excellent point. Something like the fine folks at
> http://hostexploit.com/ are doing.
> I also believe SANS has some excellent courses on forensics, and
> things like chain of custody etc. Not sure how much that applies to
> these sort of scenarios but it can't hurt to package/handle the
> evidence in as compliant a manner as possible.