RE: [funsec] McColo: Major Source of OnlineScams andSpams KnockedOffline (fwd)

From: Nick Newman (no email)
Date: Thu Nov 13 2008 - 08:05:42 EST

  • Next message: Revolver Onslaught: "mail traffic"

    Personally, I haven't been to any SANS courses, but I have a few coworkers who have and have been nothing but impressed with their material. They have an incident response class that deals with packaging up material for LE (what's important and what's not-so-much, forensic "soundness", and chain-of-custody).

    Nicholas R. Newman
    Computer Crimes Specialist
    National White Collar Crime Center
    1000 Technology Drive, Suite 2130
    Fairmont, WV 26554
    1-877-628-7674 x2244
    nnewman at nw3c dot org

    -----Original Message-----
    From: Charles Wyble [mailto:charles at thewybles dot com]
    Sent: Wednesday, November 12, 2008 5:29 PM
    To: NANOG list
    Subject: Re: [funsec] McColo: Major Source of OnlineScams andSpams KnockedOffline (fwd)

    > On to the question about how network operators can help LE: *Collect the data that proves a company such as Intercage/McColo is harboring cybercriminals* and get with your local FBI/Secret Service field office (or your state's Attorney General's office) (or both) and submit a complaint at IC3's website ( because we have an excellent team of analysts that track information like that. Package up the evidence you have and send it out.

    Excellent point. Something like the fine folks at are doing.

    I also believe SANS has some excellent courses on forensics, and things
    like chain of custody etc. Not sure how much that applies to these sort
    of scenarios but it can't hurt to package/handle the evidence in as
    compliant a manner as possible.

  • Next message: Revolver Onslaught: "mail traffic"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD