lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue Oct  4 19:31:21 2005
From: sil at (J. Oquendo)
Subject: Re: Careless LEO Forensics and Suicides

On Mon, 3 Oct 2005, Stefano Zanero wrote:

> I would add that in some cases even "sharing" these files on
> peer-to-peer networks can be an innocent act, for instance if you
> bulk-download them from a user, and before inspecting their content
> someone downloads them from your shared folder.

This seems to be one of the problems with P2P networks along with clueless
(l)users who end up downloading viruses, worms, malware, spyware,
scumware, INSERT_OTHER_ware. It is something that can also be used as an
excuse by someone who was actually downloading something he/she shouldn't
have been downloading. For one thing, P2P is still tip-toeing through
legal issues here and there, but to think that someone won't use that as a
defense would be moronic. In fact I wonder how many subscribers here will
be looking into the legalities of this for legal matters pending.

> In Italy, "trading" this type of material is a distinct charge from
> "owning" it.

This is both a pro and a con as well. Supposing someone visited you say an
old college buddy. Let's say he didn't like you much and dropped a USB Key
with 512mb of crap on it. Officials come and arrest you. Would be
difficult to prove its not yours at least over here in the US it would be
if that person who dropped the USB key took the time to do it right.
Consider that same person now selling those USB keys. I'd prefer to see
the seller (if proven to be guilty of selling that crap) have his weiner
lopped off. The person in possession however is more trivial. Is it really
their's? Do they have psychological problems?

> > I ask you this question: why doesn't law enforcement bother to conduct
> > an analysis of the computer evidence looking for indications of
> > third-party intrusion and malware?
> I have asked the same question to law enforcement personnel, but with no
> satisfactory answers for now.

It's not in their best interest to do so. Many tend to forget law
enforcement is a business just like any other. Budgets have to be met and
far too often it would be IN their best interest to 1) keep their quotas
in order, 2) keep their budgets met with ?Oh my gosh, we have
10,000,000,000,000,000 more cyber child porn cases this month... We're
underfunded and need more money?

> > There is simply no way for law enforcement to know the difference
> > between innocent and guilty persons based on hard drive data
> > circumstantial evidence.

Actually there are ways it takes some time to sift through the garbage. I
will give you an example of something I KNOW happened. In a semi-recent
case concerning computer intrusion, the defendant was sentenced to prison
for ?hacking into his former employer?. What the feds either didn't take
time to realize was that at the time of the alledged attack, the defendant
was on a plane. Defendant even had plane tickets to prove this. It never
came out in court though. DA's shot it down because "after all the hacker
was telekinetic anyway". Appeal? Don't bother asking.

As for people committing suicide, I believe those who did commit suicide
actually were in possession with intent. If not why commit suicide. I
would have fought tooth and nail.

J. Oquendo
GPG Key ID 0x97B43D89

"How a man plays the game shows something of his
 character - how he loses shows all" - Mr. Luckey

Powered by blists - more mailing lists