From: cdale@silly.techmonkeys.net
Date: Thu Apr 20 2000 - 11:21:45 PDT
I'd never trust IRC logs. However, it is true that plenty of EFnet
servers are running in debug mode, and are shipping -all- conversations,
on channels, and in private, to law enforcement groups. I guess I'd trust
logs that came from the server itself if I had any faith that the ircops
were honest folks. However, I know that half of them are packet kids
themselves. IOW, IRC logs are bullshit. (:
C
On Thu, 20 Apr 2000, Kragen Sitaker wrote:
> Greg quotes B. K. DeLong:
> > I'm highly skeptical. I don't think they've found the person who did
> > the attacks. I think law enforcement is stalling the press and public
> > to keep them off their backs while they find the real person.
> >
> > -- B.K. DeLong, a member of Attrition.org on the recent arrest of
> > 'Mafiaboy' for February's denial of service attacks.
>
> I'm pretty skeptical, too.
>
> On one hand, an inept person or a braggart certainly could have carried
> these attacks off, and in that case they would be catchable. That's
> the RCMP's story on how they caught the guy --- he bragged.
>
> On the other hand, I would expect a braggart to seek pseudonymous
> publicity by claiming the DDOSes as their doing. I haven't seen this,
> although maybe I haven't been watching. Yet the sites chosen seemed to
> be carefully chosen to get press.
>
> Also, I don't recall any attacks against institutions or people who'd
> personally wronged this guy.
>
> The alleged evidence against this guy consists of timestamped IRC logs
> --- presumably produced two months after the fact by one of his
> cronies. What could have induced them to come forward now if they
> didn't come forward in February? Are there reliable sources these logs
> can be cross-checked with --- e.g. multiple sources for these logs, or
> netsplits or other global events? Or are they fabrications by an
> ex-friend bearing a grudge?
>
> I think the evidence suggests that someone wanted publicity, but not
> for themselves. Somebody wanted publicity for the sad state of
> Internet security.
>
> The kind of person who would do such a thing would likely be very
> difficult to catch; they wouldn't tell a soul, and they'd operate
> through a chain of five or more compromised Win98 (welll, possibly
> Linux) machines on cable modems or in ResNets, and they would allow a
> month or more to elapse between compromising their zombies and
> launching the attack --- a month during which they would have no
> contact with their slaves, perhaps even going on vacation in the
> Canadian Rockies for a week or so before the attack.
>
> --
> <kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
> The Internet stock bubble didn't burst on 1999-11-08. Hurrah!
> <URL:http://www.pobox.com/~kragen/bubble.html>
> The power didn't go out on 2000-01-01 either. :)
>
>
This archive was generated by hypermail 2b29 : Thu Apr 20 2000 - 11:13:29 PDT