From: Brad [mailto:brad@americanisp.net]
Sent: Thursday, July 12, 2001 9:18 AM> > From: up@3.am [mailto:up@3.am]
> > Sent: Thursday, July 12, 2001 7:23 AM
>
> > I can't help but believe that if even 20% of them
> > were caught and had to spend just a little time (even
hours) with the
> > cops, and had their peecees confiscated, you'd not be seeing
> > nearly the problems we are now.
>
> This is the main point, a script-kiddie hunt, with
prosecution, is the ONLY
> real deterrent. Throw some of them in hotel greybar and
remove them from
> computing, for life, and we may see some of this turn around.I am just concerned about our current legal systems being
able to handle such cases efficently. Well.. Perhaps I
should not use 'legal systems' and 'efficently' in the same
sentence, but you get the idea
Think "Kaspureff" (AlterNIC). They went after, and nailed, him with gusto
and efficiency. I think that the largest problem is "selective prosecution".
A couple of years ago three MHSC servers were root-kitted via the BIND
interface. It took 18x7 man-hours to scrub and bare-metal recover, without
the suspect backups, those three servers. Even then, we couldn't jump the
FBI's $60K damages hurdle. Yet, Kaspureff, with a lot less provable damage,
got caught, grilled, and chilled.
For those that don't know, this case is the best and most well-known example
of [arguably] deliberate DNS cache poisoning on record. If you don't
remember it then you need not comment.
The point is that our legal systems can move with great alacrity, given
sufficient motivation.
