> My stomache turns every time I see an exceptionaly ordinary system > administrators suddenly wet their pants and quiver with excitement and > anticipation when they come to the conclusion they can really be > important secret agents, wooed by police, intelligence officers and the > media. Its a enormous waste of public and private funds. And all for the > ego and self-delusion of glorified computer managers who are devoid > of any real life. I find the ego trips to be quite parallel to egos of hackers (at least once the situation is under control and their pants have dried) ;-) Truth is, as far as a business aspect is concerned, the best thing you can do is to find out how they were vulnerable and to direct them towards implementing appropriate security measures that will fit into the current security policies or effectively enhance the security of the site and its policies. :-) I have seen time and time again these administrators panic and get led astray in the "crisis" of the presence of a hacker. If the site did not take appropriate security measures to begin with, they usually find it quite overwhelming and cannot see things clear enough to make sound judgements as to how to go about effectively securing the networks. And usually its uncalled for. Its a tough call to make. As Julian Assange asked, are they being malicious? If they are not, can you play the odds and hope that they won't become malious in order to buy time for making sound decisions as to how to go about securing their network and systems. I dealt with a site that was in a real crisis situation. The hackers had malious intent and were carrying it out over and over again. The system was pulled off the network to control the situation and await a patch from the vendor. In the meantime, someone in the same office frustrated by the outage connected the machine back to the network and gave the hackers yet another opportunity to reck havoc on the system. That was an out of control situation. The users needed to be educated as to the threat, the system and network needed to be secured appropriately. and what they all failed to see in the beginning is that all of this takes time and careful planning. Plans that should include steps to take if another intruder ever finds their way into the network again. I have also dealt with sites that were notified in one way or another that an intrusion had occurred, yet with no malious activities. They were being used for warez sites or island hopping, or whatever. When I assisted these sites, they were wholly involved in securing the big picture not just how to get out hacker x, y, and z. As far as the authorities? I have heard some real success stories, but overall things are difficult when trying to prosecute in the states (and third world countries ;-) A lot of countries don't even have hacking laws and you are left in the same boat: effectively securing the systems and the network. So as the NiKe commercial say "Just Do It". Nonetheless, I do suggest copying evidence off to tapes, etc. It doesn't hurt and maybe you might find some useful information later when you have time to review the archives of their activity. Also, it is managements decision to pursue a legal investigation. If they are interested, then the evidence is ready to take to the authorities; if they aren't and they don't want to waste time or money, then you CYA and that is a very important thing to do. :-) Hope this helps! Diane Davidowicz ------------------------------------------------------------------------ Better to keep your mouth shut and let people think you are a fool, then to open it and remove all possible doubt. -forgot the author Take my advice. I'm not using it. -a magnet on my refrigerator. ------------------------------------------------------------------------