Re: Update on mail bombing threats--not so funny

David Kennedy (76702.3557@compuserve.com)
14 Jan 97 01:49:44 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: crumrig@us-state.gov: "Re: Update on mail bombing threats--not so funny"
Previous message: Alex F: "Re: Security Books"

[May be off topic for IDS, moderator feel free to screen.  Also TO:'d to Mr.
Leber.]

>After talking with the FBI, I was informed that Federal 18 USC
>1030 ibid.  does not apply.  (I have no idea what it actually
>says, but many admins thought it applied.) 

I suggest you contact your local US Attorney's Office or the nearest US Secret
Service office.  IANAL (retired US Army Military Police), but I believe
18USC1030 does apply to this problem, there just is no investigative interest on
the part of the FBI.  The USSS recently expanded their program with agents
specializing in electronic crime.  The local office may be interested in putting
a mark on the wall.  In any event, it's the US Attorney who must take it before
a magistrate or judge and has the final word on what is and what isn't of
investigative interest.  It never hurts to call the local office of you federal
representative or senator, they certainly have the ability to get the local
investigators attention and if 18USC1030 indeed does not apply (I'd love to hear
the rationale) then they are the ones who can introduce legislation so these
acts are actionable.

Also, MCI recently went out of their way assisting in tracking down a SYN
attacker (search engine keyword: Webcomm).  Your long-haul provider may be
helpful and with a big-name like MCI or Sprint, it's possible you'll get more
attention.

>A helpful netizen informed us about US Code Title 487 Section
>227.  However Section 401 which covers enforcement provisions
>refers to "the Commission".  The agent in the FBI Computer
>Crimes Division we have been working with thinks this means the
>FCC. 

I believe the citation is 47USC227, a net-myth that the Telephone Consumer
Protection Act (TCPA) provision prohibiting unsolicited facsimile transmissions
also prohibits unsolicited e-mail.  It doesn't.  One netizen alleges that there
has been one out-of-court settlement of a suit brought based on this statute.
When pressed for details, he won't provide them.  IMHO he's lying; N.B. he
charges people to learn about cutting junk mail/e-mail.

Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.

Next message: crumrig@us-state.gov: "Re: Update on mail bombing threats--not so funny"
Previous message: Alex F: "Re: Security Books"