[May be off topic for IDS, moderator feel free to screen. Also TO:'d to Mr. Leber.] >After talking with the FBI, I was informed that Federal 18 USC >1030 ibid. does not apply. (I have no idea what it actually >says, but many admins thought it applied.) I suggest you contact your local US Attorney's Office or the nearest US Secret Service office. IANAL (retired US Army Military Police), but I believe 18USC1030 does apply to this problem, there just is no investigative interest on the part of the FBI. The USSS recently expanded their program with agents specializing in electronic crime. The local office may be interested in putting a mark on the wall. In any event, it's the US Attorney who must take it before a magistrate or judge and has the final word on what is and what isn't of investigative interest. It never hurts to call the local office of you federal representative or senator, they certainly have the ability to get the local investigators attention and if 18USC1030 indeed does not apply (I'd love to hear the rationale) then they are the ones who can introduce legislation so these acts are actionable. Also, MCI recently went out of their way assisting in tracking down a SYN attacker (search engine keyword: Webcomm). Your long-haul provider may be helpful and with a big-name like MCI or Sprint, it's possible you'll get more attention. >A helpful netizen informed us about US Code Title 487 Section >227. However Section 401 which covers enforcement provisions >refers to "the Commission". The agent in the FBI Computer >Crimes Division we have been working with thinks this means the >FCC. I believe the citation is 47USC227, a net-myth that the Telephone Consumer Protection Act (TCPA) provision prohibiting unsolicited facsimile transmissions also prohibits unsolicited e-mail. It doesn't. One netizen alleges that there has been one out-of-court settlement of a suit brought based on this statute. When pressed for details, he won't provide them. IMHO he's lying; N.B. he charges people to learn about cutting junk mail/e-mail. Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.