Well... though..... Got California folks in that database? Identity info?
You are require to inform them under SB1386 of an intrusion.
Some industries also require notification to law enforcement bodies.
What agencies like the FBI do though is track such things. Therefore
even if the event goes 'nowhere' the fact that you are now a statistic
helps the rest of us to prove to our bosses that we should do things.
Don't just blow this off. As Jay says use this as a lesson to build an
incident handling process [www.sans.org has links to samples of
checklists and what not].
Jay D. Dyson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 6 Dec 2005, naptime@gmail.com wrote:
a customers server got hacked.. binary in tact, seems like they were
DDoSing.. strings brings up the irc server, channel name, key.. where
is the fbi address where i can send this information to?
The FBI will not take the case unless you can provide concrete
evidence that your customer suffered more than $10,000 in losses due
to the intrusion. Failing that, there's nothing the FBI will do
unless your customer is very well-connected politically.
I recommend using this this incident as an object lesson in
developing and implementing policies and procedures for intrusion
forensics for your customer. That way, when (not if) the day comes
that you qualify to haul in the FBI, the evidence chain will be
unassailable.
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee."-.
>====<--.
C|~~|C|~~| \------ Jay D. Dyson - jdyson@treachery.net ------/ | =
|-'
`--' `--' `-- The only real 'exit strategy' is victory. --' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQFDlxi5dHgnXUr6DdMRAqdPAKDBKJpD+m2EN7jRBuuXqLnvrjNxSwCbBxMw
gluKaQIUAkWUwlBXOPn/H00=
=iEWj
-----END PGP SIGNATURE-----
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
