Re: tlug: spam

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "yn" == NIIBE Yutaka <gniibe@example.com> writes:

    yn> Along with the logs on the host which he failed to remove,
    yn> access logs, and other informations, we almost identified the
    yn> cracker.

Actually, a lot of crackers don't seem to know enough to go looking for 
the logs.  Also, there's a good chance that you catch a "wannabe"
cracker, who is only following up on the work of a real cracker.  The
real cracker is often only identifiable by the new accounts he leaves
behind.

    yn> But what could we do then?  With Japanese tradition, "KOTO WO
    yn> ARADATENAI" (someone please translate this phrase, it's
    yn> something like "don't make trouble, leave it untouched"), it

Jim Breen's EDICT says

荒立てる [あらだてる] /to aggravate/to make serious/

Idiomatic American English would be (imperative forms):
"don't make a federal case of it"
"don't make a big deal of it"
"don't rock the boat" (this is not very accurate)
"let sleeping dogs lie" (in this case, not very accurate)
"it's more trouble than it's worth"

    yn> seems that the site doesn't want to sue, because the damage is
    yn> so low, and it seems that there is no applicable law in Japan
    yn> for cracking itself.

    yn> It's very exciting experience for me, but slightly tired.
    yn> Hacker should learn laws more. hehehe. ;-)

    yn> Any suggestions are very much appriciated.  Thanks in advance.

When I got cracked last year (separate incident from the email
pirates; at least four separate individuals got "red cards" from their
ISPs, possibly but not surely including the real cracker), I got to
know a lot of American and European sys admins.

Things they don't want to hear:

(1) Your netblock is going in my /etc/hosts.deny.
(2) I'm telling all my friends (sys admins) that I got hacked from
    your domain so they'll know who to look for.
(3) I'm calling your upstream provider and telling them that it looks
    like I got hacked from your domain, and you refused to do anything
    about it.

Typical explanations from them:

(1) My domain is secure.  (Use response (1,2,3) above :-/.)
(2) It's one of my customers' kids.  It's being taken care of; I'm not 
    suspending the account yet, but if you see it again the kid's out
    of control and I will nuke the account.
(3) Yeah, me too.  I don't know what to do about it; I reloaded my
    system.  Do you have any advice?

There are blacklists in the U.S., but this is not very accepted.
Also, the big providers are so big, they can't keep track of
individual crackers and spammers.  I think there's more room in Japan
for control at that level.

Informal calls to parents or college deans work pretty well for
students.  Especially the college administrators don't wnat their
schools to end up on blacklists.

--------------------------------------------------------------
Next TLUG Meeting: 13 June Sat, Tokyo Station Yaesu gate 12:30
Featuring Stone and Turnbull on .rpm and .deb packages
Next Nomikai: (?) July, 19:30 Tengu TokyoEkiMae 03-3275-3691
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp