What to do?

Fri Jan 10 20:49:51 CST 2003

Which would of course lead the network security team to discover that
you also hacked into their system and stole billions and billions of
dollars of proprietary data. You should not have downloaded the data,
that pushed you over the line from hacker to cracker, in our present
society. You could well be the next Dmitry Skylarov or Kevin Mitnick.
Congratulations, you may have just won a free trip to jail. One option
is to call from a pay phone, just make sure to use cash you have never
handled and wear gloves and don't sweat or spit onto the receiver. And
don't stay on too long. The other option is to destroy all records you
have of your "exploration" and walk away.

> -----Original Message-----
> From: Hall, Tony, JCW [mailto:Tony.Hall at jcw.org]
> Sent: Friday, January 10, 2003 2:32 PM
> To: 'Jason Clinton'
> Cc: kclug at kclug.org
> Subject: RE: What to do?
> 
> 
> You said you gained access to a network printer. I can think 
> of nothing
> better than to print a document to their printer informing 
> them that their
> network is insecure...
> 
> 
> 
> -----Original Message-----
> From: Jason Clinton [mailto:clintonj at umkc.edu] 
> Sent: Friday, January 10, 2003 1:50 PM
> To: gphillip at kaiser.aafp.org
> Cc: j_r_sanchez at yahoo.com; kclug at kclug.org
> Subject: Re: What to do?
> 
> 
> gphillip at kaiser.aafp.org wrote:
> > First of all don't post on a mailing list that you stole 
> there client 
> > database.  Even if you didn't do anything malicious, downloading a 
> > client database is not good (even though they left the 
> network open).
> > 
> > As far as informing them, it would be a good samaritan thing if you 
> > sent them an anonymous note.  I wouldn't offer to fix the network.  
> > They may higher a consultant that is able to go through any 
> log files, 
> > find that files were downloaded, then assume that you did 
> all kinds of 
> > bad things to their network.
> >
> 
> First, I agree with both recommendations so far. Stay far, 
> far away from 
> any liability. I've read one-too-many stories about someone 
> who was well 
> intentioned getting slammed with criminal charges.
> 
> I also agree with the recommendation of sending an anonymous note. I 
> should point out, however, that doing this electronically is 
> extremely 
> hard. You're better off to sending a snailmail postcard that you 
> handeled with rubber gloves and that was written by friend in pencil. 
> And either delivered in the middle of the night to their doorstep or 
> sent via mail with a stamp that was moistened with water (NOT 
> saliva) (I 
> know this sounds paranoid, but you'd be surprised at the quantity of 
> resources the FBI has devoted to 'catching those evil 
> hackers' in the past.)
> 
> -- 
> Jason Clinton
> I don't believe in witty sigs.
> 
> 
> 
> majordomo at kclug.org
> 
> 
> majordomo at kclug.org
> 