[Moderator: This was originally made to other lists carrying the
discussion.]
Reply From: mea culpa <jericho@dimensional.com>
Time to debunk the bull again..
> From: Carolyn Meinel <cmeinel@techbroker.com>
> Subject: HHD for 8/17
>
> Have you been wondering about our Web site and War Game? Patience,
> please, we'll be up again! The hacker war against us has escalated to epic
> proportions. Because our opponents are unable to intimidate us, they have
> resorted to attacking the ISP, Rt66 Internet, that serves us, and also are
> attacking our ISP's customers. In an Aug. 8, 1998 attack, these criminals
> caused over $1.8 million in damage against those they held hostage to their
> demands that no one give us access to the Internet. On August 14, the FBI
> publicly announced it is pursuing our assailants.
1.8 million eh? Now, we know that rt66.com staff are most likely on
salary, so lets factor in a few months of their work first of all. Say
they are completely stupid and needed 5 of them rubbing heads for 3 months
to work on this, we can guess that brings the bill up to 30,000 or so, but
hell, lets round up. 50,000 is what it cost in man hours to deal with this
(remember, we are saying *3* months, more than the benefit of the doubt).
Equipment. Lets say they went out and bought top of the line hardware
based sniffers, new machine for shell usage, and more. Another 50,000
bucks. This figure is based on them going hog wild on new equipment, party
expenses, and everything else.
Now.. changing credit card numbers. That is a service provided by the
credit card companies. IF she or RT are claiming this as part of the
damage, lets figure that in. Rough.. 5000 or so customers? 2500 with
credit cards? Takes roughly 10 minutes to call in and change it. Time +
material + helpdesk should realistically go for 5 bucks per card or so.
(we don't play the bullshit inflation game). 5 * 2500 = 12,500
Hrm... what else? Ahh. I bet they hired some consultants to come fix it!
If so, first, fire them if the machine got broken into again.
Now.. lets see what we have here. 50,000 + 50,000 + 12,500 = 112,500
subtotal. 1,800,000 - 112,500 = 1,687,500 left that needs explaining.
Lets say they hire some top notch (cough) security consultants that bill
themselves out at 500/hr, mind you 150/hr is average.
1,687,500 / 500 = 3375 hours. 3375 / 40 = 84.3 weeks if they use one
consultant.
So now.. for that 1.8 million.. they had 5 of their own people working 3
months on this, along with a consultant who worked 84 weeks (well over a
year), and that is how they can explain 1.8 million dollars.
Seems to me that the staff of RT66.com is a bit undertrained, and has no
concept of security. Further, it seems that they have no clue on
intelligent spending to maintain a sane budget.
I have this strange feeling that they have recently read two books...
_Idiots Guide to Spending on Stupid Things_, and _The Happy Hacker_.
> We need volunteers who specialize in gathering forensic evidence.
> Is there anyone whose company sells computer security products that would
Carolyn.. you and rt66 need more than that. You need a clue and a wake up
call.
> Those who are assaulting the customers of Rt66 Internet are the
> worst terrorists in the history of computer crime. If they get away with
Can we leave a bit of the drama out? What about the 100,000 customers of
netcom during Mitnick? Seems that is a BIT bigger than your little pond on
the net.
> they succeed, the whole world will know that a gang of computer criminals
> now has the power to force their will on anyone who wants to use the Internet.
Its amusing that you release this when no widespread public statement was
made by the terrorists. I monitor almost 100 mailing lists, I received
copies of two pieces of mail from the last hack (i assume), and saw no
terrorist demands. There were no threats leveled at the customers of
rt66.com, nor the staff. So.. that in mind, could you share their demands
so that we know you aren't making that up too? It is more than obvious you
are making up the 1.8 million figure.
Lying to the FBI about an investigation is a crime Carolyn. But hell, you
knew that. Not the first time you have lied to FBI agents is it?
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Wed Aug 19 09:40:01 1998