How do you know if the FBI is going to come after you for an innocent little hack?

Documents reveal feds' methods, though not priorites that make FBI's attention unpredictable


The FBI traced the "various IPs" back to a proxy server web site, from which they traced it to another proxy service called VTunnel. Because VTunnel didn't keep IP address logs covering the time of the attack and the identities stolen from O'Reilly's site were outside the normal security wall, investigators gave up and closed the case.

Though the FBI's reputation for tracking down and arresting members of Anonymous particularly, and hackers in general, is lower than that of British police agencies (who routinely exercise powers of search and seizure verboten by the Constitution in this country, and often arrest the wrong people anyway), the FBI's online investigations are in line with techniques common to commercial IT security firms.

There are a few big differences, most of which are advantages:

First, the FBI goes real-world quickly.

Once an investigation is launched, the FBI is much more able and willing to go interview victims, suspects and anyone else than a commercial security company, which will do as much investigation as possible digitally or by interviewing employees of the company that hired it.

Getting approval from the client for the expense and trouble of having agents interview external witnesses or potential suspects is more expensive and comes with legal-liability hurdles.

The FBI has agents (theoretically) trained in cyber-crime investigations in a "cyber-squad" in each of its 56 regional offices, so it has more feet on the street at lower cost than most security consultants.

Second: the FBI has badges.

If a Kroll Security employee knocks on your door and asks whether you'd like to talk about whether you spent last night wandering around inside a client's network, you can say 'no' and close the door. Kroll might go to the cops or FBI to get a search warrant, but could only get a reaction by presenting some convincing evidence you were personally involved – evidence it might not have until the end of the investigation you're obstructing and which it might not want to present to police until the client has made a decision about what to do about an incident.

If the agent knocking at your door has an FBI badge you can still just close the door. It's much easier for the FBI to accessorize an investigation with search warrants, subpoenas or battering rams than commercial security organizations. So, even if you're not intimidated enough by the badge or the wish to seem innocent, a federal knock on the door carries a much higher level of threat than a commercial one.

Third, the FBI can be really persistent.

Join us:






Answers - Powered by ITworld

Ask a Question