Google Answers: Hacking incident(s) logged

View Question

Q: Hacking incident(s) logged - what are our options? ( No Answer, 3 Comments )

Question

Subject: Hacking incident(s) logged - what are our options?
Category: Computers > Security
Asked by: chatmaster-ga
List Price: $20.00

Posted: 18 Nov 2005 05:13 PST
Expires: 18 Dec 2005 05:13 PST
Question ID: 594658

A small collection of people have been attempting to gain admin level
access to my website for a sustained period through a variety of
methods. Eventually they found a weak moderator and managed to achieve
a password through "phishing".

The account was used for malicious intents including 595 unauthorized
admin actions. These include blocking user accounts and altering the
system data and state.

We have logs of the times and IP addresses of the actions.

Some background info:
The site is a chat based site, the server is based in the US, I am the
owner of the site and am a UK based citizen, the recorded IP addresses
are based in the UK.

I have previously liaised with the published UK phone number (found
through http://www.met.police.uk/computercrime/ ) and they responded
with "you need to take it up with the country the server is based in".

The question is, can we take this further, and if so, to which US
agency should we report the matter to, and how?

We would like to put a stop to these persistent attempts to gain
access. The same people have managed to gain many MSN Passports
through social engineering since (focusing on our userbase).

Note: yes, the prevention is better than the cure, and we've
tightened up the security even further, but if they can continue with
the same persistence we still fear another succesful attack.

Answer

There is no answer at this time.

Comments

Subject: Re: Hacking incident(s) logged - what are our options?
From: bozo99-ga on 18 Nov 2005 15:24 PST

The Computer Misuse Act has a section on territorial scope which I
interpret as applying (IANAL) if the accused (supposing you get one)
was in the UK at the time.
Do you need to remind the Met Police of this ?

http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm#mdiv4

Subject: Re: Hacking incident(s) logged - what are our options?
From: clstimmel-ga on 07 Dec 2005 10:07 PST

It depends on the magnitude, but I believe the first stop for incident
repsonse reporting and assistance is the US-federally funded CERT
Coordination center at http://www.cert.org/contact_cert.  Here is
their contact page http://www.cert.org/contact_cert/contactinfo.html.

They are wealth of information.  Perhaps they can even help you with
security practices in this regard.

Good luck

Subject: Re: Hacking incident(s) logged - what are our options?
From: saysach-ga on 07 Dec 2005 11:43 PST

Hi
You should report the phishing crime first at anti-phishing working group

http://www.antiphishing.org/report_phishing.html

Further you can report this matter to internet fraud compaint centre
or look at the appropriate federal investigative law enforcement
agency at

http://www.cybercrime.gov/reporting.htm

Good Luck

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy