Nmap and FBI Subpoenas
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Nmap and FBI Subpoenas

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Nmap and FBI Subpoenas

    I just got the following email from Fyodor's mailing list:

    Dear Nmap hackers,

    Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm
    hard at work on a holiday Nmap version which should be available by
    Christmas.

    But enough pleasantries -- I want to discuss a sobering topic. With
    increasing regularity this year, FBI agents from all over the country
    have contacted me demanding webserver log data from Insecure.Org.
    They don't give me reasons, but they generally seem to be
    investigating a specific attacker who they think may have visited the
    Nmap page at a certain time. If they see that an attacker ran the
    command "wget http://download.insecure.org/nmap/dist/nmap-3.77.tgz"
    from a compromised host, they assume that she might have obtained that
    URL by visiting the Nmap download page from her home computer. So
    far, I have never given them anything. In some cases, they asked too
    late and data had already been purged through our data retention
    policy. In other cases, they failed to serve the subpoena properly.
    Sometimes they try asking without a subpoena and give up when I demand
    one.

    One can argue whether helping the FBI is good or bad. Remember that
    they might be going after spammers, cyber-extortionists, DDOS kiddies,
    etc. In this, I wish them the best. Nmap was designed to help
    security -- the criminals and spammers put my work to shame! But the
    desirability of helping the FBI is immaterial -- I may be forced by
    law to comply with legal, properly served subpoenas. At the same
    time, I'll try to fight anything too broad (like if they ask for
    weblogs for a whole month). Protecting your privacy is important to
    me, but Nmap users should be savvy enough to know that all of your
    network activity leave traces. I'm not the only one who gets these
    subpoenas -- large ISPs and webmail providers receive them daily.
    Most other major security sites probably do too. Most of you probably
    don't care if someone finds out that you downloaded Nmap, Nessus,
    Hping2, John the Ripper, etc. Nothing on Insecure.Org is illegal.
    But for those of you who do care, there are plenty of mechanisms
    available to preserve your anonymity. Remember this security mantra:
    defense in depth.

    Cheers,
    Fyodor

    --------------------------------------------------
    For help using this (nmap-hackers) mailing list, send a blank email to
    nmap-hackers-help@insecure.org . List archive: http://seclists.org
    Wonder what they hope to find? So many folks hit that URL in a day I can't see how they would get useful information that they don't already have.
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I just read that email not too long ago and I find some humour in it.. It's not going to help them out... oh no.. someone download 3.77... Maybe the FBI should subpeona JupM also because I posted the link that Fyodor mentions on here... people could have obtained it from this site and accessed it.... It's ridiculous... It's another example of the American government wanting total control over everything... If I was Fyodor, I'd modify my privacy policy so that it says logs are wiped every hour.... and that's how often I'd wipe them..

    Anyways, it was an interesting read... and I just wanted to add my 0.02.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
    Share on Google+

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I use wget a lot.. when working on remote computers..

    does using wget make me a terrorist ?

    And you can never proove that the person surfing the insecure.org site at the time the wget is issued is the actual "hacker" !!

    Perhaps they should go and see who visits http://www.gnu.org/software/wget/wget.html

    lmfao
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !
    Share on Google+

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Perhaps they are following procedures and following up on all leads? If they miss one link, even if it is a legit site it could be something the defense could use to protect some spammer or script kiddie from becoming "Bubba's" next buddy.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Share on Google+

  5. #5
    That's true. It's very trendy to join the "down on the man!" crowd every time the FBI sticks its nose in anything, but truth be told, they're just doing their job.

    The complainers are usually the same people who hate cops until the first time they get robbed.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Originally posted here by the_JinX
    I use wget a lot.. when working on remote computers..

    does using wget make me a terrorist ?
    Crap I just DLed the entire Garfield.com archive using a Java program and wget... I'm going to have to burn my harddrive in sulfuric acid and try to place it in the way of a construction vehicle or something...

    Wait what about gcc? We compile exploits with it... maybe it should be made illegal?

    I know... let Bill give us all the tools we need and let there be nothing for download in this world... only commercial software and the OS.
    /\\
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well sounds like I'm good to go for awhile. At least until a newer version comes out. Have almost every tool on a CD by now.

    But regardless, they can come a knockin' anytime they want. Won't find anything on my boxes that would interest them. well maybe........

    cheers
    Connection refused, try again later.
    Share on Google+

  8. #8
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    It sounds like too many of you focus on the trees while ignoring the forest as a whole.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by AngelicKnight
    That's true. It's very trendy to join the "down on the man!" crowd every time the FBI sticks its nose in anything, but truth be told, they're just doing their job.

    The complainers are usually the same people who hate cops until the first time they get robbed.
    Hey Hey,

    For the most part it's not that we hate cops til we're robbed... it's that we hate cops period... At least that's my opinion... They're one of the lowest forms of scum on the planet. Police Officers, State Troopers, FBI or OPP and RCMP if you prefer... They're lousy people for the most part.... Like firefighters... Have you met a younger firefighter? In his 20s... some hot shot preppie guy who's all high and mighty... and untouchable because he's a brave firefighter.. These people think they are Gods because they have a job that puts their lives at risk.. big deal... I honestly don't care if they're killed or not.. I could be electrocuted opening a computer, but I don't make a big deal about it like I'm some brave person.. Who cares about these cops? They're the same cops that will haul me to jail if I hit a guy who breaks into my home, but then they'll drive him to the hospital for stitches.. it's a bunch of bullshit... This is the same thing... Law Enforcement basically says F@#$ peoples rights.... Let's impede the rights of millions of innocent people so that we can possibly catch a single criminal... It's like all this bullshit going on in the US right now.. .my gf's friend spoke out again Bush on a website, one of his friends called some hotline and reported him because he said Bush should die.. suddenly he's no longer allowed to fly in the states... Impeding the rights of an innocent person on the off chance that he's guilty... What ever happened to Innocent until proven guilty.. I say **** the Cops... **** the Goverment and **** Bush up the ass with a 4x4. I don't care if you're the President, the Prime Minister, the Pope or the person who gave me life... You have no right to impede my rights when I'm innocent... If I'm a criminal take away my rights, declare that I'm not even a human being anymore... but until it's proven don't you dare take away what is rightfully mine... Those of you saying it's their job.... and who cares if they're doing it... You people are the problem... you chose to lay down and give up your rights rather than fight for them... I'd drop my hdd in a vat of acid just to spite them.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
    Share on Google+

  10. #10
    Banned
    Join Date
    Jul 2004
    Posts
    119
    ya, what he said. i put my life on the line ever beer i open.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •