Section 21.2 Prosecution | Real World Linux Security Prentice Hall Ptr Open Source Technology Series

21.2 Prosecution

It certainly is very satisfying to "put the bastard in jail," but rather hard to accomplish, and probably it will take a lot of your time. If your management is not interested in this, you might even seriously risk getting fired for not attending to the company business of administering the systems.

Certainly, you need to determine if the company "wants to keep it quiet," as many do. Most companies and government agencies consider that the publicity of a break-in implies that there is a deficiency in security that will scare customers away or cause an outside investigation of the agency and its management to occur. Thus, "fix it but keep it quiet" frequently is the policy.

In this case, giving the perpetrator the choice of cease and desist or arrest probably will convince her to leave you alone but do maintain a vigilant watch. (If someone tries to get into our systems, the Adaptive TCP Wrappers software adds an entry to /etc/hosts.allow to lock them out of all services permanently. UDP services are not offered. For those sites that do support UDP services, IP Chains may be used to lock 'em out.)

Realistically, unless real harm is caused, attempting prosecution will not be worth the effort of many days of gathering evidence, telling your story to your boss, his boss, your company's lawyers, the police officer, the police detective, the district attorney's office, and the judge, and then possibly seeing the criminal get off with probation or being found innocent because he hired a good attorney and the DA's office was more interested in a new murder case.

Certainly, getting him fired from his job or expelled from school might be a better alternative if the powers that be are amenable to this. Many aren't. The author was shocked that a harmful and vicious random attack originating from a student account at the University of Houston (Texas) got barely "the time of day" from either their SysAdmins or the university police. The final resolution was "the student was talked to."

If you do proceed to court, do play the game of giving a clean-cut appearance. If you are a guy, consider wearing a suit and cutting your hair or tying it back, and take off what earrings you can. Women will make a good impression by appearing to be "prim and proper." You can celebrate surviving court by getting a new tattoo or piercing!

In the courtroom, as when dealing with "legal types" in other contexts, do take the time to consider the question and the implications of any answers. Expect the defendant's attorney to do his best to trick you or to get you angry and look foolish. This is his job. Do not let him sway you or start to doubt your competence or the quality of your evidence. In your mind, you should have decided the guilt of the criminal already and court should be a formality. If the case has been publicized, do expect lots of other crackers to try to break into your system and damage it to the maximum extent possible.

Top