[oclug] tuesday afternoon rant about the FBI and an isp

Billy Omer draven at distmirr.com
Mon Mar 19 17:08:06 EST 2001 

Hey all,
Here's the deal.  I, like many of you on this list and other tech 
savy/hax0r's, can't stand child pornography.  I mean I hate it with a 
passion.  Well last night, I had one of those spells were I wanted to see 
how fast I could 1) find kiddie porn and 2) find all the information I need 
to take them down either by my own force, or the authorities.  Being the 
nice person I am (smile), I first did a whois on them.  Got all the contact 
information (one even being an adult entertainment company!) I or anyone 
else could want (name, address and phone number).  I then did a traceroute 
on the two suspects.  One turned out to be in New York, the other in 
Russia.  After all that, I did a port scan on the sites.  This is when all 
hell broke loose.
I found all sorts of open goodies, telnet, wu-ftpd (smile), ssh, sunrpc 
etc..etc..  I logged all of my findings (like I always do) in a simple 
little text file.  All the info I found, I forwarded off to the fbi and 
interpoll.  Never tried to take down the machines or anything (don't ask me 
why... I guess I'm just a really super nice person).  
Well the next day (this morning), I got an icq message from my co-worker.  
The deal is, my little network is on the network of a branch of the isp I 
used to work at as one of their sys admins.  I'm no longer working there, 
and my friend/co-worker is the owner of that office.  Well he got an email 
around 1am from the network admin and the owner of the isp.  Apparently 
they got a phone call from the FBI.  Turns out, the isp is a member of some 
org. (the name escapes me at this time) that works directly with the FBI.  
The FBI has a port sniffer setup on the backbone for the ISP (Cable and 
Wireless) and monitors EVERYTHING.
When I scanned the machine in New York, a red flag went up.  When I scanned 
the other machine in Russia and touched sunrpc port (a known hack acording 
to the fbi), a flashing neon sign flashed up on their monitors.
The network admin disabled the route for my network.  Since he didn't have 
access to any of my machines, all he knew is there was some script kiddie 
got access to a machine and was about to cause some hell on the network.  
Understandable.  
The owner called me to tell me what was going on (basically to give me some 
extreme heat).  I explained what I was doing, and he started to calm down.  
He then told me that the FBI is now watching my network 24/7.  And I mean 
<u>everything</u>.  He said if it (it meaning a portscan) happens again, 
that the machine will be confiscated by the government.  
What I don't understand is why wouldn't they look at what I was scanning?  
If they did, they would see pictures of 10 year children being sexually 
tortured.  Plus, I just faxed a two page report (to the local branch) with 
the information they needed to take these scum bags down, with the same IP 
that I was scanning.  
Now I live with the fact that every single packet that is sent to/from my 
network (including this very email) is being monitored by the government 
(and probably the sys admin, whom from what I can tell doesn't like me very 
much for what ever reason.  Can't say I blame him, however I do feel that 
he doesn't take the time to think or ask questions before he acts.  He 
could have gone about this in a more mature way if you ask me, but we wont 
get in to that.)

Anyone know what the government is using as a packet sniffer, what 
techniques they use to view the packets etc..?  Has anyone had a similar 
problem?
It appears that the government is finally trying to take control of the one 
thing that is next to impossible to take control of.  Visions of a ‘little-
person’ trying to grab a hold of the horns of a raging bull while wearing 
all red comes to mind.


Thanks for reading this and putting up with my meaningless rant :)
Billy Omer

More information about the OCLUG mailing list