Greg Keizer wrote:
> By Gregg Keizer
> The identities included Social Security numbers, names, and addresses,
> and were transmitted to an unknown hacker by the keylogger, said the
> Department of Revenue in an online FAQ.
> discovered that the keylogger was patiently collecting all taxpayer ID
> data and transmitting it across the net to the person(s) who had
> installed it, and that it had been doing so for at least four or five
> months since it was first installed and before it was stopped.
I have a technical question about how this works and why those
responsible can't be prosecuted.
The news article said the collected data was transmitted across the
net. Wouldn't that require the sabotage software to contain
transmission instructions? Without, how would the stolen data be
collected? Anyway, with the transmission instructions--which would
have to include an address to transmit to---couldn't they trace that
address fairly quickly and arrest those responsible?
If it was going to a "hijacked server", wouldn't the owner be
responsible be negligent for allowing an improperly secured device to
be connected to the Internet? That might not be a criminal office,
but it should be a tort negligence.
Again, I'm not sure of the technical details of the Internet, so
perhaps you could explain it in layman's terms (spell out acronyms).
Also, I guess the "key logger" would consist of a what we used to call
a "terminate and stay resident" program (TSR), like the old DOS
keyboard utilities. But in modern operating systems, aren't all
active processes carefully checked and "registered" in the "Registry"?
Shouldn't audit - anti sabotage software be checking on this every
[public replies please]
[TELECOM Digest Editor's Note: The Oregon governor did assure us in
the original article that they intended to prosecute _anyone they
could catch up with_ in this nefarious scheme. Trouble is in
catching the person(s) involved. Yes, they had to have an IP address
to receive the data, but all sorts of proxy addresses and throw-away
IP addresses make that problematic at best. You can get all sorts of
dial-up accounts to use with whatever IP address is available at the
moment. A dial-up account combined with various proxy servers will
have the governor chasing his tail for quite awhile. Yes, it is a
mess. As to the ignornat stooge who allowed it to happen by getting his
computer infected to start with, I doubt he did anything willfully,
which would be required for a successful prosecution. PAT]
Date: 20 Jun 2006 12:11:53 -0700
From: Lanman <firstname.lastname@example.org>
Subject: Re: Campus Fax Finder
X-Telecom-Digest: Volume 25, Issue 234, Message 11 of 11
> I have a project to determine all of the fax machines on our 4000 line
> campus. I would like to find a software package that I can configure
> with our telephone extentions and dial each one and have it record the
> numbers that receive a fax tone ?? Any ideas ?
> [TELECOM Digest Editor's Note: Are you certain that your only purpose
> with this is to 'check out' the fax machines under the supervision of
> the person(s) who employ you (for this purpose)? In other words, such
> a program, if one exists, would have no reason to stop at 4000 lines;
> it might as well check for fax machines all over the country, and we
> have had some unfavorable reports here of that happening a lot; that
> is, phone rings, someone answers, dead silence because the caller was
> only looking for fax machines, etc. PAT]
Well I am only interested in the phone extentions on our internal
phone switch, I could care less about the fax machines that are
located throughout the country. In the process of replacing an aged
G3 switch and VOIP is an option, but as you know, I still need to
carry analog signals for fax/datacom.