Its probably a ploy by TerraCom to recoup losses by potentially suing someone who in good faith notifies the blind business. Ummmmm if they call that a business.

Hopefully Scipps can testify on the State and Federal side of the matter and see exactly what the heck is going on in the TerraCom meltdown.

Not only that, if you think about it, how did the Chinese know to search for that data within, if that was truly what they were after?

Its all about ease of access. No one wants to take the time to jump through hoops to keep data secure. There are tons of ways to keep hackers out. But if you want to mix sensitive data in with common data and expose the data – and yourself – to hackers, then you too are as guilty. If there is no due Diligence nor Due Care, then the same thing will happen again and again.

Do they honestly “think” that they will not be caught? I mean do they ‘think” that their trails are completely covered ?

Obviously they are not thinking and their trails are not covered.

But, as many hackers that have fallen in the past year to year and a half – even some of the HIGH end hackers – many still want to follow their footsteps, right to the cell next door.

IF its about making a statement – there are other safer methods that may not give you jail time.
IF you get jail time, parole or otherwise, stand by to be branded as “untrusted” for the REST OF YOUR LIFE. More than likely your only recourse will be jobs which pay close to minimum wage.

All for the glory of a single moment or news article. And a little bragging rights by an “ego-testical” hacker. Is a small moment in glory worth limiting your true potential for potentially the rest of your life?

Some – not all of these individuals blindly follow orders down a path that they have NO idea what they are getting themselves into. You have a choice, sure, one that may end up in a jail cell or, one that may end up in front of a microphone , calmly and collectively speaking your mind about a certain issue.

There are other alternatives. The SEO crawlers LOVE creativity in respect to a Forum. As long as the Forum is “clean” of any foul software or obvious threats, the Search Engines will crawl all over the site and the keywords will fly to the top of the search engine heap.

Need attention? Look yourself in the mirror and honestly ask yourself that question? Ask yourself if what you are doing, or have done is truly worth it. Ask yourself how much better you might sleep, or enjoy life without looking over your shoulder.

With the success the Feds have had in the past year and a half with tracking down the Higher end hackers, its only a matter of time before they perfect their ways and arrest more of the same. It’s only a matter of time before they get the next batch of hackers.

In respect of hackers and potential hackers – Your fate is in your hands, I hope you make a wise choice.

I suppose it’s better late than never.

I can almost here some one saying:

“Thats going to cost alot of money and knock down our profit magin! Can’t we do this investigation in house? Can’t the PR people figure out how to word the responses so we don’t knee-jerk people into complaining. How can we rectify this occurence without making it look like it was a big deal ?”

There isn’t any proof data was extracted, because the people who are attempting to look for clues are – actually clueless. They way I look at it, the comanies who act as true profiteers ( somewhat close to racketeers, pirates and such) look at success only in the piles of cash they are able to produce. Risk, which most consider – is unmerited and cuts into the “bottom line”. So, how long can a company operate with minimal security controls in place before thy pants fall around their ankles?

Oh, we have a nest egg for fines. We have insurance in case an incident occurs that is beyond our control.

They also see that most class action cases crash and burn, so being sued successfully is minimal. So it’s a report it when you can, clean it up, mop and move forward. They occasionally listen for the knock on the door from an entity that may request more information or, have an intent to sue them for the way they are running their business. Most will shrug and say the stereotypical line – it was only a matter of time before they hacked us too. We’re a victim here, we were doing it the same way everybody else is doing it.

The law isn’t strict enough when it comes to the storage of personal information. Some businesses think of it like craps at the casino. There is only a small chance that your number is going to come up (in a bad way), so whil the gettin’ is good, enjoy the success at a minimal cost.

Until the CC agency slaps them silly with a hefty fine. Same with the government. There should be a mandatory, set fine per individual (person) record that was breeched. In order to lower the fine, security controls like full disk encyption, in-line IPS, a staff that is qualified, and up to date on certifications, may allow for a litle of the fine to be offset, but no more than half. the initial fine needs to sting. Otherwise its a flea bit and the shoddy businesses can afford it and pay it without doing any advances to their security program.

The technology and infrastructure is out there. It doesn’t have to cost an arm and a leg. send select IT people to courses that can use commercial off the shelf or freeware style products to secure your network. But, if it affects the bottom line, more than likely its something that won’t be funded.

The way of doing business is broke. The cow is fat and full of milk. the hackers will drink it dry before they realize it.

People who use these services don’t realize, or care that these services tend to act as a man in the middle to their surfing habits. Can these sites watch your browsing habits? Can these sites capture your keystrokes? If the act as a MITM (man in the middle), your connection to them is ripe for the picking.

So you spoof your address, but the ability for you to get into the site is limited by the knowledge you have visited in the past. To ensure the path works, I bet it was first tested to see that entry could be gained. Then, he tries it behind a proxy and well, add two plus two, its not hard to retrace steps with the right forensic team and the audit trail. This is hypethetical, but more than likely they found the intrusion and prior navigation by the same individual.

I am sure the website didn’t hide him at all when the website was offered a dilemna from the feds. People don’t understand that any communication whatsoever can be backtracked through devices if they are done within a certain timeframe. Its a long story, but eventually, that session was tracked back to the site. I haven’t been to the site, so I am unsure how they got his name, but they surely could have got his original IP. With that and a warrant, they forensically search his computer and well the rest is displayed here.

Again, nothing is totally fool proof when it comes to disguising one self. It all depends on how far the breached organization wants to go. Here, they pushed all in and got an end result. Who knows what other material they pulled from evidence.

Good, I hope he gets a fair trial and if found guilty sits in his cell for the primetime of his life, and headslaps himself for being so “ego-testical”.