[904] in cryptography@c2.net mail archive
Re: FBI: Hacker sold 100,000 credit card numbers
daemon@ATHENA.MIT.EDU (John R Levine)
Fri May 23 15:59:51 1997
Date: Fri, 23 May 1997 15:47:01 -0400 (EDT)
From: John R Levine <johnl@iecc.com>
To: Steven Bellovin <smb@research.att.com>
cc: John Pescatore <johnp@tis.com>, Rick Smith <smith@securecomputing.com>,
cryptography@c2.net
In-Reply-To: <199705231804.OAA26228@raptor.research.att.com>
> Here's the text I'm referring to:
>
> The scheme was discovered by the unidentified San Diego-based Internet
> provider during routine maintenance. Technicians found an intruder had
> placed a program in their server called a "packet sniffer," which locates
> specified blocks of information, such as credit card numbers.
... or maybe it was a plain old trojan horse, but calling it a packet sniffer
makes it less obvious that the breakin was due to conventional lax security.
Besides, if you can install code on the server, why waste your time sniffing
packets when all the data is conveniently assembled in files?
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
