False Accusation Possible

Date: Tue, 04 Jan 2000 16:42:01 -0500
From: G.
Subject: situation update
To: john.copeland@ece.gatech.edu

Prof. Copeland, did you get the mail with the URL for the log files?

I got your phone message, but got a busy signal or nothing but rings when I tried to call it. The people at CERT have not responded to my requests for help. Apple has been of next to no help.

Your e-mail and phone call made it seem like you are interested so here is an update on the situation as it stands right now :

I noted that there were no hits to my firewall at all during the timeframe of the attack. This leads me to believe that the attack occurred on the ping/udp level, below the capabilities of my firewall (DoorStop). It also appears that they left no footprints on my machine however, I am not completely positive of that.

At this point xxx is being very disagreeable (naturally). They have told me only that the attack was made on their ... DHCP server. They tell me that legally they do not have to answer my questions and have invoked that right on almost every opportunity. Xx has terminated my [cable modem] and Cable TV service and reclaimed their hardware according to the terms of the service agreement.

Seems like "guilty until proven innocent" to me.

They say they will only consider restoring service if I implement a solution on my end to prevent the problem from occurring again. Only consider. What might that solution be?

In their investigation xxx determined that an attack came from my cable modem and my machine in particular . . . and state that I was not running MacOS9 at the time (I was). They will not reveal the source of this information.

I have also been given a strong impression that they do not believe that it is possible that someone else perpetrated this attack through my computer. A xxx representative stated that due to the fact that my roommate works as a cashier at xxx he would have sufficient knowledge to have implemented the attack - he does not.

They have not claimed that I/we perpetrated the attack, have not explained anything to us and seem to be assuming we are at fault (my roommate and I).

Is there anything I can do? As a . . . professional and student this could potentially ruin my career and we both want very badly to clear our names of any involvement in this attack.

Any help you might provide would be invaluable to us. Please feel free to call me at work (xxx) or at home again (xxx) if you wish.

Thanks for your time,

G