hacked, can't prosecute but can I sue?
 

I will keep this brief someone hacked one of our servers and proceeded to delete the entire file system. I have filed a police report, but after meeting with the computer crimes division I was told I have no case since the IP of the attacker was from Intuit Inc corporate office in California (I am in California also) and could be ?anyone?. Though I have pounds of circumstantial information (all logging was done through NFS to a different box), I can?t prove ?who? was at the terminal when it occurred. I was put out of business by this action as well as destroyed year?s worth of work (don?t tell me about backups this WAS the backups). The police informed me that I may have a civil case. Suggestions? Lawyer recommendations?

Kill the fucker.

No, seriously.

If the police investigate thoroughly, they should be able to find out exactly who did it. Sounds like they are not up to the task.

you are screwed if they can't figured out who it is. Most likely the hacker was at a remote location and went through the attacking box.

My guess is a box at intuit was compromised and was just used as a route... also, the intuit box is already destroyed or cleaned most likely. do a reverse on it, or a trace, try to determine if its a core file system box of theirs such as a mail server or something of that sort... chances are it was compromised as well.

sucks bro, sorry for your loss - how did they get in?

have you tried contacting the Intuit system administrators for help on this? they might have some logs that might be helpful. If this was a backup machine, why was it connected to the net?

In orange county California there is 1 (yes one) electronics crimes investigator. There is nothing to investigate. I know who did it (it was my former webmaster) he had a backdoor acct I was unaware of. I know he consulted to intuit at the time in question. I also was hosting his girls personal site. Basically it went down like this. His home PC logged into the FTP deleted her info (1 day before he had copied it to another server again its in the logs) went to lunch came back logged in again, copied the DB, logged out. Then only hit to her site that day not from his home IP, was the one hit from the intuit ip. 57 second later he logged in via ssh on the same intuit IP and did a rm ?rf / sudo command. There were no failed attempts at any point from the ip. It wasn?t brute force, and he used the extra acct that shouldn?t have been there.

I was in the process of consolidating and moving all my webservers. I had 6 servers at different datacenters around the country, I got a sweet hosting deal and was centralizing my servers. All the sites, DB, applications were being copied to this 1 box, which was the new box at the new datacenter, and was going to be the backup box. This happend litterally RIGHT after I had just finished the last server transfer.

lol.... i dont get it... dont tell you to backup because they were the backups, but you had all the logs mirrored onto another server. seems like your priorities were a little screwed

the system is 3 hops down on there IP block, possibly a server, but again, he did custom dev for them at that time frame so he was working on the server, I doubt it was a compromised box.

as far as the logs; no I just finally met with the Investigator today and I didn't want to contact them tell I knew if the police were gonna do anything or if I had a civil case.

my god Alky your right... well that just solves all my problems I feel so much better now.

With that kind of police statement, you won't have grounds.

if he only did rm -rf / it should be possible to recover all the data by the way...

police took the drive as 'evidence'
also it was a ReiserFS file sys not ext2/3 don't know how to recover it. If it was ext3 yea easy

sudo: merrioc : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/bin/rm -rfd

Someone hacked my server and replaced all of my links with their CeCash affiliate liniks a while back... I reported it, but unfortunately I never heard back...

If he was in the United States (and still is) hit me up at v[at]weasel.net. I can be of help to you.

BTW, I am kinda fucked up right now, I will get back to you in the morning or afternoon PST

My site got hacked once - some hacking group from Brazil deleted all the content.

google iptables and deny ssh from anyone except ur ip

really sorry to hear what happened dude

that sucks dude, i know how it feels

That sucks dude! I feel like I am hacking myself today. I have deleted 1000's of my own pages.

Sure you can sue. Remember OJ? He was found innocent in criminal court, but liable in civil court.

worst part is, if you went and punched the fucker the cops would be right there toa rrest you.

The law is fucked up sometimes. It doesn't take internet business seriously unless it's a fortune 500 company.

Get the drive back from the cops and take it to data recovery specialists. Provided the cops didn't fuck it up, you can get most of the data back

Does he have any assets you can go after?

I don't want to go after him, I want to go after intuit since it was there IP on an ADSL line (so I REALLY doubt its a server)...

I don't really care about him, he doesn't have enough asset to be worth my time... I got his best asset anyhow... his girl