The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #373 [Info about Worm solicited] (1 message, 1189 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/373.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Gene Spafford <spaf>
To: phage
Date: Mon 19:12:15 20/03/1989 EST
Subject: Info about Worm solicited
References: [Thread Prev: 372] [Thread Next: 374] [Message Prev: 372] [Message Next: 374]

Greetings.

As you may have heard, the Justice Dept. is conducting an investigation
of the Morris Worm incident to determine what action to take (although
members of the dept. will not {officially} admit to there being such an
investigation).

Mr. Mark Rasch, of the Fraud Division @ Justice, would like to hear from
system admins who had machines infected.  In particular, he would like
to hear:
   1) How many machines were affected?
   2) How did you find the Worm?
   3) What did you do to combat it?
   4) Did you suffer any damage to data or machines?
   5) How much personnel time did you lose overall?
   6) Estimates of cost of damages?
   7) Other factors relating to loss or extent.
In addition, I suspect he would be interested in hearing if you would be
willing to testify to the above if the case should come to trial.

He can be reached by e-mail @ <park@harvard.harvard.edu> or by phone @
202 786 4390.  He has also indicated an interest in knowing if you have
direct experience with other instances of "rogue hacking" by the same
individual.

You are getting this message if you sent me mail about the indcident at
your site or if you are on the "phage" mailing list.  I will *not* be
sending him a list of those names or copies of your stories sent to
me.  It is entirely up to you whether you want to contact Mr. Rasch or
not.  If you do decide to contact him, please do so quickly -- he has
some time pressures to collect his information and make some
decisions.

Also, please do not bother him with questions about the incident.  He
obviously cannot comment on an active investigation, and technically he
cannot even confirm that there is an investigation.  Details will
certainly be made available when possible, so please don't put him on
the spot.

Thanks.
--spaf

PS.  Please pass this along to colleagues, but don't post it to other
mailing lists or newsgroups without checking with me first.  Thanks.

END OF DOCUMENT