hkpco.kr

문득 재미있는게 없을까 하고 이리저리 서핑을 하던 중 securityfocus의 포스팅을 하나 봤는데,

분명 시작은 포털 사이트의 뉴스 보기 정도였는데 어쩌다 여기까지 왔는지는 모르겠습니다..;;;;; ㅎㅎ

질문 올린 사람의 내용은,

(* 주의: 대충 의역했습니다 ㅋㅋ)
자기는 프리랜서이고, ssh 계정을 받아 일을 했는데 오늘(일하고 며칠 뒤에) 고객한테 온 메일이

--
'우리 시스템에 뭐뭐를 니가 삭제했는데, 왜그랬는지 모르겠다, 진짜 나쁘다
불만있으면 돈을 더 달라고 하던가, blah blah blah blah.....................
아직도 니가 왜 그랬는지 모르겠다!!!!!!!'
--

이런 의심으로 몰아세우는 내용이고, 글 올린사람은 난 그런짓 안했고 할 이유도없다. 안했단걸 어떻게 증명하지??

란 식으로 질문을 올렸습니다. 여기에 대한 답변이 두 개가 있는데,

하나는 누군가 시스템에 침입했다는 가정하에, 로그를 살펴보고 증명하란거고.

다른 하나는, 해커가 한 짓이 아닐 수도 있고, 관리자의 실수이거나 시스템 에러 등, 그러니까 내부적인 원인(?) 일 수도 있다는 겁니다.
(물론 뒤이어 추가적인 조금 다른 내용이 있지만 제가 말하고자 하는 부분이 아니므로 생략)

첫 번째 경우같이 불법 해킹 피해 시스템이란 가정하의 기술적 접근은 아~주아주 당연한건데,

관리자의 실수나 시스템 에러 그리고 반전을 가미해서 "나를 의심한놈!"일 수도 있다는 생각은 못했네요.ㅎㅎ

물론 시스템을 이리저리 조사하다 보면 대부분은 원인을 찾을 수 있겠지만, 꼭 이런류의 일이 아니더라도

항상 다양한 관점에서의 접근은 상당히 중요한 것 같습니다.

그리고, 누구든지 어떠한 분야와 관계된 일을 하고있다면 그게 관리직과 같은 부서 일지라고 해도

그 분야의 최소한의 지식은 갖추고 있어야 이렇게 어이없는(?) 일이 벌어지지 않겠죠 ㅎㅎ

물론 의심한 사람이 아예 지식이 없는 것 같지는 않지만 선무당이 사람잡는다고 뭔가 2% 부족한 것 같군요.



[원문]

질문: http://www.securityfocus.com/archive/75/497803
--
Ssh break that claims it was me? Oct 27 2008 11:19AM
makkalot gmail com (1 replies)

Hi all i dont know if it is the right place to write that but didnt know what
to do...
The case is as follow :
I'm a freelancer programmer and work for other people from distance,therefore
they give me ssh access to their servers and i fix their stuff. After a few
days ago i was hired to fix some django/apache stuff in a server. I fixed all
the stuff and got my money.Ok that was the story part here is the message i
got from client today :
"
I know you deleted the svn repo and also trac...
I don't know why you chose to go in that route... very bad
if you were not happy about something you could have
asked for more money... we could have worked together
to resolve anything... in any case.. I will report this to RAC
form the system logs and we will go from there...
I still don't know why you did this!!!! "

Ok obviously i didnt do that, becaus i dont have any reason to do so. Is there
a way i can prove it wasnt me ? Some fingerprint ssh values? Please any help
is appreciated, thanks in advance ...
--


답변1: http://www.securityfocus.com/archive/75/497833
--
Re: Ssh break that claims it was me? Oct 27 2008 04:45PM

makkalot gmail com
On Monday 27 October 2008 06:22:05 pm you wrote:
> Just for my enthusiasm, were you using a password or a key?
Thanks all for replies, i was using password. The info i got from client is
that he doesnt really have/understand logs to prove anything :) They just
guessed it could be me,because i'm the only person who can use command line
there :) They deleted my account from server so i cant check anything. I told
him to check the history and other things you told me. Let see what results
we will have ,it is very difficult to work with people who dont know anything
about their systems.
--


답변2: http://www.securityfocus.com/archive/75/497832
--
RE: Ssh break that claims it was me? Oct 27 2008 03:21PM

Viktor Larionov (viktor larionov salva ee)
Just as a matter of comment.
I absolutely agree with Kevin on this, especially as one may propose that the damage caused, may not necessarily be the "unknown hacker"'s deed, but a system administrator fault or error, and eventually a result of his/her "pushing the blame to someone else" attempt. In other words, "the butler" who deed this, may not necessarily be a stranger to this organization.

On the other hand, correct me if I am wrong, but as far as I know, it is quite hard to convince federal law enforcements to deal with cyber crimes even in United States. (not talking of other countries)
Usually theese investigations take a huge time to start, and enormous efforts to complete with anykind of result. No results guaranteed of course, especially in the light of law officials not being really keen on dealing with cyber crimes. (According to Larry from Spamhaus, 70% of FBI agents are on anti-terrorism cases after 9/11, so I guess you are left with 30% of them on other cases, including cyber crime)
This may be a contra argument to Kevin, but it is surely worth to try, you don't lose anything and of course by this you may show the client that you are also interested in investigating the case.

Regards and good luck!
Vik
--