Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Contact ISP for Account Identity

Status
Not open for further replies.
ThunderForest

ThunderForest

IS-IT--Management
Mar 3, 2003
189
US
ISP = AT&T-YaHoo Networks

This involves the creation of a YaHoo account that impersonated an employee at my company. A malicious message was sent to our CEO using that account. We have the eMail header and know it originated from AT&T, as well as the approximate location. A few moments later, the same IP address accessed our web email and opened a user's account. The user had to know the username and password. We believe we know who it is but need to clinch it, and then determine if prosecution is in order. At the minimum, a cease and desist order is desirable.

Due to the breach, we have since taken all the standard precautions, i.e., password changes, audits, etc. The problem is getting a request for information to AT&T Networks that seeks the identity of the account holder. How is this done? I've been led to their endless loop phone system, and even chat on line referred me to the same number. Totally useless. Any suggestions would be greatly appreciated.


Getting answers before I'm asked.
Providing answers if I can.
 
Sort by date Sort by votes
Most ISPs will require a court order to release user account information. This means you'll have to go through the police, file a report, and eventually get a court date.

Unless the message to the CEO involved a death threat, the police may not listen to you.
 
Upvote 0 Downvote
I agree with that you will need a court order. Even if you can get AT&T to provide with the info and try to sue the person responsible, the info most likely will not be admissible in the courts. See thread83-1439387 for an example of what I am talking about.

If the police won't listen, a lawyer may. He/she may be able to convince a judge to provide an order.

James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Upvote 0 Downvote
I guess I am late to this thread but both James and Serbtastic are correct. You will need a court order to get any information.

In the court order you need to be VERY specific, you need to ask for ALL names, addresses, emails sent and received, IP addresses and exact login times. If the person who used Yahoo wasn't a complete idiot you can bet they used fake information. In that case you take the exact times and IP addresses and start all over again with the court orders on those. It is a daunting task.

To avoid data being lost, your company can use a lawyer to send a letter of preservation to Yahoo's legal department. If you call them they can give you the fax number. Once they get that, they'll begin the collection of all the data. You can put in the letter that you request the account be closed or left open and continue to collect data. This will at least get you closer, they wont give you the data until they get a court order. If you have any questions of what they require just ask them, their legal department will gladly tell you what they need to give you information. It makes everybody's job easier when they get the correct information.

Also know that it may look very expensive (and it will be) to find this person, but you should talk to your lawyers, I am sure you can file a civil suite for all the expense it takes.

I spent almost 5 years working in a security department for a VERY large ISP serving search warrants and court orders so I have an idea of how it all works. Good luck!

Cheers
Rob

The answer is always "PEBKAC!
 
Upvote 0 Downvote
One thing I forgot, the legal department at any company probably won't talk to you. They'll want to talk to a lawyer or law enforcement. When I worked in a security department we were under VERY strict orders not to talk to anyone we were to refer anyone to the legal department and they wouldn't talk to anyone that wasn't a lawyer or cop.

For reference you can Google "Yahoo Legal Department" and find their number.

Another thing, keep exact records of time it took to change passwords, audits and time you spent on the phone. These can all be added into the cost if your company decides to file a civil suite.

Cheers
Rob

The answer is always "PEBKAC!
 
Upvote 0 Downvote
Thank you. Very valuable information.

Getting answers before I'm asked.
Providing answers if I can.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
307
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
258
XLNTech1
XLNTech1
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
251
nnaarrnn
nnaarrnn
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
369
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
89
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top