From: MacMart Sales (sales@macmart.com)
To: staff[at]attrition.org
Date: Wed, 15 Nov 2000 18:15:19 -0800
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)

You do understand that we have proof  beyond any doubt that  you  are 
responsible for our site  (and others) being hacked.

We are going to take every possible legal action both criminal and 
civil  that are available  against your company regarding this matter.

Sincerely,

John Drew
MacMart  Systems


From: security curmudgeon (jericho[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Date: Wed, 15 Nov 2000 19:17:28 -0700 (MST)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)

: You do understand that we have proof beyond any doubt that you are
: responsible for our site (and others) being hacked. 

You do understand that you are a clueless moron that wouldn't know
computer forensics if it popped you in the ass.

You have no proof because we had nothing to do with it.

: We are going to take every possible legal action both criminal and civil
: that are available against your company regarding this matter. 

Feel free to contact the FBI. When they laugh at you and splurt coffee out
of their nose, don't be too alarmed. They know who we are and know we are
not web defacers.

: Sincerely,

Lick my ass.

: John Drew
: MacMart  Systems

Brian
Attrition Staff


From: MacMart Sales (sales@macmart.com)
To: security curmudgeon (jericho[at]attrition.org)
Date: Wed, 15 Nov 2000 18:45:27 -0800
Subject: Re: Urgent! Security incident on your machine! www.macmart.com 

Thank You fo the reply - your response will go very well in proving 
what kind of company you are and the FBI is aware of your company but 
not as you seem to think.


From: security curmudgeon (jericho[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Cc: Bastards (staff[at]attrition.org)
Date: Wed, 15 Nov 2000 19:48:50 -0700 (MST)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)


: Thank You fo the reply - your response will go very well in proving what
: kind of company you are and the FBI is aware of your company but not as
: you seem to think. 

Don't try to bluff me you ass. We've worked with the FBI numerous times in
resolving cases. We respond to their subpoenas when they request
information that helps them in cases involving defacements.

The FBI knows we do not deface web pages. I mean come on, lets use simple
logic here you chimp. Do you really think we hacked and defaced all 8000+
sites we have listed on our mirror? Think real hard before you answer that
with some slimy sales chimp answer.

You are wrong. Admit it now.

And while you hand this mail over to the FBI, we will be posting it on our
'Going Postal' section, along with all the other morons out there. In case
you weren't aware, .org is not a 'company', it is an organization. For us,
we are a non profit hobby web site. But hey, yer a sales monkey, you can't
read, so we forgive you in advance.

Lick my ass.

Brian
Attrition Staff

From: MacMart Sales (sales@macmart.com)
To: security curmudgeon (jericho[at]attrition.org)
Date: Wed, 15 Nov 2000 19:02:44 -0800
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)

Please stop sending me emails - if you are sure of yourself then so 
be it - we will deal with this in a legal way as I can see there is 
no talking to you.

 
From: security curmudgeon (jericho[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Cc: Bastards (staff[at]attrition.org)
Date: Wed, 15 Nov 2000 20:08:15 -0700 (MST)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)


: Please stop sending me emails - if you are sure of yourself then so be
: it - we will deal with this in a legal way as I can see there is no
: talking to you. 

see, you iz nun too brite anyway

Even if we were involved, what other way is there to deal with it? Ask us 
to quit or something? Duh. The only way to resolve this is to go to the
FBI who handles interstate computer fraud (Title 18 violations etc).

Like I said, don't be surprised when they laugh at you. I am sure of
myself as I am very aware of what actions I performed and did not perform.
All we did was provide a friendly piece of mail warning you of a security
incident on your machine. Nothing else. I know for a FACT that you have no
'evidence' that shows our involvement. 

If you think us scanning a handful of ports (22,23,25,53,80) shortly AFTER
your page was defaced is 'evidence', once again.. you know dick about
computer forensics. This is how we determine what OS your machine was in
order to compile the statistics we maintain (used by the FBI btw). Aside
from that, and a wget of the page/graphics involved in the defacement,
that is all you have. WHile that is certainly a lot of neat stuff in your
logs, it doesn't even hint that we were involved.

Sorry, but you are barking up the wrong tree.

Brian

From: MacMart Sales (sales@macmart.com)
To: security curmudgeon (jericho[at]attrition.org)
Date: Wed, 15 Nov 2000 19:26:56 -0800
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)

I have asked you to stop sending email to this address already but 
yet you persist -

I WANT TO MAKE IT VERY CLEAR TO YOU THAT WE DO NOT WANT TO RECEIVE 
EMAIOL FROM YOU OR ANYONE AT YOUR COMPANY - ANY FUTURE COMMUNICATION 
WILL BE DONE THROUGH THE COURTS OR OUR ATTORNEY -

YOUR THOUGHTS OF A BLUFF OR WHAT INFORMATION WE HAVE IS JUST THAT 
YOUR THOUGHTS AND DOES NOT GIVE YOU THE RIGHT TO CONTINUE TO SEND 
UNWANTED EMAIL TO US.

SECOND REQUEST - STOP SENDING US UNSOLICITED EMAIL

From: security curmudgeon (jericho[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Cc: Bastards (staff[at]attrition.org)
Date: Wed, 15 Nov 2000 20:30:08 -0700 (MST)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)


: I WANT TO MAKE IT VERY CLEAR TO YOU THAT WE DO NOT WANT TO RECEIVE
: EMAIOL FROM YOU OR ANYONE AT YOUR COMPANY - ANY FUTURE COMMUNICATION
: WILL BE DONE THROUGH THE COURTS OR OUR ATTORNEY -
: 
: YOUR THOUGHTS OF A BLUFF OR WHAT INFORMATION WE HAVE IS JUST THAT YOUR
: THOUGHTS AND DOES NOT GIVE YOU THE RIGHT TO CONTINUE TO SEND UNWANTED
: EMAIL TO US. 
: 
: SECOND REQUEST - STOP SENDING US UNSOLICITED EMAIL

Ok, last mail. Just wanted to tell you that your CAPS key is apparently
broke.

Oh yeah. Lick my ass one more time. =)

From: /dev/null (null[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Cc: staff[at]attrition.org
Date: Wed, 15 Nov 2000 20:20:53 -0700 (MST)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)

On Wed, 15 Nov 2000, MacMart Sales wrote:

: You do understand that we have proof  beyond any doubt that  you  are 
: responsible for our site  (and others) being hacked.
: 
: We are going to take every possible legal action both criminal and 
: civil  that are available  against your company regarding this matter.

Hi, John.

I'm aware that Brian has already contacted you in response to this, but I
thought I'd put in my two cents.

Brian is correct -- we were not responsible for defacing your site.  I
assume that you saw a port scan in your logs from our site, and that has
led you to believe that we attacked you.  First, I must stress that port
scans are not illegal.  In fact, and I quote from NIPC (the National
Infrastructure Protection Center, a division of the FBI), "attempted
electronic intrusions are not a Federal crime, as described in the United
States Code."  

The scan you saw was nmap guessing at your operating system.  When we take
a mirror of a defaced site, we attempt to find out the operating system of
the server that hosts the site.  This aids us in creating statistics.

Brian is also quite correct in informing you that the FBI will disregard
accusations that we hacked your site.  Our defacement archive is a
resource widely utilized by law enforcement, computer security
professionals, and government agencies -- including the FBI.  We have
assisted in tracking computer crime; in fact, many of us work in computer
security in our day jobs.

We do understand that you are angry and frustrated at the fact that you've
been the victim of this intrusion, and you want someone to blame.  But
please understand when I assure you that you've made a grievous error.

You're welcome to ignore this mail, as you ignored Brian's.  It will
matter very little either way...other than the fact that if you persist in
this accusation, all you're doing is closing off an invaluable avenue of
help.

/dev/null
Attrition staff

So the other day I was going through the mail spools and found this thread. Given the nature of their original mail to us and the legal threats, I figured I would send them one more piece. This almost a year after the original:


From: security curmudgeon (jericho[at]attrition.org)
To: MacMart Sales (sales@macmart.com)
Cc: Heathens (staff[at]attrition.org)
Date: Wed, 17 Oct 2001 13:59:08 -0600 (MDT)
Subject: Re: Urgent! Security incident on your machine! www.macmart.com (fwd)


HI ME AGAIN

so.. we're still waiting for the FBI to kick down our doors. just
wondering why they haven't since you seemed so sure we were involved in
the defacement of your web site.

do you now realize how fucking stupid you looked almost a year ago?

no reply needed. i think we both know the answer to that.

[an error occurred while processing this directive]