how to subpeona Quest for ISP records
[Found on Morpheus as "WritingSubpeonas.pdf", not found on cryptome's search, so here it is] How to Write Subpoenas Kathy Hines, Manager - Security Services Qwest Law Enforcement Internet Security Seminar Qwest Internet Solutions Minneapolis, MN October 19, 2000 Agenda Examples of subpoena problems Examples of well written subpoenas Child Pornography Available Information The Security Technical Analyst Team Botched userids - they were probably forged anyway. Please provide address, phone number, billing information, and connection records for the userid john a peterson @u s west. net for 7/ 23 - 7/ 30/ 2000. Legitimate userid formats would be: john. peterson@ uswest. net or john_ peterson@ uswest. net. Please provide address, phone number, billing information, and connection records for the userid h@ ckez 133 @u s west. net for 8/ 19/ 2000. Can not have two @ symbols in an e- mail address. Occasionally it makes sense to issue a subpoena with a userid as evidence. Please provide connection records and caller- id for the userid larryboy@ qwest. net for 12: 01 a. m. on 9/ 17/ 2000 through 11: 59 p. m. on 9/ 17/ 2000 MDT. The criminals had stolen a car that contained computer equipment and used one of the laptops to connect to the Internet. The police were looking for the caller- id of the accounts connections on 9/ 17. Stolen car with a laptop in it. Send me everything for the last millenium. Please provide all subscriber information from 1995 through the present for IP address 216. xxx. xx. 227; also referred to as cxxppp227. ptld. uswest. net. Grand Jury Subpoena Send me everything but the kitchen sink. Please provide all subscriber information for candigirl, including, but not limited to, true name, date of birth, SSN, address, all phone numbers, credit card numbers, connection logs, e- mails, chat sessions, web sites visited, and connections to other ISPs. We have the customers account information but not everything theyve ever done on the Internet. Send me the kitchen sink too! Preservation of Evidence Request This letter is to request that Qwest Communications take all necessary steps to preserve any and all records and any other evidence in its possession pending the issuance of a court order or other legal process in regard to all telephone and Internet conference connection information on September 11, 2000 between 8 pm through 4 am Pacific Standard Time (PST). This request also covers preservation of all records, including call details, for the Qwest connection telephone number (111) 222- 9999 during the above period of time. Typo the IP address and we can start an international investigation! The IP address 63.14.69.108 is for a qwest. net connection. The IP address 63.147.69.108 trace routes through a uu. net connection. The IP address 163.14.69.108 trace routes through an att. net connection. The IP address 263.14.69.108 does not exist. No IP numbers go over 255. A very well written subpoena. information about the subscriber to IP address 216.161.69. xxx, account holders name, address, phone number, and connection records for this ISP account. The intrusion occurred on Sat. 12 Aug. 2000 at 22: 54: 59 hrs. to Sat. 12 Aug. 2000 23: 30: 20 hrs. C. D. T. I dont have to play guessing games with any of this data. Another good subpoena. Please provide all available account information for IP address 63.1xx. 69. xxx on 8/ 16/ 2000 from 11: 56 a. m. to 12: 18 p. m. MST including any and all screen names and E- mail addresses along with telephone numbers of the account holder, any caller ID information maintained for any connection made from this account including true names and addresses. I wont have additional screen names, but I can provide the rest of the data. <excerpted logs> Subpoena Submission Process Qwest uses the C T Corporation as a receiving agent for subpoenas C T Corporation has offices in all 50 states - use the one in your state to send subpoenas to Qwest Address the subpoena to Qwest Communications The Minnesota address for C T Corporation is C T Corporation System 405 Second Avenue, South Minneapolis, Minnesota 55401 Copyright Qwest Internet Solutions, 2000 Available Information We do not keep copies of our customers e- mail messages We do not monitor our customers Internet traffic We do not surf through our customers web pages looking for offending material We strive to maintain our computer logs for one year We can provide name, address, telephone number( s), and secondary userids for an account We have, in the past, retained copies of customers current e- mail when provided with a court order Security Technical Analyst Team We currently have seven people on the team They handle approximately 11,000 e- mail complaints from the Internet to abuse@ qwest. net each month They have fulfilled approximately 130 subpoenas so far in 2000 They have fielded several warrants, court orders, and one vacate court order They handle about 100 calls per month regarding subpoenas destined for Qwest, hacking incidents, Denial of Service attacks, and questions concerning account deactivations -- foo
participants (1)
-
Khoder bin Hakkin