Sunday, April 3, 2011
Going Dark
Earlier, I blogged about law enforcement's efforts to implement an ISP data retention mandate to improve their ability to investigate and prosecute crimes. This blog is about a similar law enforcement effort to improve their ability to actively intercept wire and electronic communications. During testimony to the Congressional Subcommittee on Crime, Terrorism and Homeland Security, Valerie Caproni, FBI General Counsel, described the difficulties that law enforcement faces in establishing surveillance after receiving court authorization. Often the provider does not have sufficient technical resources to accomplish the surveillance. This capability gap is referred to as "going dark." Complex environments with multiple layers between end-user and primary provider using multiple technologies make the task of surveillance much more complicated than in the past. Not surprisingly, additional funding and bureaucracy is being proposed to help address the issue. The 2012 federal budget requests $15 million to establish a Domestic Communications Assistance Center (DCAC) to advance solutions to the "going dark" issue. The DCAC will "leverage the research and development efforts of federal, state and local law enforcement with respect to electronic surveillance capabilities, facilitate the sharing of technology between agencies, and advance initiatives to implement solutions..." Even in these tough financial times, it's not the money that makes people uneasy, it is the potential for abuse. Wouldn't it be great if $15 million could fix that? http://1.usa.gov/h7yB3w
Sunday, March 27, 2011
Cloud Computing & Jurisdiction
I’d like to write about something that I briefly mentioned during our presentation but, due to time constraints, was unable to get into too much detail about: jurisdiction. As I stated in our presentation, jurisdiction refers to the power of a law enforcement agency or court to investigate or hear a case. This can be from either geographic location or subject matter. Unfortunately for law enforcement, the Internet doesn’t have a specific geographic location, or a specific subject matter. Now another complicating factor has entered the mix: cloud computing.
Cloud computing is, basically, computer software and services available over the Internet. A “cloud” can allow people or companies to access software online instead of having the software on each computer or device. This can save a lot of money and effort. However, when it comes to law enforcement, a problem arises. In civil cases, a defendant may be required to produce documents under its “custody and control.” But in a “cloud,” who maintains custody and control of documents? The company can certainly claim that the documents are no longer in their custody or control, as they are stored on the servers of another company. Would that company then need to be included in the lawsuit in order to gain access to the original documents?
Then there’s the issue of geographic jurisdiction. Some countries have very strict privacy laws, such that releasing banking documents can be punishable as a criminal act. Could a company escape criminal or civil liability in the U.S. by simply using a cloud-computing provider located in one such country? Cloud computing is a relatively new technological innovation, so it’s not yet in wide use. But more and more countries are realizing the money-saving capabilities of the cloud. Whether or not the cloud will make it easier for unscrupulous companies to take advantage of the gray areas in the law has yet to be seen.
Monday, March 21, 2011
Youtube: Law Enforcements New Best Friend
Who needs to go looking for evidence these days when you can just find it on YouTube?
Today, many youth boast about crimes they have committed via YouTube. Hopefully they will think twice after this story:
Four teen boys from Scottsdale, Arizona posted a video of their gang vandalizing property with the title boasting, ""Hey, this is basicly (sic) just a video of us breaking stuff." The video displayed these boys smashing their skate boards into vending machines and looting all of the candy out of them.Another shot showed one of these hooligans smashing into a front windshield of a car and finishing it off with his foot.
About a month after the video was posted on YouTube; the children were detained by local authorities who identified their faces from the video. Now they are facing charges in Maricopa County Juvenile Court for robbery and criminal damage.
So who's laughing now boys?
http://www.azcentral.com/news/articles/0321sr-vandals0322ON.html
Today, many youth boast about crimes they have committed via YouTube. Hopefully they will think twice after this story:
Four teen boys from Scottsdale, Arizona posted a video of their gang vandalizing property with the title boasting, ""Hey, this is basicly (sic) just a video of us breaking stuff." The video displayed these boys smashing their skate boards into vending machines and looting all of the candy out of them.Another shot showed one of these hooligans smashing into a front windshield of a car and finishing it off with his foot.
About a month after the video was posted on YouTube; the children were detained by local authorities who identified their faces from the video. Now they are facing charges in Maricopa County Juvenile Court for robbery and criminal damage.
So who's laughing now boys?
http://www.azcentral.com/news/articles/0321sr-vandals0322ON.html
Sunday, March 13, 2011
Why do people commit cyber crimes?
Computer crime comes in many different varieties. As new computer technologies are made available, there is sure to be someone lurking in the cyber-shadows who are ready to exploit, test or take advantage of security holes that may exist. Computer crime has become the most widespread criminal activity in the world. But what motivates someone to attempt or commit computer crimes?
1. Easy of Anonymity. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain.
2. Inadequate Legal Jurisdiction. Computer networks literally span the entire globe. This makes it virtually impossible for any government to enact or enforce laws when computer criminals are set up in foreign countries.
3. New Technology. Many computer criminals use their computers merely as a logical extension of “traditional” crimes that can take advantage of computer technology to help facilitate or carry out crime. For example, automated software can be programmed to steal credit-card numbers, personal-identification information and even cell-phone codes.
4. Holding a Grudge. Malicious computer codes like worms and viruses are often spread by someone who is seeking to cause harm to an individual or company-possibly over losing a job, perceived unethical business conduct or maybe even jealousy or envy. Such parties intend to destroy or cripple their targets for the personal satisfaction of seeing them suffer the effects.
5. Thrill of the Game. For many computer criminals, the excitement and challenge of exploiting a computer system can be too great to resist.
6. Opportunistic crime. Individuals who spend a significant amount of time on their computer have many opportunities to commit crimes. These people may have never known that these criminal prospects exist before, but, by spending increased amount of time on the Internet, have come to see a whole variety of opportunities laid out in front of them.
What do you think? Would you like to add something to this list?
Read more: Why Do People Commit Computer Crimes? eHow.com http://www.ehow.com/about_4709031_do-people-commit-computer-crimes.html#ixzz1GWkxpSR3
1. Easy of Anonymity. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain.
2. Inadequate Legal Jurisdiction. Computer networks literally span the entire globe. This makes it virtually impossible for any government to enact or enforce laws when computer criminals are set up in foreign countries.
3. New Technology. Many computer criminals use their computers merely as a logical extension of “traditional” crimes that can take advantage of computer technology to help facilitate or carry out crime. For example, automated software can be programmed to steal credit-card numbers, personal-identification information and even cell-phone codes.
4. Holding a Grudge. Malicious computer codes like worms and viruses are often spread by someone who is seeking to cause harm to an individual or company-possibly over losing a job, perceived unethical business conduct or maybe even jealousy or envy. Such parties intend to destroy or cripple their targets for the personal satisfaction of seeing them suffer the effects.
5. Thrill of the Game. For many computer criminals, the excitement and challenge of exploiting a computer system can be too great to resist.
6. Opportunistic crime. Individuals who spend a significant amount of time on their computer have many opportunities to commit crimes. These people may have never known that these criminal prospects exist before, but, by spending increased amount of time on the Internet, have come to see a whole variety of opportunities laid out in front of them.
What do you think? Would you like to add something to this list?
Read more: Why Do People Commit Computer Crimes? eHow.com http://www.ehow.com/about_4709031_do-people-commit-computer-crimes.html#ixzz1GWkxpSR3
Monday, March 7, 2011
Permission to Hack: Finding Out the Hard Way
When someone gives you the password to their e-mail account and you access that account, are you aware that you are committing a crime. Even if given permission it is still illegal, and Leon Walker found this out the hard way.
Leon Walker (AP Photo)(CBS/WWJ/AP) Leon Walker, a Michigan man facing felony charges for allegedly hacking into his estranged wife's computer to access her e-mails, has had his trial postponed to give his lawyers more time to prepare their case.
Walker, of Rochester Hills, is accused under a state hacking law of reading then-wife Clara Walker's e-mail on a laptop in their home in 2009.
The trial was originally slated to begin this month. Instead, it was rescheduled for April 11, in Oakland County Circuit Court in Pontiac.
Walker, an information technology worker, faces up to five years in prison for violating an Internet computer misuse law which was designed to protect the stealing of trade secrets and identities.
Clara Walker, 35, filed the complaint against her husband last year, after she learned he had hacked into her email account and read emails which exposed an affair she was having with her second husband. He had been arrested on charges of beating her in front of a child she had with her first husband.
Walker claims his now ex-wife had told him the password, and that he originally went into her account to confirm that she was taking their 3-year-old daughter on liaisons with the second husband.
Walker also presented the emails to the first husband because he was allegedly concerned for the child's safety. The first husband then filed for custody of the child and attached the emails to the court filing, reports Arizona Central.
Walker's lawyer Leon Weiss is using the additional time to review police records from the sheriff's office involving spouses and ex-spouses reporting that their e-mails had been read; however, he could not find a single prosecution, says Arizona Central.
Prosecutor Paul Walton said Walker's actions merited the felony charge and that he used the information to "humiliate her."
Leon and Clara Walker divorced in December 2010.
http://www.cbsnews.com/8301-504083_162_20030408-504083.html
So before you try to use someone else's e-mails against them you better think twice, because you could be on your way to becoming a convicted hacker.
Leon Walker (AP Photo)(CBS/WWJ/AP) Leon Walker, a Michigan man facing felony charges for allegedly hacking into his estranged wife's computer to access her e-mails, has had his trial postponed to give his lawyers more time to prepare their case.
Walker, of Rochester Hills, is accused under a state hacking law of reading then-wife Clara Walker's e-mail on a laptop in their home in 2009.
The trial was originally slated to begin this month. Instead, it was rescheduled for April 11, in Oakland County Circuit Court in Pontiac.
Walker, an information technology worker, faces up to five years in prison for violating an Internet computer misuse law which was designed to protect the stealing of trade secrets and identities.
Clara Walker, 35, filed the complaint against her husband last year, after she learned he had hacked into her email account and read emails which exposed an affair she was having with her second husband. He had been arrested on charges of beating her in front of a child she had with her first husband.
Walker claims his now ex-wife had told him the password, and that he originally went into her account to confirm that she was taking their 3-year-old daughter on liaisons with the second husband.
Walker also presented the emails to the first husband because he was allegedly concerned for the child's safety. The first husband then filed for custody of the child and attached the emails to the court filing, reports Arizona Central.
Walker's lawyer Leon Weiss is using the additional time to review police records from the sheriff's office involving spouses and ex-spouses reporting that their e-mails had been read; however, he could not find a single prosecution, says Arizona Central.
Prosecutor Paul Walton said Walker's actions merited the felony charge and that he used the information to "humiliate her."
Leon and Clara Walker divorced in December 2010.
http://www.cbsnews.com/8301-504083_162_20030408-504083.html
So before you try to use someone else's e-mails against them you better think twice, because you could be on your way to becoming a convicted hacker.
Sunday, February 27, 2011
"Pirates with Attitudes:" Sharing or Illegal?
Background:
“Pirates with Attitudes” was a worldwide group distributing thousands of copyrighted software including the then unreleased Windows 2000. The site did not actually sell software, but was more of a barter system. Intel employees would give the site access to software they obtained from work in exchange for software that the site had. Justin Robbins from Charlotte, NC was a Microsoft employee who supplied Microsoft software and allowed access to Microsoft’s internal network with his personal identification and password. The software was available on a hidden internet site at a university in Quebec, Canada called Sentinel.
The Question:
The website did not receive a monetary profit for the software, but instead received additional software that they could use. Think about the current controversy over Limewire and how songs are only exchanged with no money involved. Do you think the Pirates with Attitudes group should be punished for sharing software among their group?
The Court's Answer:
Seventeen defendants were indicted from the group in 2000 by a federal grand jury after an undercover FBI investigation. The members pleaded guilty and received jail time, house arrest, probation, and fines. The group was in violation of the No Electronic Theft (NET) act, which holds people responsible for copyright infringement even if no profits are involved. So, basically, under the NET act you do not actually have to sell copyrighted software to be at fault.
Follow this link to view the indictment:
http://www.cybercrime.gov/pirates.htm
http://www.justice.gov/criminal/cybercrime/pirates.htm
“Pirates with Attitudes” was a worldwide group distributing thousands of copyrighted software including the then unreleased Windows 2000. The site did not actually sell software, but was more of a barter system. Intel employees would give the site access to software they obtained from work in exchange for software that the site had. Justin Robbins from Charlotte, NC was a Microsoft employee who supplied Microsoft software and allowed access to Microsoft’s internal network with his personal identification and password. The software was available on a hidden internet site at a university in Quebec, Canada called Sentinel.
The Question:
The website did not receive a monetary profit for the software, but instead received additional software that they could use. Think about the current controversy over Limewire and how songs are only exchanged with no money involved. Do you think the Pirates with Attitudes group should be punished for sharing software among their group?
The Court's Answer:
Seventeen defendants were indicted from the group in 2000 by a federal grand jury after an undercover FBI investigation. The members pleaded guilty and received jail time, house arrest, probation, and fines. The group was in violation of the No Electronic Theft (NET) act, which holds people responsible for copyright infringement even if no profits are involved. So, basically, under the NET act you do not actually have to sell copyrighted software to be at fault.
Follow this link to view the indictment:
http://www.cybercrime.gov/pirates.htm
http://www.justice.gov/criminal/cybercrime/pirates.htm
Monday, February 21, 2011
ISP Data Retention Mandate
There is little disagreement that internet crimes proliferate faster than law enforcement 's ability to investigate and prosecute them. However, there is significant disagreement over the measures that should be taken in order to address the problem.
Recently, the Department of Justice provided testimony to Congress regarding the issue of Internet Service Provider data retention. The testimony emphasized the critical need to preserve digital data and highlighted several cases where investigations of serious crimes were inhibited due to the lack of data retention by the ISP.
Recently, the Department of Justice provided testimony to Congress regarding the issue of Internet Service Provider data retention. The testimony emphasized the critical need to preserve digital data and highlighted several cases where investigations of serious crimes were inhibited due to the lack of data retention by the ISP.
Currently, there are no standard requirements for ISP data retention and practices vary widely among providers. Privacy advocates argue that data retention should be minimized in order to protect individual privacy and prevent misuse of data. They fear that a data retention mandate would create databases that could be used to track the internet activities of all users and could inhibit freedom of speech . Service providers argue that data retention requirements would pose a significant cost burden that would have to be passed on to the consumer . In balancing those concerns against the priority of public safety, it is important to consider the following:
1. Law enforcement's ability to obtain data is controlled through laws regarding subpoenas, court orders, search warrants and surveillance requests. A data retention mandate would not reduce the protections provided by those rules.
2. The consumer already bears a high cost for the damage inflicted by internet crime. Increasing the ability of law enforcement to investigate and prosecute internet criminals could reduce this cost burden.
Standardizing data retention rules for ISPs is an important step in improving the ability to fight internet crime and the DOJ should continue to work with the ISPs , Congress , and other interested parties to find the best solution.
Read the DOJ testimony here: http://www.justice.gov/criminal/ceos/Justice%20Data%20Retention%20Testimony.pdf
Read Time Warner Cable's data retention policies here: http://www.timewarnercable.com/corporate/subpoenacompliance.html
Subscribe to:
Posts (Atom)