Category Archives: Internet crime

Computer Crime

Much like the prevalence of the telephone led to statutory wire fraud law, so has the emergence of the Internet led to laws regarding “computer crimes.” While broadly defined, it is important to know exactly what is and is not a computer crime. Many existing crimes can be perpetrated with a computer and still fall under their respective criminal categories; for example, using a computer to launder money, or physically stealing a computer. However, under such notable statutes as the Computer Fraud and Abuse Act, as well as the USA Patriot Act, an entirely new type of criminal offense is created.

A computer may be the object, subject, or instrument of the crime. In the case of a computer as the object of the crime, consider a computer network that is the target of denial of service attacks or some other malicious virus. As for a computer being the subject of crime, this could occur when the computer is the physical location of the stolen property, for example, proprietary data. Finally, in the case of a computer as the instrument of a crime, consider a computer being used to facilitate the misappropriation of proprietary information while maintaining its digital form.

Under the current law, a “protected computer” is one used exclusively by the United States or a financial institution, or one used partially by either of these two where the offense affects their ability to use the computer. Also protected are any computers used in interstate or foreign commerce or communications. With the advent of “networked” computer systems, nearly any computer falls under this broad definition of a “protected computer,” and thus could be involved in the commission of a computer crime.

The substantive prohibitions section of the Computer Fraud and Abuse Act effectively outlaw the following activities; unlawful access and transmission of government information; obtaining information from protected computers; unlawful access of a government computer; fraud or theft through a protected computer; transmission of programs, information, or commands to cause damage; trafficking in computer passwords; computer extortion; and finally, attempting or conspiring to commit any of the aforementioned acts.

Violations of the Computer Fraud and Abuse Act carry widely ranging, six-tier sentencing guidelines which vary according to the nature of the offense and intent of the perpetrator. Every computer connected to a communications line, including the Internet, is now covered by the Computer Fraud and Abuse Act.

If you find yourself facing criminal charges, it is important to find an experienced white collar attorney to represent you.  The attorneys of Parkman White, LLP have a history of success in the court room and are ready to represent clients nationwide.

Phishing: Not just for your desktop computer anymore

Just about everyone is familiar with phishing – a process used by scammers to get personal information from an email or computer user – but it’s not always easy to see the attacks until after they’ve happened.

With so many widespread attacks on the email user, and so many users getting scammed and giving up social security numbers, credit card numbers, bank accounts and passwords, email users are starting to wise up to these phishing scams.

Naturally, scammers are starting to move on from email phishing and moving on to the next big scam – smartphone apps. With the London Olympic 2012 games, an app cleverly disguised as a medal tracker was actually an app that took many liberties with a user’s personal information (contacts, location, card information, etc.) that have nothing to do with Olympic medals. An app that has unlimited access to new targets could be a goldmine for scammers.

This spam app is just a warning of what is to come as more and more people have smart phones and look to apps to enhance their phone’s capabilities.

The FTC has given tips to avoid getting ‘hooked’ by a phishing scam. Some include:

  • Do not reply to emails or text messages that ask for personal information. If an app asks you for information that you don’t feel is necessary for the function of the app itself, don’t give up the information!
  • Use anti-virus and anti-spyware and update regularly. This is true for both your desktop or laptop computer as well as your smartphone. Many programs have an auto-update feature, but you may have to allow the updates, so check the settings.
  • Never email personal or financial information.
  • Review your credit card, bank account statements and cell phone statements regularly. Unauthorized charges, even for amounts in the cents range, means fraudulent activity.
  • Be cautious about opening attachments or downloading files from emails and apps.

As technology continues to advance, laws to protect consumers and marketers alike will constantly be changing. Our law firm is experienced and skilled in internet crime, no matter how new the technology.

Police Forces Taking Increased Interest in Cybercrime

As anyone who has seen the news recently could tell you, internet crimes are not only continually becoming more common, but they are also becoming more complex, and more serious.

While it may seem that the odds are stacking up against everyone, the reality is that cyber cops are becoming more advanced just as quickly, and there are continually evolving tools out there to protect citizens from potential attacks.

You wouldn’t have to look far to find reports of how growth in the number of internet crime reports is “explosive” or “exponential,” but one of the more recent studies to come out has painted a much better picture. In that picture, cyber cops, whether they are paid employees or merely freelance, find potential breaches or security risks, and inform companies of the vulnerabilities before any attacks have happened.

The Trustwave 2012 Global Security Report, from the large Chicago-based cyber security company of the same name, says “the good news for organizations is that the effectiveness of law enforcement to detect breaches increased almost five-fold in 2011.”

For example, over the course of 2010, there were roughly 3,000 organizations which reported a security breach. Out of all of the victims, the number that were informed of the breach by cyber cops was only 7%. For 2011, even though the total number of organizations that had security breaches slightly increased, the number of them warned by cyber cops had jumped to 33%.

The drastic increase in enforcement is mostly due to an increased focus from law enforcement agencies worldwide. According to Nicholas J. Percoco, senior VP of Trustwave Spiderlabs, “law enforcement groups are just a lot more focused now on cybercrime than they were before. We know that they really started stepping up their efforts in 2010, seizing more criminal systems, making more arrests, finding more victims, and doing a lot more victim notification.”

Internet’s Criminal Element

The internet has, without a doubt, changed the way the world works. It’s an industry that exploded onto the scene a relatively short time ago and internet crime has been riding its coat tails ever since. One would think that after so many years the internet would have been made safer by now, that it would be a top priority. Truth remains though that it’s not.

Crimes on the internet range from identity theft, stalking, sexual predators, bullying, harassment, and countless acts of fraud just to name a few. The internet is a wild frontier with a plethora of bandits running amok.

The statistics on involving children and teens are mind-numbing. Often times this is due to a lack of parental supervision, but it can also be a lack of understanding of the technology. Kids are far more tech-savvy than many adults and as a result may be more likely to be targeted for a wide range of criminal intent.

Things have gotten better overall for the internet but we haven’t come light years in safety like we have with the technology itself. The best way to protect yourself is to be aware of anything fishy that comes your way, stay away from questionable web sites, and see to it that you have good virus protection on your computer. To protect your kids, the best thing to do is to be aware and involved. Make sure you know what sites they visit and who they are interacting with. This may make you unpopular with the tweens and teens in your life, but it’s better to be unpopular than sorry.

Bank Hacking Becomes Automated

Last week a leading internet technology security organization released a threat report identifying  Automatic Transfer System (ATS) as a major hazard to online banking security. ATS is a program that allows cybercriminals to breach new bank security measures and completely drain victims’ bank accounts without a trace of criminal activity.

The report, written by Trend Micro Incorporated, also discussed who the ATS tool is used with SpyEye and Zeus malware to create what is referred to as Man in the Browser attacks. The attack does not even require the criminal to be online during a session, and can automatically transfer funds using the victim’s credentials without alerting the victim.

The report also points out that hacking attacks have been perpetrated against banks that use enhanced security measures, even those with daily account transfer limits, and two factor authentication through mobile phone text messaging. Most of these attacks have occurred in Germany, the United Kingdom, and Italy. No banks have reported attacks on banks in the U.S. but previous threats of SpyEye and ZeuS in America show that the U.S. is not immune to a possible attack.

Cybercriminals often first use tactics known as social engineering to get their foot in the door and steal credentials to use software such as ATS to transfer funds. Social engineering is the art of deceiving people. These hackers will often post malicious software that will automatically download to computers that access their websites. Often the websites will cover popular stories such as buzz worthy events including: natural disasters or highly anticipated product launches.

Although social engineering is a threat on any type of system, ATS is only a threat to computers running windows.

 

Court Extends Reach of Wire Fraud Law

The Tenth Circuit recently upheld a conviction of a man who practiced law without a license for several years. The man, Howard O. Kieffer never went to law school and never earned his license. He was convicted in 2010 for mail fraud and making false statements. He was also convicted in Colorado for wire fraud.

The appeals court in Kieffer’s case upheld the wire fraud charges, due to Kieffer’s representations that he was authorized to practice law. The court said that the presence of readers in different states were enough to make Kiefer’s web postings subject to federal law. This is important because travelling across state lines makes an offense a federal crime rather than a state offense.

The court’s previous stance was that one person’s use of the internet alone is not enough to show for the purposes of wire fraud law that an item traveled across state lines.

This new ruling in Keiffer makes it possible that individuals outside of the U.S. could be charged for crimes in the U.S. just by putting something on the internet.

This is potentially troubling because wire fraud is commonly used as a catch all fraud in case a person is not convicted of the primary charge. Wire fraud is not limited to wiring money, it involves websites like Kieffer’s case and also email, phone calls, text messages,  or any other type of electronic communication.

Allowing any false claim on the internet could mean many more criminal cases in federal court, with indictments of persons at home and abroad.

 

Man in Tuscaloosa Indicted for NASCAR Memorabilia Scam

Officials from the US Attorney’s Office allege that Michael Patrick Corrigan solicited thousands of potential investors via email, and phone calls to invest in a false enterprise based on NASCAR Memorabilia.

Corrigan was arrested by FBI agents in Tuscaloosa Alabama June 6th. He appeared in the United States District Court in Birmingham where he was advised of charges against him, which included mail and wire fraud. However, his case will be relocated to Colorado, where he was indicted.

Corrigan’s organization was Racezing Mania Corporation (RZM), a corporation registered in Colorado in April 2006. RZM was to be a distributor of NASCAR memorabilia including die-cast cars and apparel. Corrigan and his wife retained control of the corporation, and installed a few investors as board members.

Corrigan solicited investors promising a percentage of the sales of NASCAR-related merchandise. He also sold membership to affiliate websites for $1,250. Affiliate websiteswere linked in spam email sent by RZM where consumers interested in purchasing memorabilia would visit to buy merchandise.

Corrigan promised investors would, at a minimum, receive $100 in net profit each week as well as leads and commissions for every sale. He also promised investors that RZM’s first year sales would total over $38 million.

Although none of Corrigan’s promises were based on reliable financial analysis, Corrigan received about $950,000 over three years.

Corrigan allegedly used the money he received for personal use, and falsely told investors he had invested more than $2 million of his own money in the venture.

Microsoft announces action against Zeus botnet

On Monday, Microsoft announced a crackdown on a major global botnet tied to Internet banking fraud. The software giant shut down numerous servers used by hackers to collect private data, such as financial records. The botnet was associated with a malicious software program called Zeus. Once installed, Zeus records users’ activity and provides hackers with sensitive information, such as login credentials.

In addition to the servers, Microsoft also shut down “hundreds” of websites it believed to be involved.

Microsoft’s crackdown affects only one specific botnet. The creators of the Zeus program have sold the code to other hackers, resulting in a multiplicity of Zeus botnets. The program is believed by Microsoft to have originated in Eastern Europe.

The crackdown was the result of an investigation by Microsoft’s in-house Digital Crimes Unit. The unit combines experts in the legal and technical aspects of Internet crime. Also, two associations within the financial services industry—the Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association—have been named co-plaintiffs in the civil suit filed by Microsoft. Microsoft received a court order allowing it to seize control of websites tied to botnets without prior notification of the owners.

The New York Times report can be found here.

As the amount of money exchanged on the Internet continues to grow, the stakes involved in cases of computer crime, such as identity theft and credit card fraud, will only increase. If you’ve been accused of a computer-related crime, you’ll need experienced, aggressive representation to protect your rights.