A Bustling Week for Cyber Justice
This past week has been a bustling one for cyber justice. The Federal Trade Commission announced a settlement in its ongoing case against scareware purveyors; a notorious hacker admitted stealing roughly two million credit card numbers; the Justice Department has charged a software developer from Arkansas with launching a series of debilitating online attacks against several online news sites that carried embarrassing stories about him. Finally, a federal appeals court decision gives security vendors added protection against spurious lawsuits by adware companies.
-- Last week, the FTC said it had settled with James Reno and his company ByteHosting Internet Services LLC. Both were named in the commission's broad sweep last year against purveyors of "scareware," programs that uses bogus security alerts to frighten people into paying for worthless security software.
The settlement imposes a judgment of $1.9 million against Reno and Bytehosting, yet the court overseeing the case suspended all but $116,697 of that fine, "based on the defendants' inability to pay the full amount."
Six other defendants allegedly involved in the scareware scams face pending charges from the FTC. One of the defendants, a San Francisco man named Sam Jain, is currently the subject of a federal criminal prosecution in California. According to Jain's attorneys, federal prosecutors in Illinois also are preparing to indict him on computer fraud charges related to the scareware distributed by his company, Innovative Marketing. Jain is currently a fugitive from justice.
-- From Wired.com's Kevin Poulsen comes what may be thepenultimate chapter in the prosecution of so-called superhacker Max Ray Butler, also of San Francisco. Butler, 36, faces up to 60 years in prison after pleading guilty to federal wire fraud charges that "he stole roughly two million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges."
Poulsen's story on Butler in Wired Magazine from December 2008 is a page-turner that chronicle's the hacker's successful bid to hack into, take over and ultimately consolidate several online forums dedicated to the theft and sale of stolen credit card numbers. One of the forums he hacked, called "Darkmarket," turned out to be a full-blown undercover sting operation set up by the FBI.
-- In a criminal complaint unsealed yesterday in a New Jersey federal court, the Justice Department charges a software developer from Arkansas with using botnets -- armies of hacked PCs -- to flood several targeted Web sites with so much data that they were at least temporarily unable to accommodate legitimate visitors.
The government alleges that between July 2007 and March 2008,Bruce Raisley launched a series of denial-of-service attacks against Rollingstone.com, and several other Web sites. Among those attacked was perverted-justice.com, a site dedicated to publicly exposing and shaming men who solicit sex from underage boys and girls online. Perverted-justice.com is perhaps best known for its connection to the Dateline NBC show "To Catch a Predator."
Charging documents note that Raisley apparently targeted those two sites and seven others for their publication of stories that retold an embarrassing chapter of his life. According to a July 2007 Rolling Stone article about perverted-justice.com founder Xavier Von Erck, Raisley himself was a former volunteer who helped perverted-justice members ensnare new targets.
At some point, the Rolling Stone article says, Raisley had a falling out with perverted-justice, and launched his own online campaign to depict the site's members as an out-of-control vigilante group. According to the Rolling Stone article, Von Erck "exacted a particularly sadistic form of revenge against" Raisley:
Posing as a woman named Holly, Von Erck began an online flirtation with Raisley, who was smitten enough to leave his wife and rent a new apartment. On the day Raisley went to pick up Holly at the airport, Von Erck sent a friend to snap his photo and posted it with a warning: "Tonight, Bruce Raisley stood around at an airport, flowers in hand, waiting for a woman that turned out to be a man. . . . He has no one. He has no more secrets. . . . Perverted-Justice.com will only tolerate so much in the way of threats and attacks upon us."
Raisley's court-appointed attorney could not be immediately reached for comment.
-- On Friday, the U.S. Ninth Circuit Court of Appeals in Seattle upheld a decision to dismiss a case brought in 2007 by Bellvue, Wash., based adware maker Zango. The company had sued anti-virus makerKaspersky, charging that Kaspersky interfered with its business by removing Zango's adware without first alerting the user.
The appeals court affirmed that Kaspersky's actions were shielded by the federal Communications Decency Act (CDA). That law contains a "good Samaritan" clause that protects computer services companies from liability for good faith efforts to block material that users may consider objectionable.
Eric Howes, director of malware research at computer security firmSunbelt Software, said admittedly, this decision is not nearly as consequential for anti-malware providers as it would have been three or four years ago, when adware vendors such as Zango and Direct Revenue were regularly threatening anti-spyware providers with legal action and peppering them with cease-and-desist letters on a weekly basis.
"It's a been a while since we received any serious legal threats, although we do still get the occasional protest from software developers whose apps we target as 'low risk,' potentially unwanted programs or tools," Howes wrote on the company's blog. "Nonetheless, the decision is a welcome one, as it extends to Sunbelt and other anti-malware providers the kind of legal cover we need in order to provide our customers and users with strong protection against unwanted, malicious software."
By Brian Krebs | July 1, 2009; 7:00 AM ET
Posts
No comments:
Post a Comment