After Hours

Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion

Locked

Bill's Computer Crime Watch List

By Bill Detwiler Editor ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Helpful computer crime downloads for IT professionals

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

IT professionals should report computer crimes to the proper
authorities, but many aren't sure exactly which activities are illegal, which
should be reported, and to whom the activities should be reported. TechRepublic's
<a href="i>Computer">http://techrepublic.com.com/5138-1009-5678282.html"><i>Computer crime reporting checklist</i></a> helps
you make that decision with confidence.<br />
<br />
<b>Computer crime reporting checklist</b><br />
<a href="5138-1009-5678282.html">http://techrepublic.com.com/5138-1009-5678282.html</a><br />
<br />
Once you detect a computer crime and decide to report that
activity to law enforcement, you must secure all digital evidence. Yet the
steps necessary to maintain the integrity of digital evidence often run
contrary to common IT practices. TechRepublic's <a href="i>Computer">http://techrepublic.com.com/5138-1009-5678286.html"><i>Computer crime evidence-preservation checklist</i></a> tells you what to do
and what not to do in the aftermath of a computer crime.<strong><br />
<br />
Computer crime
evidence-preservation checklist</strong><b><br />
<a href="5138-1009-5678286.html">http://techrepublic.com.com/5138-1009-5678286.html</a></b>

Collapse -

Helpful computer crime downloads for IT professionals

by ankit17.ag In reply to Helpful computer crime do ...

<p>well i think that you are right by saying that.</p>
<p>first i ll tell something abe myself.i m an undergraduate student and in india.</p>
<p>i dont how much it is known in globally....but in India,the cyber crime laws are not well defined and most of the people using internet dont even know much about that.infact i also think that i also dont know very much about that.</p>
<p>so,how is it possible for the people to report cyber crime.</p>
<p>secondly,the genral mind set of the people here is to stay away from the police.</p>

Collapse -

Zotob suspect appears in Moroccan court

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<a href="http://news.com.com/Zotob+suspect+appears+in+court/2100-7350_3-5863339.html" target="_blank">Reuters reported yesterday</a> that "a Moroccan magistrate
questioned an 18-year-old science student in court on Tuesday about his alleged
role in unleashing computer worms that disrupted networks across the United
States last month."

Collapse -

Zotob suspect appears in Moroccan court

by master3bs In reply to Zotob suspect appears in ...

<p>With as much sensational coverage the worm got when it was released, isn't it amazing how underreported this story is?</p>
<p> </p>

Collapse -

Juvenile appropriately sentenced for accessing Paris Hilton's Sidekick

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<p>Last week, the U.S. District Court in Boston sentenced a
17-year-old Massachusetts boy to 11 months in a juvenile detention facility and
two years supervised release for a series of computer crimes--most notable the
illegal accessing of Paris Hilton's T-Mobile Sidekick. The teen plead guilty to
nine counts of juvenile delinquency. During this time the teen is prohibited
from having or using a computer, cell phone or other device capable of
accessing the Internet.</p>


<p>Although the illegal accessing of Hilton's cell phone and
the subsequent posting the device's contents garnered the most media attention,
this young man's criminal activity goes far beyond the outing of celebrity
dirt. This teen's 15-month crime spree included making bomb threats to multiple
schools, illegally accessing T-Mobile's network and creating fraudulent phone
accounts, perpetrating a DoS attack against T-Mobile, illegally accessing and
installing spyware on internal AOL computers, obtaining proprietary AOL
information, and illegally accessing LexisNexis databases, which may have
compromised the information of 310,000 Americans.</p>


<p>Honestly, had this youth only pulled off the Hilton hack I
would consider the 11-month detention a bit harsh. America's juvenile justice
system puts greater emphasis on rehabilitation and reintegration than the adult
system, and I would expect a first-time offender who caused limited damage to
receive a lighter sentence. The facts in this case however, illustrate the guilty
party's persistent and flagrant disregard for private property, public safety, personal
privacy and US law. The 11-month detention is therefore highly appropriate.</p>


<p>It is unlikely that this sentence will dissuade the many criminal
organizations that now perpetrate a significant portion of cybercrime. Yet I am
hopeful the deprivation of this individual's freedom and subsequent supervision
will serve as both a specific and general deterrent to the casual cybermiscreant.
Specific meaning the sentence will dissuade this individual from continuing such
illegal activity and general meaning the sentence will serve as a warning to
other would-be offenders.</p>


<p>You can read more about these events at:<br />
<a href="http://news.com.com/Hilton+hacker+sentenced+to+juvenile+hall/2100-7349_3-5865391.html">http://news.com.com/Hilton+hacker+sentenced+to+juvenile+hall/2100-7349_3-5865391.html</a></p>

Collapse -

Juvenile appropriately sentenced for accessing Paris Hilton's Sidekick

by DC Guy In reply to Juvenile appropriately se ...

<p>I've never seen a shred of evidence supporting the thesis that severe sentencing has a significant deterrent effect on crime of any sort. Most crimes go unreported for a variety of reasons. People find the procedure time-consuming, exasperating, futile, depressing, and sometimes even humiliating. A huge portion of reported crimes go unsolved.</p>
<p>Crimes of passion are rarely well thought out so the perps are often apprehended, but people overcome by passion will not be deterred by threat of punishment. Besides, cybercrimes are hardly crimes of passion in most cases. Few perpetrators are caught. Nobody is going to worry about what will happen to them when the probability of the crime being reported multiplied by the probability of the crime being solved is so tiny.</p>
<p>Young people especially tend to believe they're invulnerable and as a demographic group they pay little attention to possible consequences of their actions. Just look at their drunk and/or reckless driving record.</p>

Collapse -

Privacy officer leaves Department of Homeland Security

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

Nuala O'Connor Kelly, the first privacy officer for the Department of
Homeland Security, stepped down Friday as she announced plans to become
General Electric's Washington-based chief privacy leader and senior
counsel in early to October. Check out <a href="http://news.com.com/Homeland+Security+privacy+chief+leaves+for+GE/2100-1029_3-5886525.html">this News.com story</a> for more information.

Collapse -

Sober.r variant making the rounds

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

Sober.r, a new variant of the Sober e-mail worm is making the rounds. Check out the <a href="http://reviews-zdnet.com.com/4520-6600-6350743.html">latest</a> at CNET's Seucrity Center.<br />

Collapse -

Estonian market timers hack PR Web site Business Wire

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

According to various news sources, two employees from Lohmus
Haavel & Viisemann, an Estonian financial services firm, used a spider to
view press releases from Business Wire before the releases went public. These
cybermiscreants then timed their financial investments around the information
in the press releases--mergers, acquisitions, major announcements.<br />
<br />
Check out more information:


<p><a href="http://news.com.com/SEC+accuses+Estonian+firm+of+financial+news+hack/2100-7348_3-5931168.html?tag=cd.top">CNET News.com</a></p>


<p><a href="http://www.npr.org/templates/story/story.php?storyId=4987613">NPR</a></p>

Collapse -

I would hire a convicted cybercriminal -- would you?

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<img alt="On the soapbox" src="http://i.i.com.com/cnwk.1d/i/z/200510/soapbox_420_2.gif" /><p>Security
firms, software developers, financial institutions, and government
agencies should decided to hire or fire cyberoffenders on a
case-by-case basis. Is an applicant who gained or attempted to gain
unauthorized computer access more or less dangerous than an individual
convicted of any other crime? It depends. IT hiring managers must
consider each applicant on his or her case's individual merits and bear
in mind poorly written cybercrime laws, one-time indiscretions, and the
impracticality of an absolute ban on cybercriminal hiring.</p>
<p>Daniel Cuthbert is a cybercriminal. On Thursday, October 7, 2005, a British court <a href="http://news.com.com/Man+guilty+of+accessing+tsunami+site/2100-1030_3-5890860.html" target="_blank">found him guilty</a>
of violating the Computer Misuse Act of 1990. On Dec. 31, 2004, added
"../../../" to the URL of a Web site soliciting donations for Asian
tsunami victims in an attempt to access the site's higher directories.
Cuthbert claimed he donated to the Web site and later became concerned
that he'd fallen victim to a phishing scam. Cuthbert was fined about
$700 and required to pay about $1,050 for costs.</p>
<p>Cuthbert's conviction underscores the problem created by outdated or
poorly written cybercrime laws. Cuthbert had a clean criminal
background and worked for a reputable financial institution. He didn't
install a spider, attempt to crack a password-protected system, or try
a social engineering attack. The trial judge agreed that Cuthbert did
not intend to cause harm through his actions. The judge also deeply
regretted finding Cuthbert guilty.</p>
<p>The Computer Misuse Act of 1990 classifies "unauthorized access to
computer material" as an offense regardless of the accused intent to
cause damage. While I agree it's a good idea to classify unauthorized
"browsing" as criminal, I find it difficult to catalog Cuthbert's URL
manipulation as inherently wrong. What happens if an unsuspecting user
incorrectly enters an URL and strays onto propriety information? This
activity would be classified as criminal by the Computer Misuse Act.</p>
<p>In the physical world, most individuals understand the boundaries
between public and private space. We see a house's front door, knock
and, if it's locked, leave. Reasonable individuals understand why
picking the lock and entering the house without cause constitutes a
criminal act. In cyberspace, the barriers aren't so clear. The lack of
adequate cybercrime case law makes the accurate wording of cybercrime
statutes critical for effective enforcement. I would equate Cuthbert's
manipulation of the Web site URL with knocking on the front door.
Unfortunately, Cuthbert's lawyers made this argument during trial and
failed.</p>
<p>Luckily, computer security firm <a href="http://www.corsaire.com/" target="_blank">Corsaire</a>, Cuthbert's current employer, has taken a sensible view of the situation and chosen to <a href="http://news.com.com/Tsunami+hacker+keeps+security+job/2100-7348_3-5946271.html" target="_blank">keep Cuthbert as an employee</a>. I applaud Corsaire for choosing to look past Cuthbert's conviction and consider the situation's mitigating factors.</p>
<p>Let me be absolutely clear: I'm not advocating that organizations
hire unrepentant virus propagators, spammers, phishers, or other
organized computer thieves. All governments should arrest and prosecute
hardened cybercrimnals to the fullest extent of the law. I also believe
convicted criminals should face sentences commensurate with their
crimes. I do propose however, that IT hiring managers make a pragmatic,
case-by-case evaluation of past criminal history--cyber or otherwise.</p>
Want to keep up with who's "On the Soapbox" each week? Use this link to <a href="http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e131">automatically subscribe</a> to the Blog Roundup Newsletter and have it delivered directly to your Inbox every Wednesday.

Related Discussions

Related Forums