http://www.cybercrimelaw.org/ Information security and privacy, computer crime prevention, detection, and prosecution. Focus on emerging issues in combating cybercrime in the United States and internationally, analyze recent legislation dealing with protecting cyber infrastructure and information. en-us Copyright 2004 Wed, 23 May 2007 13:02:20 EST http://www.cybercrimelaw.org/favicon.ico http://www.cybercrimelaw.org http://www.cybercrimelaw.org/2007/07/27/rss-feed-address-moved/ Please update your RSS reader to reflect the new feed. http://www.cybercrimelaw.org/blog/361/Another wifi freeloader in trouble.html There is another recent case of a person getting in hot water for using freely available wireless Internet. We reported on similar cases in the <a href="http://www.cybercrimelaw.org/blog/285/WiFi+freeloader+fined.html">past</a>. <br /><br />This time http://www.cybercrimelaw.org/blog/360/Cost of insecurity .html Many information security professionals find it difficult to put a number on the cost of a breach and thus justify requesting more funds in their budget. Here's a useful piece of information for them - the TJX companies reported that in the first qua http://www.cybercrimelaw.org/blog/359/Privacy protection old style.html Many computer users try very hard to find the perfect software to protect their privacy and the security of their information by setting up encrypted drives, biometric authentication, or similar technological measures. What many people forget to do i http://www.cybercrimelaw.org/blog/358/Project Honeypot anti-spam lawsuit complaint now available.html I now have the <a href="/documents/PHP - Stamped Complaint(4-26-07).pdf">complaint</a>. Thanks JP. http://www.cybercrimelaw.org/blog/357/Major anti-spam lawsuit filed.html The news is slowly trickling through the news outlets so I would like to comment on it a little bit. For those not familiar with the story yet, a major anti-spam lawsuit has been filed in the U.S. District Court in Alexandria, Virginia. The suit was http://www.cybercrimelaw.org/blog/356/Security awareness training.html Many information security officers face a difficult task in educating their user base on proper security practices and procedures. Education is a key element of a good security practice and Microsoft has given us all a hand in this process.<br /><br http://www.cybercrimelaw.org/blog/355/Spreadsheet information security.html Spreadsheets -- often spread across servers, network drives, usb keys, or email messages -- are what makes a modern business function properly. The information stored in Excel sheets is often critically important not only to the organization but also http://www.cybercrimelaw.org/blog/354/Cybercrime - Digital Cops in a Networked Environment.html I received this book a couple of weeks ago but my schedule was very busy so I just had a chance to review and comment on this new book. The book is a very interesting collection of essays from leading scholars and practitioners in the area focusing o http://www.cybercrimelaw.org/blog/353/Hacking for Investment Information.html It is not often when the Securities and Exchange Commission is involved in prosecution of cybercrimes. But in this case the SEC has successfully prosecuted cybercriminals for allegedly hacking into protected systems containing nonpublic information a http://www.cybercrimelaw.org/blog/352/Proposed Law to Ban Domain Sale to Terrorist Groups.html <a href="http://blog.ericgoldman.org/archives/2007/02/the_most_effect.htm">Eric Goldman</a> alerts us to a new bill pending in New York which would make it a crime to sell domain names to terrorist organizations. The relevant portion of the proposed http://www.cybercrimelaw.org/blog/351/Why is Korea a Heaven for Cybercriminals?.html Korea shows in the top of many statistics tracking spam, phish, zombies, or other various kinds of cybercrimes. Why is this? <br /><br />There are few apparent reasons - the dominance of the Windows OS in Korea, anecdotal lack of interest in cybersec http://www.cybercrimelaw.org/blog/350/Is the DOJ "forum-shopping" in cybercrime prosecutions?.html The Wall Street Journal has an interesting <a href="http://online.wsj.com/article/SB117124525768805398-search.html">article</a> ($ reg. required) (and <a href="http://blogs.wsj.com/law/2007/02/12/is-the-doj-forum-shopping-in-cybercrime-prosecutions/" http://www.cybercrimelaw.org/blog/349/Employers Immune From Liability For Employee's Cyberthreats.html A recent interpretation of Section 230 of the Communication Decency Act by a California Court of Appeals held that an employer is immune from liability based on an employee's use of its communication networks and systems to send threatening messages. http://www.cybercrimelaw.org/blog/348/Printer forensics.html In case you need to track who printed a particular page - EFF has done some good work in cracking the &quot;tracking dot&quot; code some printers secretly print on every page. <br /> <blockquote>The DocuColor series prints a rectangular grid of 15 by http://www.cybercrimelaw.org/blog/347/Preventing Insider Threats.html Many organizations place a very strong emphasis on external security - firewalls, VPN, special network routing, etc. However, a substantial portion of the information security risk comes from within the organization - the &quot;insider threats.&quot; http://www.cybercrimelaw.org/blog/346/Don't Search For Your SSN.html An interesting story floats around many NBC stations and other major news outlets about a site that protects you from identity theft. It goes along the lines of, &quot;Do you want to make sure your social security and credit card numbers are not stol http://www.cybercrimelaw.org/blog/345/Full Pipe Surveillance.html <a href="http://news.com.com/FBI+turns+to+broad+new+wiretap+method/2100-7348_3-6154457.html">CNET </a>reports on an Internet surveillance technique adopted by the FBI. According to CNET,<br /><blockquote>Instead of recording only what a particular su http://www.cybercrimelaw.org/blog/344/More on CFAA Damages.html The Computer Fraud and Abuse Act (<a href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html">18 U.S.C. 1030</a>) was intended to criminalize criminal hacking into protected computers. However, one of its effects (unin http://www.cybercrimelaw.org/blog/343/Forensic Investigation Misfortunes.html While we are on the subject of <a href="http://www.cybercrimelaw.org/blog/340/Department+of+Justice%27s+Cybercrime+Fighting+Manual.html">conducting forensic investigations</a> by local (usually small) law enforcement units, here is another story from http://www.cybercrimelaw.org/blog/342/Steganography for All.html <blockquote><strong>steganography </strong>(n.) The practice of hiding messages, often by writing them in places where they may not be found. Often (wrongly) used to mean the same as cryptography which relates to encoded messages. </blockquote> <br http://www.cybercrimelaw.org/blog/341/Hacking Printers.html An interesting article from ComputerWorld shows another angle direction from which an organization may be attacked electronically. It is not enough that security managers and ISOs need to worry about compromised PCs, servers, or smart phones but now http://www.cybercrimelaw.org/blog/340/Department of Justice's Cybercrime Fighting Manual.html The Department of Justice has released a 137-page &quot;<a href="http://www.ncjrs.gov/pdffiles1/nij/210798.pdf">Investigations Involving the Internet and Computer Networks</a>&quot; manual aimed at local (and unsophisticated in fighting cybercrime) l http://www.cybercrimelaw.org/blog/339/Motivating users to be security conscious.html Many information security officers (ISOs) share a complaint - &quot;our users do not listen to us when we ask them to be security conscious; it is hard to motivate them to use good practices, etc.&quot;<br /><br />The problem is large indeed. Most of http://www.cybercrimelaw.org/blog/338/Information Security and Privacy Tools.html <span style="font-style: italic;">Information security and privacy professionals use a variety of tools in their day-to-day work to help identity vulnerabilities, analyze a computer forensically, scan a machine locally or remotely, etc. We will try t http://www.cybercrimelaw.org/blog/337/Hacking Traffic Lights.html It it is connected to a computer - then it can be hacked. Two L.A. city employees are charged with hacking traffic lights over labor dispute. The two men, Gabriel Murillo and Kartik Patel, are charged by the L.A. district attorney's alleging that the http://www.cybercrimelaw.org/blog/336/10 Questions To Ask During An Information Security Interview.html <a href="http://dmiessler.com/archives/1061">Daniel Miessler</a> has compiled a list of 10 questions that should be asked of a candidate for a security (or even any IT position.) Although not perfect, this list should provide a good starting point fo http://www.cybercrimelaw.org/blog/334/MP3 Player Bank Machine Hacker Thief Gets 32 Months in Jail.html A man in the U.K. was sentenced to 32 months in prison for using MP3 player to capture credit card details from an automatic teller machine. <br /><br />What he did was to use the MP3 players to capture recordings of modem data traffic from what the http://www.cybercrimelaw.org/blog/333/478 IRS Laptops Missing.html According to documents obtained by <a href="http://www.wtop.com/?nid=428&amp;sid=975026">WTOP</a> through the Freedom of Information Act request, between 2002 and 2006, the IRS had 478 laptops either stolen or lost. <br /><br />Of those, 112 computer http://www.cybercrimelaw.org/blog/332/Secure Delete - Fact or Fiction?.html It is not fiction &ndash; you can securely delete information. However, there are many caveats. <br /><br />First of all, if you know or have a reason to know that the information in question is or will be involved in litigation &ndash; securely dele http://www.cybercrimelaw.org/blog/331/Dirty Dozen Spam-Producing Countries.html <a href="http://www.sophos.com/pressoffice/news/articles/2006/11/dirtydozq306.html">Sophos</a> has produced its latest report on the top twelve spam relaying countries over the third quarter of 2006. As the chart below shows, the US is by far the lar