Saturday, February 24, 2007

Fraudsters Declare War on Anti-Scam Services. Fraudsters Declare War on Anti-Scam Services. Spammers have been attacking and threatening several of the groups and individuals who have been performing some of the most important work in hobbling online scams, spam and computer viruses. The SANS Internet Storm Center on Thursday found a piece of malicious code (called "sans.exe") designed to update a group of several thousand infected computers that SANS has been monitoring. The code includes text strings that suggest an attack on the center if two of its crime fighters don't stop interfering with his money-making spam operations. The message, in part, read: "You better f*** off SANS.org especially that [SANS chief technology officer] Johannes Ullrich (phone and e-mail address deleted) and Kevin Hong (phone and e-mail address deleted). I really don't have anything against you, just piss off alright?" [sic] "I guess we always felt like this [was] going to happen at some point," Ullrich said in an online chat with Security Fix this morning. "Adding taunts like this to their code isn't what you would expect from a professional criminal trying to stay low profile. [It] points to a more juvenile 'hooligan' mentality," than hardened cyber crook. Last month, a number of anti-spam Web sites came under a sustained "distributed denial of service" (DDoS) attack, an electronic assault during which the attackers use thousands of compromised personal computers to overwhelm a target with so much bogus traffic that the PCs can't accommodate legitimate visitors. The attacks were made possible by tens of thousands - perhaps millions - of computers infected by the recent e-mail virus known as the "Storm worm. The virus links all infected computers into a peer-to-peer data network using the same technology as the eDonkey file-sharing network. The attackers later instructed the networked machines to attack sites such as spam trackers Spamhaus and the personal Web site of Joe Stewart, the SecureWorks researcher who conducted some of the most detailed analysis of the Storm worm. The Web sites for CastleCops -- an all-volunteer, online scam fighting community -- also have been under a consistent denial-of-service attack for the past couple of weeks. Its main site and user forum are not working again this morning. Security Fix has spotlighted the laudable work this volunteer group does in bringing down phishing Web sites and analyzing new malicious software. CastleCops co-founder Robin Laudanski said the intermittent site shutdowns have been inconvenient, but added that they have bolstered support for the group from within the security community. "I take [the attacks] as a compliment because if we weren't putting a dent in the bad guys' pocketbooks, we wouldn't be getting attacked," Laudanski said. "It means we're being a pain, and that we're doing something right." [Security Fix] 11:15:24 PM

RIAA to Parents: Pop-Ups + Viruses = Piracy! RIAA to Parents: Pop-Ups + Viruses = Piracy! If a parent sees pop-up ads and viruses on her computer, she can be sued for copyright infringement by the RIAA. At least that's what the RIAA is arguing in a recent court filing in the Capitol v. Foster case, in which a federal judge made the RIAA cough up attorney's fees to a mother, Debra Foster, who had been sued because her daughter was file sharing. The RIAA lawyers had dawdled in dismissing their complaint against Foster, even after her child admitted to being the file-sharer in the house (the RIAA went ahead and got a default judgment against the child). This new filing marks the first time the RIAA has explained its claim that parents are liable for the infringements committed by their children (a theory that has never been accepted by any court, to the best of my knowledge). The argument is pretty remarkable, built on a house of cards including the notion that "everyone knows" pop-up ads and viruses signify piracy! Here's the relevant portion of the RIAA brief: Given that it has been established that the Kazaa file-sharing program was on the Foster family's computer, the evidence would have established that the Kazaa icon was clearly visible on the computer when defendant was using it and that there were likely a substantial number of pop-up advertisements, the types of which have been associated with the Kazaa program. In other words, the RIAA believes that pop-up ads and a system tray icon should put every parent on the hook for every download on the computer. In addition, it is undisputed that defendant had an account with Cox Communications. Defendant's subscriber agreement with Cox made clear that defendant, as the account holder, was responsible for what is done on her account. ... Here, the RIAA is trying to make a private contract between Cox and the parent into a promise to the RIAA. Of course, since this is standard boilerplate in ISP customer agreements, this argument would apply equally to every broadband subscriber, whether parent, employer, library, or school. Finally, plaintiffs believe that discovery would have revealed substantial other evidence of defendant's knowledge and material assistance in the underlying infringements. For example, the computer may well have been in a common area such that defendant heard music coming from the computer when admitted infringer Amanda Foster was using it. In addition, the evidence may have established, as it has in other similar cases, that there were viruses on the computer due to Kazaa and that defendant may have had work done on the computer that would have revealed the existence of the file-sharing program. ... Yes, parents, that means every time you hear music emanating from a computer, the RIAA believes you have a legal duty to check the copyright pedigree of its source. Oh, and if your computer has a virus, same answer. Similarly, plaintiffs believe that, had they been given the opportunity, they would have been able to prove vicarious infringement. Specifically, plaintiffs would have proved that, as a parent, defendant had the full right and ability to control her daughter's use of the computer at issue. Most parents impose restrictions on computer usage by their children (e.g., rules about pornography sites and chat rooms), and plaintiffs believe that defendant would have done so as well. Plaintiffs further would have proven that defendant had a direct financial interest in her daughter's infringing activities, which, of course, involve substantial sums of money in terms of the value of the recordings at issue and the potential liabilities resulting from such activities. By this logic, the more responsible you are as a parent, the more the RIAA will be entitled to collect from you. Moreover, the RIAA is confusing the benefit to the child with the benefit to the parent. As every parent knows, just because your kids wants a new CD doesn't mean you would have bought it for them. Let's be clear what this pretzel logic is really all about -- the RIAA wants to reach a hand into every parent's pocket in order to fuel their mass litigation campaign, irrespective of whether the law supports this. But there is a bigger risk, as well. If court's accept this argument in file-sharing cases, the RIAA will have a precedent to use against every employer, every library, and every school for every copyright infringement committed on its computers. So I'm on the side of the judge in Capitol v. Foster, who dubbed these RIAA arguments "untested and marginal." For more on parental liability in RIAA file sharing lawsuits, take a look at the memo we prepared on the subject in 2005 (soon to be updated in light of more recent authorities, including Capitol v. Foster). [EFF: Deep Links] 11:01:25 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 10:31:54 AM.