Tuesday, December 4, 2012

Hacking the Hackers

The Los Angeles Times reports on a new online security company called CrowdStrike founded by the former chief technology officer at McAfee Inc., George Kurtz.  Also joining CrowdStrike is the former head of the FBI's Cyber Crimes Division, Shawn Henry.
CrowdStrike is at the forefront of a novel business model for cybersecurity, one that identifies sophisticated foreign attackers trying to steal U.S. intellectual property and uses the attackers' own techniques and vulnerabilities to thwart them.  The firm is marketing itself as a private cyber intelligence agency, staking out networks to catch infiltrators, assembling dossiers on hackers and fooling intruders into stealing bogus data.
CrowdStrike, which employs Chinese linguists and former U.S. government agents, also has identified Chinese hackers using clues in their malware.   It then profiles them — complete with real names and photos — using information gathered from a variety of sources.
That has helped the company, for example, identify a Chinese hacker who targeted financial institutions and tends to seek merger and acquisition information.  Profiles enable a more targeted defense by helping CrowdStrike know when an attacker is likely to strike, how he communicates, what malware he uses and how he tries to take the stolen data.
Some experts believe CrowdStrike and other companies should be able to "hack back" by, for example, disabling servers that host cyber attacks, whether they are in the U.S. or abroad.  But this approach is not without critics, who worry how far companies might go down the road of cyber vigilantism.
The Justice Department has said hacking back may be illegal under the Computer Fraud and Abuse Act, a 1996 law that prohibits accessing a computer without authorization.  Many lawyers liken it to the principle that a person can't use "self-help" to legally break into his neighbor's house, even if he sees his stolen television in the neighbor's living room.

But what happens when the authorities themselves are unable, or unwilling, to cope with the threat that such hackers present?  

Critics worry that third party servers may be affected, or that attacks on Chinese or Russian-controlled computers could trigger an international incident.  What do you think?

Sunday, December 2, 2012

UK Student Strikes Deal to Avoid US Prison Time For Web Piracy

As this blog reported in July 2012, a student in the United Kingdom was facing extradition to the U.S. on charges of illegal copyright piracy.

The student, Richard O’Dwyer, a 24-year-old college student from Great Britain, was facing possible extradition on criminal charges of copyright infringement. The possible punishment: 10 years in a U.S. federal penitentiary.

In 2008, O’Dwyer first set up a website, TVShack.net, which allowed users to search for and link to other sites, including ones that the federal authorities argue showed pirated movies and television shows.  

The US government shut down TVShack.net in summer 2010.  But Mr. O’Dwyer was apparently unbowed.  TVShack.net had been growing in popularity, and it made about $230,000 from advertising over the course of two years, federal prosecutors claim.

“America? They have nothing to do with me,” Mr. O’Dwyer had declared, according to his mother.  He then subsequently reopened his site as TVShack.cc, which he reckoned was beyond the reach of the United States.  He was wrong.

A few months later came a knock on the door from the British police. A judge ruled that Mr. O’Dwyer would not be prosecuted in Britain.  Instead, the US Department of Justice would seek to extradite him.

Prosecutors also claimed that O'Dwyer was well aware that the material was copyrighted.  They cited an announcement on TVShack that urged users to be patient with download times because they were “saving quite a lot of money (especially when putting several visits to the theater or seasons together).”

Subsequently, the BBC has reported the student has struck a deal to avoid extradition.  A High Court judge was informed that Mr O'Dwyer was expected to travel to the U.S. in the next 14 days to complete a plea agreement, pay an undisclosed sum in compensation and give undertakings not to infringe any copyright laws again.  If he does, he may face immediate extradition.

When "Wants" and "Likes" Collide

Facebook is being sued by a Michigan company that claims that its "WANT" button is being infringed upon by the social media giant.

CVG-SAB, based in Farmington Hills, Michigan, owns the website wantbutton.com, and claims that it began marketing its button in September 2010, to allow consumers to keep a list of desired products and services online.  Tommy Bahama, Burlington Coat Factory and others are current customers of CVG-SAB.  

Facebook began using a "WANT" button that takes users to non-Facebook sites where they can purchase merchandise.  

The lawsuit claims that CVG-SAB has already experienced instances of actual consumer confusion, having allegedly received inquiries into whether the new Facebook platform is related to it.

In response, Facebook filed a counterclaim, alleging that the "want" button uses a common, everyday term that cannot be protected -- a difficult legal strategy to press, considering Facebook claims monopoly ownership of the "LIKE" button. 

Feds Seize 130+ Domain Names and Shut Down Websites on Cyber Monday

On the biggest online shopping day of the year with consumers estimated to have spent over $1.5 billion, federal officials shut down over 130 websites that were selling illegal counterfeit items on the Internet.

Project Cyber Monday 3 marks the third year in a row that U.S. Immigration and Customs Enforcement (ICE) has shut down numerous websites selling counterfeit goods.

“Everything from Ergobaby carriers to New Era hats, Nike sneakers, Tiffany jewelry, Oakley sunglasses and NFL jerseys, just to name a few. Even counterfeit Adobe software was for sale,” ICE Director John Morton said during a conference call.

ICE’s National Intellectual Property Rights Coordination Center  and Homeland Security Investigations partnered with EUROPOL, the European Union’s law enforcement agency, to take down 101 websites that were hosted on U.S. internet servers and 31 websites hosted in Europe.

ICE obtained court orders to shut the websites down after investigators purchased items from the websites and confirmed that the items were fake.

“Counterfeit Hermes purses, Christian Louboutin shoes and various Nike apparel, all of it fake, all of it substandard,” Morton said about the quality of the knock-off items.

“When IP rights are violated, jobs are lost, businesses are stolen and ultimately consumers are cheated. Remember, counterfeiters care about making money and only about making money. They don’t pay health care. They don’t pay pensions. They don’t pay taxes. They don’t care about the people that work for them and they don’t, frankly, care about the consumers who purchase the products,” Morton said.

Saturday, November 24, 2012

5-Hour Energy Drink Sues to Stop Counterfeit Network

The maker of 5-Hour Energy drinks is suing to stop an extensive counterfeiting network. 

Living Essentials reports that it recently identified and shut down the counterfeiters' alleged factory in San Diego and obtained court orders to seize tens of thousands of illegal and fraudulent 5-Hour Energy bottles and machinery used to produce them.  

According to court papers, the counterfeit bottles were very similar in appearance to genuine 5-Hour Energy bottles, but slightly shorter and without a raised mark in the center of each bottle cap. Dissatisfied customers have complained the counterfeits "did not provide any energy," according to a lawsuit filed in U.S. District Court for the Southern District of New York.   In addition, the bottles' trademark "running man" is heavier-set on the fake 5-Hour Energy labels.  The counterfeits also tasted and smelled differently and contained no vitamin B12.  

Real 5-Hour Energy, sold in 1.93-ounce bottles, claims to contain 833 percent of the U.S. Food and Drug Administration's recommended daily intake of B12.  Living Essentials says it is unaware of any serious adverse reactions to the counterfeit product.  

The company received orders from federal judges in New York and San Francisco to seize counterfeit products and business records. Living Essentials is seeking $25 million in damages and all profits obtained through the alleged counterfeit scheme.

Wednesday, October 10, 2012

Counterfeit Airbags Present Serious Safety Risk

National Highway Traffic Safety Administration (NHTSA) and Immigration and Customs Enforcement (ICE) officials today warned consumers about counterfeit airbags made at overseas manufacturers and installed in cars throughout the U.S. 

The counterfeit airbags have been found in more than 75 different makes and models, both domestic and internationally-made cars, and could affect thousands of individuals.

Earlier this year ICE arrested and convicted a Chinese counterfeiter who was found with nine different brands of airbags. And just this year have confiscated more than 2,500 fake airbags.

Consumers are at risk if:

•   They have had their car airbag replaced in the last three years, at a repair shop not associated with a new car dealership;

•   Purchased a used car that may have had its original airbag replaced;

•   Own a car titled branded salvage, rebuilt or reconstructed;

•   Got a "too good to be true" deal for airbag replacement; or

•   Purchased their airbag from eBay, Craigslist or other non-certified outlet.

Because the faulty airbags are not the fault of car manufacturers or dealers, this is not a mandatory recall and consumers must pay out of pocket to replace the airbag.

"They look like the real thing and unfortunately consumers are not in a position to figure out if they have a fake or a real airbag and they certainly wouldn't be in a position to be able to replace their own airbag," David Strickland, NHTSA administrator said.

Officials urge anyone who has suspicions about their airbags to take their car to an expert for testing and replacement.