Tuesday, December 4, 2012

Hacking the Hackers


The Los Angeles Times reports on a new online security company called CrowdStrike founded by the former chief technology officer at McAfee Inc., George Kurtz.  Also joining CrowdStrike is the former head of the FBI's Cyber Crimes Division, Shawn Henry.
CrowdStrike is at the forefront of a novel business model for cybersecurity, one that identifies sophisticated foreign attackers trying to steal U.S. intellectual property and uses the attackers' own techniques and vulnerabilities to thwart them.  The firm is marketing itself as a private cyber intelligence agency, staking out networks to catch infiltrators, assembling dossiers on hackers and fooling intruders into stealing bogus data.
CrowdStrike, which employs Chinese linguists and former U.S. government agents, also has identified Chinese hackers using clues in their malware.   It then profiles them — complete with real names and photos — using information gathered from a variety of sources.
That has helped the company, for example, identify a Chinese hacker who targeted financial institutions and tends to seek merger and acquisition information.  Profiles enable a more targeted defense by helping CrowdStrike know when an attacker is likely to strike, how he communicates, what malware he uses and how he tries to take the stolen data.
Some experts believe CrowdStrike and other companies should be able to "hack back" by, for example, disabling servers that host cyber attacks, whether they are in the U.S. or abroad.  But this approach is not without critics, who worry how far companies might go down the road of cyber vigilantism.
The Justice Department has said hacking back may be illegal under the Computer Fraud and Abuse Act, a 1996 law that prohibits accessing a computer without authorization.  Many lawyers liken it to the principle that a person can't use "self-help" to legally break into his neighbor's house, even if he sees his stolen television in the neighbor's living room.

But what happens when the authorities themselves are unable, or unwilling, to cope with the threat that such hackers present?  

Critics worry that third party servers may be affected, or that attacks on Chinese or Russian-controlled computers could trigger an international incident.  What do you think?



Sunday, December 2, 2012

UK Student Strikes Deal to Avoid US Prison Time For Web Piracy


As this blog reported in July 2012, a student in the United Kingdom was facing extradition to the U.S. on charges of illegal copyright piracy.

The student, Richard O’Dwyer, a 24-year-old college student from Great Britain, was facing possible extradition on criminal charges of copyright infringement. The possible punishment: 10 years in a U.S. federal penitentiary.

In 2008, O’Dwyer first set up a website, TVShack.net, which allowed users to search for and link to other sites, including ones that the federal authorities argue showed pirated movies and television shows.  

The US government shut down TVShack.net in summer 2010.  But Mr. O’Dwyer was apparently unbowed.  TVShack.net had been growing in popularity, and it made about $230,000 from advertising over the course of two years, federal prosecutors claim.

“America? They have nothing to do with me,” Mr. O’Dwyer had declared, according to his mother.  He then subsequently reopened his site as TVShack.cc, which he reckoned was beyond the reach of the United States.  He was wrong.

A few months later came a knock on the door from the British police. A judge ruled that Mr. O’Dwyer would not be prosecuted in Britain.  Instead, the US Department of Justice would seek to extradite him.

Prosecutors also claimed that O'Dwyer was well aware that the material was copyrighted.  They cited an announcement on TVShack that urged users to be patient with download times because they were “saving quite a lot of money (especially when putting several visits to the theater or seasons together).”

Subsequently, the BBC has reported the student has struck a deal to avoid extradition.  A High Court judge was informed that Mr O'Dwyer was expected to travel to the U.S. in the next 14 days to complete a plea agreement, pay an undisclosed sum in compensation and give undertakings not to infringe any copyright laws again.  If he does, he may face immediate extradition.

When "Wants" and "Likes" Collide


Facebook is being sued by a Michigan company that claims that its "WANT" button is being infringed upon by the social media giant.

CVG-SAB, based in Farmington Hills, Michigan, owns the website wantbutton.com, and claims that it began marketing its button in September 2010, to allow consumers to keep a list of desired products and services online.  Tommy Bahama, Burlington Coat Factory and others are current customers of CVG-SAB.  

Facebook began using a "WANT" button that takes users to non-Facebook sites where they can purchase merchandise.  

The lawsuit claims that CVG-SAB has already experienced instances of actual consumer confusion, having allegedly received inquiries into whether the new Facebook platform is related to it.

In response, Facebook filed a counterclaim, alleging that the "want" button uses a common, everyday term that cannot be protected -- a difficult legal strategy to press, considering Facebook claims monopoly ownership of the "LIKE" button. 

Feds Seize 130+ Domain Names and Shut Down Websites on Cyber Monday

On the biggest online shopping day of the year with consumers estimated to have spent over $1.5 billion, federal officials shut down over 130 websites that were selling illegal counterfeit items on the Internet.

Project Cyber Monday 3 marks the third year in a row that U.S. Immigration and Customs Enforcement (ICE) has shut down numerous websites selling counterfeit goods.

“Everything from Ergobaby carriers to New Era hats, Nike sneakers, Tiffany jewelry, Oakley sunglasses and NFL jerseys, just to name a few. Even counterfeit Adobe software was for sale,” ICE Director John Morton said during a conference call.

ICE’s National Intellectual Property Rights Coordination Center  and Homeland Security Investigations partnered with EUROPOL, the European Union’s law enforcement agency, to take down 101 websites that were hosted on U.S. internet servers and 31 websites hosted in Europe.

ICE obtained court orders to shut the websites down after investigators purchased items from the websites and confirmed that the items were fake.

“Counterfeit Hermes purses, Christian Louboutin shoes and various Nike apparel, all of it fake, all of it substandard,” Morton said about the quality of the knock-off items.

“When IP rights are violated, jobs are lost, businesses are stolen and ultimately consumers are cheated. Remember, counterfeiters care about making money and only about making money. They don’t pay health care. They don’t pay pensions. They don’t pay taxes. They don’t care about the people that work for them and they don’t, frankly, care about the consumers who purchase the products,” Morton said.