Evolving Threats: Fighting Online Fraudulent Activity LSI Conference, S.F. William J. Cook.

Evolving Threats: FightingOnline Fraudulent Activity

LSI Conference, S.F.

William J. Cook

W I L D M A N H A R R O L D | A T T O R N E Y S A N D C O U N S E L O R S

Evolving Online Threats

September 26, 2006 2

Bill Cook

» Chicago IMNA Board Member, Immediate Past President

» Former Head of US DOJ Computer Crime Task Force; Counter-Espionage Coordinator and Counter-Terrorist Coordinator; DOJ FEMA Coordinator (Chicago)

» NRC Committee on Critical Infrastructure Protection and the Law

» Partner, Wildman Harrold, Chicago

» Retail response to CPP and PCI failure claims

» Intellectual Property, Internet and Web law (Business Continuity and Security)

» 90 trials

» Expert presentations on Internet liability before U.S. House Judiciary Comm., GAO, FCC




Spam

» 9 of 10 Internet emails are spam» 6 of the 9 carry a payload

» Virus» Bots

» Denial of service attacks» VOIP attacks

» Virginia AG v. California




Webpage BIA Security Crisis

» May 17, 2005 court continues security requirements and applied to wireless

» Cobell v. Norton, Fed. 12/05/01




Other Vendor IssuesNY AG v. ACLU

»Secret contributor list

»Webpage representations

»The vendor did it




FTC v. Yesmail Inc. d/b/a Once CorporationSoftware ate my homework

» Yesmail sent unsolicited commercial e-mail after consumers asked it to stop

» FTC fine $50,717» Yesmail sent e-mail on behalf of its clients more than 10

business days after recipients had asked it to stop.» Yesmail offers e-mail marketing services, including sending

commercial e-mail and processing unsubscribe requests from recipients.

» Yesmail said it’s spam filtering software filtered out certain unsubscribe requests from recipients which resulted in Yesmail failing to honor unsubscribe requests by sending thousands of commercial e-mail messages to recipients more than 10 business days after their requests.

» http://www.ftc.gov/opa/2006/11/yesmail.htm




Spoofing

» The unauthorized use of a third-party domain name as the sender's name in an e-mail message. Most often used by spammers, spoofing the name of a popular retailer or organization entices the recipient to read the full message

» Handled as ID theft» No federal prosecutions




FTP Site Compromise

» Client’s President accessed competitor’s FTP site and obtained customer lists, vendor price lists, source code

» Criminal and civil actions filed against Client at the same time as FBI search of corporate offices

» Issues regarding security, expectation of privacy




Spyware

» Software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.

» Typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet

» spyware monitors user activity on the Internet and transmits that information in the background to someone else.

» Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

» Spyware steals from the user by using the computer's memory resources and also by eating bandwidth

» Because spyware exists as independent executable program, its has the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

» Violation of ECPA? Computer Fraud & Abuse Act?




Michigan Becomes First State to Employer Liability for Workplace Identity Theft

» June 2005 announced that Michigan will allow employee lawsuits against employers

» Michigan Ct. of Appeals allows employee victim to recover $275,000




Ramifications of Stolen Computers

» Company’s outsource healthcare information to vendors

» Client’s employee database of health information, personal credit cards and other personal information missing

» Business Associate rule

» Vendor suffers intrusion and laptops stolen

» Internal investigation

» HIPAA exposure identified

» Potential employee legal action(s) identified

» Vendor forced to meet ISO 17799 and corporate standards

» Prepared and oversaw E&Y ISO 17799 security audit and evaluated compensating controls

» Negotiated vendor contract changes and remediation

» Rewrote security provisions for vendor contracts




Defecting CEO

» CEO and 5 key employees left ecommerce client with trade secret information to start up competing company

» Forced forensic analysis of departed hard drives to locate stolen information

» Evaluated Economic Espionage Act referral/not applicable

» Opponents clearly understood liability and embarrassment if they did not cooperate

» Used threat of litigation to achieve client’s business strategy without actually having to go to court

» Negotiated return of all data and essentially shut down potential competitor




I.D. Theft: Russian Carding

» Some estimates: 20% of credit card transactions are fraudulent

» Since Feb. 2005, sensitive personal records exposed in security breaches: 93,771,829

» Russian carding contributes $1 Billion annually to Russian economy

» Russian cards sponsor events at the Kremlin» Underground pages bragging about:

» Infiltrating bank processors» Attacks on specific financial targets» Breaching 3DES » Posting databases




CPP (CPC) Designation

» Case against merchant begins with designation as a common point of purchase (CPP) or a common point of compromise (CPC)

» CPP is determined by reverse analysis of credit card or debit card activity

» Credit card association or agent makes contact

» Date of alleged fraud may be remote

» Forensic Audit triggered




Moving Parts

» Visa, MC, AmEx, Discovery» Issuing banks» Acquiring banks» Merchants that accept fraudulent credit cards,

increasingly located in Europe» POS software vendors» Insurance companies and brokers» Public relations» Stockholder issues» Board of Director issues» Consumer disclosure issues and Secret Service non-

disclosure request» Disclosure / cooperation with federal agencies




Downstream Liability Issues

» Standard of care before intrusion

» How much due diligence can be proven

» Corporate policies

» Public relations

» SEC and Stockholder issues

» Board of Director issues




Questions?

William J. Cook, Esq.

Wildman Harrold Allen & Dixon LLP

225 West Wacker Drive

Chicago, IL 60606-1229

312.201.2000 (General Number)

312.201.2555 (Fax)

[email protected]

Date post:	25-Dec-2015
Category:	Documents
Upload:	cecil-fisher
View:	216 times
Download:	2 times

Evolving Threats: Fighting Online Fraudulent Activity LSI Conference, S.F. William J. Cook.

Documents