T2P Prosecution & Litigation News

Nigeria Announces Early Results Of Anti-Scammer Initiative

2009-11-05T18:37:42Z

No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.

Nigeria Announces Early Results Of Anti-Scammer Initiative

Nigeria's Economic and Financial Crimes Commission is the force behind Project Eagle Claw, and with Microsoft's help, has just started ramping it up. Waziri explained in a statement, "We expect that Eagle Claw as conceived will be 100% operational within six months and at full capacity, it will take Nigeria out of the top 10 list of countries with the highest incidence of fraudulent e-mails."

She then gave some very interesting details, continuing, "[U]pon full deployment, the capacity to take down fraudulent e-mails will increase to 5,000 monthly. Further it is projected that advisory mails to be sent to victims and potential victims will be about 230,000 monthly."

Anything Nigeria can do to address the problem of scammers operating from within its borders will of course be good for the country's image. More than that, it might help honest Nigerians become part of the online world (since some entities have just taken to blocking troubled regions as a whole).

Then there will be the benefit to the rest of the world, with maybe millions of dollars not getting lost. For that reason, Project Eagle Claw is likely to gain a lot of fans.

Gartner Magic Quadrant Under Fire – Lawsuit Alleges Defamation and more

2009-10-22T18:31:57Z

A storm is brewing throughout the analyst community as one of the largest and most influential technology analyst firms comes under fire for one of their highest prized research artifacts – The Gartner Magic Quadrant (MQ) – ZL Technologies has filed a lawsuit alleging damages from Gartner’s Email and Archiving MQ and the MQ process [...]

Judge says TD Ameritrade's proposed security fixes aren't enough

2009-10-27T18:59:00Z

A federal judge's rejection of a proposed settlement by TD Ameritrade in a data breach lawsuit marks the second time in recent months where a court has weighed in on what it considers to be basic security standards for protecting data.

Vendor sues Gartner over Magic Quadrant

2009-10-22T02:13:02Z

Small email archiving vendor ZL Technologies has sued Gartner over the content of a magic quadrant, a case that has some CIOs thinking about the way they use analysts.

University’s libel suit highlights growing online dilemma

2009-10-13T12:04:18Z

A libel lawsuit filed by Butler University highlights the dangers of certain types of online postings.

The university is suing an anonymous blogger for comments posted last year on a blog that the school contends includes defamatory statements about two high-level administrators.

The blog has since been removed. University officials said they strongly support freedom of speech and academic freedom, “but we cannot tolerate the harassment, intimidation and defamation in which the defendant engaged.”

Delta Air Lines sued over alleged e-mail hacking

2009-10-14T13:10:00Z

Jeremy Kirk reports:

Delta Air Lines is being sued for allegedly hacking the e-mail account of a passenger rights advocate supporting legislation that would allow access to food, water and toilets during long delays on the tarmac.

Kathleen Hanni, executive director of Flyersrights.org, alleges Delta obtained sensitive e-mails and files and used the material in an attempt to derail the “Airline Passenger’s Bill of Rights of 2009,” of which four versions are pending before Congress.

The suit was filed on Tuesday in U.S. District Court for the Southern District of Texas and seeks a minimum of $11 million in damages.

T-Mobile sued over Sidekick data loss (update 3)

2009-10-14T14:04:11Z

It was only a matter of time, right? How much time, you ask? The Sidekick service disruption occurred last week, and a class action lawsuit (pdf) was filed against T-Mobile USA by Oren Rosenthal in Superior Court in Washington on October 12.

The lawsuit, which alleges negligence, breach of contract, and violation of Washington’s Consumer Protection Act, claims that Sidekick’s advertising never disclosed the risk of loss of data from a failure of the device and/or a disruption of the service, and that none of its advertising disclosed that T-Mobile had no backup or other retrieval system to recover data if there was a failure of the “Sidekick” device and/or a disruption of the service.

Hat-tip, Courthouse News.

Update: a second lawsuit has been filed.

Update 2: Cnet reports that a third case was filed in California this week.

Update 3: Microsoft is now claiming that it has recovered most of the data.

Ohio high court hears online communications case

2009-10-21T12:31:14Z

Julie Carr Smyth of Associated Press reports:

Booksellers, video game dealers, newspaper publishers and other critics of an online child protection law encountered skepticism from state Supreme Court justices Tuesday for their free-speech arguments.

A coalition led by the American Booksellers Foundation for Free Expression has challenged laws throughout the country aimed at protecting children from online pornography and predators that they claim jeopardize protected speech among adults that might be linked to private chat rooms, listservs or e-mail.

Disaster? E-Mails Seen as a Flash Point for Bear Stearns Fund Managers’ Fraud Trial

2009-10-12T16:12:12Z

Law.com brings us this take on email disaster: “On April 22, 2007, Bear Stearns hedge fund manager Matthew Tannin sent an e-mail to fellow hedge fund manager Ralph Cioffi. “The entire subprime market is toast,” he said. “There is simply no way for us to make money — ever.” Three days after the now-infamous “toast” e-mail, Tannin reassured investors during a conference call, telling them he was “very comfortable with exactly where we are” and “there’s no basis for thinking this is one big disaster.” Continue reading….

Fulbright’s 6th Annual Litigation Trends Survey Report

2009-10-16T05:12:14Z

News release: "Companies are seeing a litigation wave that corporate counsel expect to swell in the coming year, according to...

'Phish Fry' Nets 100 Fraudsters

2009-10-22T17:57:23Z

Biggest Cyber Crime Investigation in U.S. History
An international phishing operation was smashed on Wednesday by the US Federal Bureau of Investigation and law enforcement in Egypt.

The case called "Operation Phish Phry" has the largest number of defendants ever charged in a cyber crime case. A total of 53 people across the country and 47 people in Egypt were indicted in the multinational investigation.

ChoicePoint Fined $275K for 2008 Breach

2009-10-22T17:56:08Z

FTC: Data Broker Turned Off Tool That Would Have Detected Hack Sooner
Data broker ChoicePoint has agreed to a stronger data security program and will pay a $275,000 fine for a breach in 2008, according to the Federal Trade Commission.

The FTC says the company failed to implement a comprehensive information security program to protect consumers' personal information, as required by the agency after ChoicePoint's 2004 breach, which affected more than 160,000 U.S. consumers.

Bozeman city manager suspended over privacy flap - Montana's News Station

2009-10-13T12:56:26Z

Bozeman city manager suspended over privacy flap
Montana's News Station
Bozeman city leaders have decided to suspend City Manager Chris Kukulski over former hiring practices that asked applicants for login and password ...

and more »

Suit alleges Delta invaded privacy, used hacked e-mail - Bizjournals.com

2009-10-13T18:43:04Z

Suit alleges Delta invaded privacy, used hacked e-mail
Bizjournals.com
The Coalition for an Airline Passengers' Bill of Rights sued Delta Air Lines Inc. on Tuesday in a federal court in Texas, alleging the airline got hacked ...

and more »

Analysis: Phishing arrests highlight massive problem

2009-10-09T10:10:00Z

The massive phishing scam broken up by federal authorities this week is only a hint at what many say is an insidious and growing problem on the Internet.

Man arrested for twittering goes to court

2009-10-06T11:09:55Z

Kevin Bankston of EFF writes:

Over the past day, Everyone has been reporting about the arrest last month of Elliot Madison for twittering about police movements to protesters during the G-20 Summit in Pittsburgh, PA.

The reason this is being reported on now is because on last Thursday, the FBI also raided Mr. Madison’s home in Queens, NY, followed on Friday by Mr. Madison’s filing of a motion in the Eastern District of New York federal court in Brooklyn for the return of his seized property.

In reviewing all the stories, we saw lots of quotes from Mr. Madison’s legal filings and from the Pennsylvania state criminal complaint against him, but no links to the legal papers themselves. As a resource to journalists and interested readers, we are posting Mr. Madison’s motion and his lawyer’s supporting declaration; attached to the declaration are copies of the search warrant, an inventory of the seized items, and the original criminal complaint.

Lawsuit: Heartland Knew Data Security Standard was 'Insufficient'

2009-10-08T18:23:32Z

Complaint Says CEO Described PCI as 'Lowest Common Denominator' of Protection
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.

This is the contention of a new master complaint filed in the class action suit against Heartland, which in January announced a data breach that is now estimated to be the largest known hack, involving 130 million credit and debt card accounts.

Phishing bust sees 100 charged in US and Egypt

2009-10-08T10:07:00Z

Authorities in the US and Egypt have charged 100 people in connection with a phishing scam that saw around $1.5 million stolen from the bank accounts ...

Disloyal use of email isn’t a crime

2009-10-02T14:05:36Z

U.S. Appeals Court for Ninth Circuit.

Workers who use company email for disloyal activities may be targeted for administrative sanctions, but they’re not necessarily criminals under U.S. law, according to a recent decision by a federal court. The ruling by the Court of Appeals for the Ninth Circuit, which includes California, found that an employee for a residential treatment center for addicted persons in Nevada could not be prosecuted under the federal Computer Fraud and Abuse Act (CFAA) for emailing himself client files for use in a competing business after his employment was terminated from the center.

The case, LVRC Holdings v. Brekka, involves Christopher Brekka, who was hired by LVRC and worked at its Fountain Ridge facility in Nevada. Brekka’s duties included conducting Internet marketing programs and interacting with Web metrics company, LOAD, which LVRC employed to provide email, Web site, and related services for the treatment center. At the time of his hiring, Brekka owned and operated EBSN and EBSF, two consulting businesses that obtained referrals for addiction rehabilitation services and provided referrals of potential patients to rehabilitation facilities through the use of Internet sites and advertisements. According to the court, LVRC was aware of Brekka’s involvement with EBSN and EBSF when it brought him on board.

While working for LVRC, Brekka commuted between Florida, where his home and one of his businesses were, and Nevada, where Fountain Ridge and his other business were located. Brekka was issued a computer by LVRC, but routinely emailed himself documents he used at LVRC to his personal computer in Florida. After working for LVRC for several months, Brekka legitimately obtained an administrative log-in for the company’s Website to obtain metrics about the site which he used to manage its internet marketing.

Brekka did not have a written employment agreement with LVRC and the company did not have any employee guidelines governing emailing company documents to the personal computers of workers.

About six months after hiring Brekka, LVRC terminated its relationship with him. Later, LVRC discovered someone accessing their computers using Brekka’s login. When LVRC discovered that, they voided Brekka’s login and filed a number of lawsuits against the former employee, including one alleging he violated the CFAA when he emailed documents to his personal computer and continued his administrative access the company’s Web site.

The CFAA, enacted in 1984, is a federal law aimed at punishing computer hackers who access computers to steal information or to disrupt or destroy a computer’s functionality. Among the crimes cited in the law are accessing computers without authorization or in excess of authorization and stealing information or damaging a computer or its data. LVRC argued that Brekka violated the authorized access provisions of the law.

LVRC contended that Brekka’s access to confidential information to further his interests rather than the company’s constituted unauthorized access under the federal law. But the court didn’t see it that way. “[A]n employer gives an employee ‘authorization’ to access a company computer when the employer gives the employee permission to use it,” it reasoned. “Because LVRC permitted Brekka to use the company computer…Brekka did not act ‘without authorization.’”

As for the allegations that Brekka accessed LVRC’s computers after he left the company, the court found that LVRC did not meet its burden of proof to support that contention.

“Brekka holds that a person uses a computer ‘without authorization’ when she has not received permission to use the computer for any purpose, or when the employer has rescinded permission to access the computer and she uses the computer anyway,” Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, wrote in an analysis of the decision posted at the EFF’s Web site.

“Similarly, a person who is authorized to use a computer does not exceed authorization simply by acting contrary to the computer owner’s interest, but only by obtaining or altering information in the computer that she is not entitled to obtain or alter,” she continued.

“The Brekka opinion is in line with the more recent and better line of district court cases that have rejected a ‘thought crime’ interpretation of the CFAA where the employee’s mental state determines whether she was authorized or not,” she added. “Brekka says that neither the statutory language nor the canons of criminal law allow such a broad reading that leaves people uncertain of when this criminal statute would apply.”

What lessons can be learned by email administrators from this court decision? Certainly, the ruling illustrates the importance of an email policy for companies. If you don’t want your workers forwarding important documents to their home computers, then you should tell them so in black and white. It also might be wise to work with your HR and Legal departments to make sure email issues like those raised in Brekka are addressed in boilerplate employment agreements your company executes with contract employees.

Liked this post? Get more email management and administration related news from TheEmailAdmin.com!

Disloyal use of email isn’t a crime

Heartland Breach: Inside Look at the Plaintiffs' Case

2009-10-08T17:07:49Z

Master Complaint Details Events Before, During and After the Landmark Breach
Prior to the Heartland Payment Systems (HPY) data breach, company executives misrepresented their "state of the art" security measures, says a new document filed in the class action suit against the payments processor.

This document lays out for the first time a sequence of events and statements made by Heartland executives about security measures and actions before, during and after the breach.

Following is a timeline of events highlighted in the master complaint against Heartland.