Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploring Legal Action against Dangerous Software


  • Please log in to reply
19 replies to this topic

#1 Samardin

Samardin

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 16 October 2010 - 05:02 PM

Hello everyone at BleepingComputer:

Our law office is exploring the viability of bringing legal action against entities that have spread malware, spyware, viruses and malicious software that can damage personal/business computing systems or interfere in the normal operation of same. Of particular concern is software that can render businesses and individuals vulnerable to a breach of privacy/confidentiality and identity theft.

BleepingComputer has been extremely helpful to those suffering from the plights of malware and viral computer infection and that is why I have ventured to receive the insights of this community and its computer experts.

Ultimately some infections, such as W32.Ramnit, are currently beyond the help of communities such as these. Judicial intervention may help stem the tide of dangers associated with malicious software.

Let's start off with the following question:

Would it be beyond reasonable efforts to ascertain the originating IP for those individuals or entities utilizing malicious software to make unauthorized entry into computer systems?

Any other thoughts?

DISCLAIMER: This office has not instituted any action related to the subject of this posting, nor does this office represent any victim of malicious software at this time. We have not extended any professional legal responsibility to any participant in this discussion and will not do so until an express agreement is signed between attorney and client. The office has not expressly nor impliedly promised any compensation for those contributing to this discussion. Do not rely on any purported advice hereinafter until you consult with counsel.

Edited by Samardin, 16 October 2010 - 06:16 PM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:59 PM

Posted 16 October 2010 - 05:23 PM

Have you done any research into what you are proposing?

Are you familiar with?

http://en.wikipedia.org/wiki/Russian_Business_Network
Chewy

No. Try not. Do... or do not. There is no try.

#3 Samardin

Samardin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 16 October 2010 - 06:21 PM

Have you done any research into what you are proposing?

Are you familiar with?

http://en.wikipedia.org/wiki/Russian_Business_Network


Although I am technologically savvy, computer forensics is a completely different level of expertise. I would surmise that determining the IP of hackers and virus developers is not easy.

When you go after an organization like that, you are likely going to run into issues of jurisdiction. Not every country has legal avenues to pursue civil actions against the perpetrators of identity theft and malicious software. At least for my purposes, it would be best to go after institutions or individuals originating their operations or who have parts of their operations within the United States.

Thank you for your contribution, it would be interesting to learn more about this group. However, it is important to pinpoint and attain credible evidence as to the identities of specific individuals by IP and what not.

Edited by Samardin, 16 October 2010 - 06:23 PM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:59 PM

Posted 16 October 2010 - 06:35 PM

http://www.theregister.co.uk/2008/08/22/an...hack/print.html

http://www.prevx.com/blog/139/Tdss-rootkit...ns-the-net.html

http://www.securelist.com/en/analysis/204792131/TDSS#4
Chewy

No. Try not. Do... or do not. There is no try.

#5 Samardin

Samardin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 16 October 2010 - 11:50 PM

http://www.theregister.co.uk/2008/08/22/an...hack/print.html

http://www.prevx.com/blog/139/Tdss-rootkit...ns-the-net.html

http://www.securelist.com/en/analysis/204792131/TDSS#4



The securelist link you provided is surely an interesting read. Even if perpetrators are personally outside of the United States territorial jurisdiction, there may be a possibility to bring suit based on property or assets held within the United States - but we would have to research the possibilities of such independently.

It is important to acquire the IP's of those that either utilize the malicious software to unlawfully access systems within the United States, or to identify the machines that receive data after the malicious software "phones home."

Any ideas?

#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:59 PM

Posted 17 October 2010 - 08:03 AM

The real criminals always stay in countries where the arms of US law cannot touch them easily. You can only grab money mules and most of them are really innocent - just doing the job they were hired to do. Locking money mules up is not the solution because the real criminals have lots of money and they will keep hiring people to become money mules for them.

No Sir, No. Do not be a Mule! : http://www.dontbeamule.com/

#7 Samardin

Samardin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 October 2010 - 03:09 PM

Money mules carrying money out of the US? That is why you must investigate the source of the funds and then freeze assets. This is not impossible.

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:59 PM

Posted 17 October 2010 - 06:15 PM

And there is also the issue of proxies - which in essence masks the actual identity of the IP. I don't know if there are ways to unmask the IP and I have no training in that area.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 17 October 2010 - 06:21 PM

I don't know if there are ways to unmask the IP and I have no training in that area.

~ OB



There are. But the more sophisticated ones may use multiple proxies. Literally hopping all over the globe. Even if you are able to trace it through all the hops it may only lead to Mom, Dad and the kid`s setting in their front room using an unknown to them "bot`d" family computer.

#10 Samardin

Samardin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 October 2010 - 09:23 PM

There are. But the more sophisticated ones may use multiple proxies. Literally hopping all over the globe. Even if you are able to trace it through all the hops it may only lead to Mom, Dad and the kid`s setting in their front room using an unknown to them "bot`d" family computer.


I understand the complications associated with this; however, as has been seen with very notable hackers being sent to jail for decades, this is not entirely out of the realm of possibilities. My goal is to explore civil remedies instead of criminal.

Has anyone here tracked the purveyors, utilizers or beneficiaries of malicious software of any kind?

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:59 PM

Posted 17 October 2010 - 11:04 PM

Not to my knowledge. BC specializes in assisting folks, focusing on those new to computer use, with their computer issues including securing their computers and removing malware. Pursuing those who put the malware there isn't really what we focus on, though there may be a few here who do a bit of that.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 Samardin

Samardin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 October 2010 - 11:15 PM

Not to my knowledge. BC specializes in assisting folks, focusing on those new to computer use, with their computer issues including securing their computers and removing malware. Pursuing those who put the malware there isn't really what we focus on, though there may be a few here who do a bit of that.

Orange Blossom :thumbsup:


Perhaps BleepingComputer can look into starting something in that area, as litigation can surely bring a halt to malicious marketing operations and the like. you're a BC Investigator for goodness sakes! :-)

#13 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:59 PM

Posted 17 October 2010 - 11:25 PM

Has anyone here tracked the purveyors, utilizers or beneficiaries of malicious software of any kind?

Have you ever played the arcade game Whack-A-Mole?

I'm not saying it can't be done. However, the resources, organizational skills, time and effort required to be effective at this undertaking are daunting to say the least.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:59 PM

Posted 17 October 2010 - 11:36 PM

And would take away from the primary purpose and goal of this site. Rather akin to asking a law office that specializes in family law to do tax law for non-resident aliens.

And I am not THAT sort of investigator. I have zero skills in the kind of investigation you're talking about.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:59 PM

Posted 17 October 2010 - 11:38 PM

http://www.fbi.gov/news/stories/2008/octob...rkmarket_102008

http://www.fbi.gov/news/stories/2010/octob...r-banking-fraud

the resources, organizational skills, time and effort required to be effective


Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users