Study details teenager habits on the Internet

McAfee recently released a study concerning the activities of teenagers online, entitled "The Digital Divide: How the Online Behavior of Teens is Getting Past Parents." The study details what teenagers do online including the illegal activities they participate in, what parents know, and how teenagers work to prevent their parents from learning of their bad deeds. Here are a few interesting results: 70% of teens admit to hiding their online activities from their parents Over 50% of teens have hacked someone's social networking account 32%...

Read More

FBI arrests 24 in international carding scheme

Graphic courtesy of FBI The FBI announced yesterday 24 arrests in 8 countries for involvement in a carding scheme. They estimate that 400,000 potential victims and potential loss of $205 million were involved. Read more here...

Read More

Quick update: TCNiSO cable modem hacker DerEngel's vagueness motion dismissed

DerEngel (Ryan Harris) of TCNiSO, who became famous for hacking cable modems and writing a book on the subject,  has lost a motion to dismiss his case on the grounds that the federal wire fraud statute is unconstitutionally vague. His motion was originally filed prior to his jury trial, but was ruled premature, so subsequent to his conviction on seven of eight counts of wire fraud, he renewed the motion. For reference, the original indictment can be seen, here. He also has a motion for judgment not withstanding the verdict currently before...

Read More

An attempt to make the case for "hacking back"

Justin's recent post, "The illegality of striking back against hackers," presents a number of interesting issues with regard to organizations hacking in retaliation against those who hack them first. It is only fair that such an act should be allowed in light of the current state of our legal system. But as Justin correctly states, allowing retaliation is not a clear-cut issue and should not be considered lightly. Hacking cases are complex....

Read More

The illegality of striking back against hackers

It has been an emerging trend in recent security publications to highlight the interesting trend of companies "hacking back" against infiltrators and potential data exfiltrators. The concept sounds intriguing - if the internet is the wild wild west, then what better way to participate in it than to allow the tumbleweeds to shift in the wind as you and your foe see who can draw first, or, more accurately, get the last shot. However, the Computer...

Read More

Indiana law banning sex offenders from social networking sites upheld

In 2008, Indiana enacted a law that banned certain sex offenders from using social networking if the platform was also used by minors (statute available here). An Indiana resident challenged the statute as violating the First Amendment and suggested the prohibition would forbid him from checking his child's accounts, make political speech online, advertise his business, and connect with family and friends. The district court, however, held that no First Amendment violation exists. Doe v. Prosecutor, 2012 U.S. Dist. LEXIS 86862 (S.D. Ind....

Read More

Facebooking juror fails in asserting SCA claim after forced disclosure of trial-related posts

A California juror recently posted to Facebook about the trial while it was in progress. Upon learning of the act, the juror was required to consent to the court's review in camera of his Facebook postings. He argued that the order violated the Stored Communications Act, but the Court of Appeals of California disagreed (Juror No. One v. The Sup. Court of Sacramento Cnty., No. C067309, (Cal. Ct. App. 2012)). After trial, one of the jurors told the court that another had posted comments to Facebook about the evidence in the case. That juror...

Read More

Congratulations to Justin for being cited in a brief to the Wisconsin Supreme Court

Congratulations to my co-blogger, Justin Webb, whose published case note was recently cited in a brief to the Wisconsin Supreme Court. In the brief, the state is, among other issues, responding to an argument that the use of real-time tracking via GPS was unconstitutional when the search warrant specified the use of a passive GPS device (one that records data and is retrieved at a later time to obtain the location information). The device was used for four days, as opposed to multiple weeks in Jones. The case is State v. Brereton, and the AG's...

Read More

Massachusetts appellate court to rule on compelled password disclosure of encrypted drive

A Massachusetts trial court, dealing with an encrypted drive in a criminal case, has asked the Massachusetts Appeals Court how to act. The question presented to the appellate court is: Can the defendant be compelled pursuant to the Commonwealth’s proposed protocol to provide his key to seized encrypted digital evidence, despite the rights and protections provided by the Fifth Amendment to the United States Constitution and Article Twelve of the Massachusetts Declaration of Rights? The case is Commonwealth v. Gelfgatt, Suffolk Superior...

Read More

House Financial Services Committee holds hearing on cyber threats to financial institutions

Image courtesy of stock.xchng The House Committee on Financial Services recently held a hearing entitled "Cyber Threats to Capital Markets and Corporate Accounts" with witnesses from from all major areas of the financial industry. The testimonies presented great information about cyber attacks on the industry, particularly those of: Michele Cantley, Regions Bank Mark Clancy, Depository Trust and Clearing Corporation James Woodhill,...

Read More

Tech Check: 1st Circuit errs in description of file hashing

In United States v. Farlow, 2012 U.S. App. LEXIS 11121 (1st. Cir. Jun. 1, 2012) the 1st Circuit erred in its description of how changing a file affects its hash value.  Judge Thompson stated: The problem for Farlow is that we have rejected the idea that government agents should so narrowly restrict their searches of digital devices. "When searching digital media for 'chats' and other evidence of enticement" -- like the bodybuilder...

Read More

8th Circuit affirms conviction despite defendant's entrapment defense

In United States v. Shinn, 2012 U.S. App. LEXIS 11863 (8th Cir. 2012), the Eighth Circuit affirmed a conviction for attempting to induce a child to engage in criminal sexual activities over an argument of entrapment. The defendant had engaged in an adult romance chat room conversation with what he believed to be a 14-year-old girl, though really a law enforcement officer. The defendant told her that if she was older, he would want to take her out to dinner but said "you're just too young. . . . you want to stay a virgin for as long as possible."...

Read More

ICANN reveal of new TLDs shows plan to introduce .sucks and over 1,000 others

This morning ICANN revealed a list of newly purchased top-level domains (TLDs) that are certain to change a great deal about the face of the Internet. Common TLDs, like .com, .net, and .org have become crowded, and ICANN decided to sell new ones with an application fee of $185,000. Nearly 2,000 applications were received. Many were purchased by businesses such as .abc, .bing, .nokia, and .polo, seeking to protect their name before someone else...

Read More

N.J. appellate court finds no reasonable expectation of privacy in cell phone number; distinguishes between "generated" and "assigned" information to reach result

In State v. DeFranco, 2012 N.J. Super. LEXIS 92 (App. Div. Jun. 8, 2012), a New Jersey appellate court held that under the New Jersey Constitution, an individual does not have a reasonable expectation of privacy in their cell phone number. This might not be head turning (at least it wasn't for me), but I was fascinated by how the court reached such a result - by distinguishing between "assigned" information (i.e. your cell phone provider assigns you a number), and "generated" information (i.e. ISP records, bank records, and other records that...

Read More

Tor prevents DOJ investigation of child pornography website

A recent Freedom of Information Act request has revealed that the Department of Justice was unable to investigate those involved in a child pornography website due to the use of Tor (read more about Tor here). The website was not viewable through normal web browsers ... and [] the site and it's contents could only be viewed on the Tor Network.... [B]ecause everyone (all Internet traffic) connected to the TOR network is anonymous, there is not...

Read More

Seton Hall L. Rev. publishes CSLI comment

If you're interested in the debate over cell site location information, a recently published comment by Christopher Fox in the Seton Hall Law Review will provide you with excellent background and analysis of the legal issues. Here's an excerpt: Part II of this Comment will explain the process cell phones use for sending and receiving calls, messages, and information, as well as how CSLI data is computed to produce an approximate location of a cell phone. Part III will provide the relevant Fourth Amendment jurisprudence, explain the language and...

Read More

Video demonstrates packet switching

Check out this video from the World Science Fair, titled "There and Back Again: A Packet's Tale - How does the Internet Work?" It uses really nice graphics to demonstrate packet switching. ...

Read More

Colorado appellate court holds that warrantless search of call history was lawful search incident to arrest

In Colorado v. Taylor, 2012 Colo. App. LEXIS 926 (Jun. 7, 2012) a Colorado appellate court held that an officer's warrantless search of a defendants phone (call history), subsequent to his arrest, was a lawful search incident to arrest. The issue was one of first impression in the court, and lacking on point guidance from the Supreme Court, the court appeared to analogize the cell phone as a "container," and hooking precedent that gave the right to search containers incident to arrest, fit it within that box. However, the court was troubled...

Read More

Jones in Review: "Second majority" application to cell site location information

This week, Cybercrime Review is featuring a series of posts that takes a look at how federal and state courts are applying the Supreme Court's decision in United States v. Jones (previously discussed here). Now that GPS use will often require a search warrant, law enforcement has begun to increasingly use cell site location information (CSLI) in investigations. Some courts read Jones no farther than the trespassory interest...

Read More

LinkedIn's negligence in failing to adequately secure user passwords

As most of you are aware, LinkedIn's site has apparently been hacked, and 6.5 million passwords of users were exposed (if you weren't aware, change your password); the likely attacker operated out of Russia. Take all I say with a grain of salt, as LinkedIn has recently tweeted "[o]ur team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here." But, I doubt that this is a false alarm, and for the uninitiated, let me translate that tweet in honest technology speak - "We've...

Read More

Jones in Review: Limitations of the Scalia rule

This week, Cybercrime Review is featuring a series of posts that takes a look at how federal and state courts are applying the Supreme Court's decision in United States v. Jones (previously discussed here). Several courts have refused to completely throw out evidence obtained as the result of GPS device use. One court did so after finding the situation more like Knotts and Karo, another after finding the taint of GPS use...

Read More

"Hacking Exposed" might get your internet yanked - if you're in prison

In Green v. Maye, 2012 U.S. Dist. LEXIS 76338 (June 1, 2012), a prisoner petitioned for a writ of habeas corpus after the Bureau of Prisons denied him access to the prison internet system for ordering the book Hacking Exposed.  The prisoner asserted a denial of due process, a violation of equal protection, and a violation of the Administrative Procedure Act. The basis of the defendants argument was that he should not be denied internet access for ordering a book about internet hacking if sexual offenders were still allowed to send emails....

Read More

Secrecy and the ECPA - Empirical evidence and an insider's view

I'd like to draw attention to what I believe is a fantastic piece about the evolution of the Electronic Communications Privacy Act of 1986 (ECPA) - what it was intended for, how it is currently being used, and in what ways it could be improved. Here is the article: Stephen W. Smith, Gagged, Sealed & Delivered: Reforming ECPA's Secret Docket; it is currently on SSRN, but is forthcoming in the Harvard Law & Policy Review Vol. 6. It is written by a United States Magistrate Judge who has observed first hand the "secrecy" in action. The...

Read More

Jones in Review: A look at the application of the Supreme Court's GPS decision

Over the next week, Cybercrime Review will feature a series of posts that takes a look at how federal and state courts are applying the Supreme Court's decision in United States v. Jones (previously discussed here). Application of the Scalia majority opinion Many courts, predictably, are simply applying the relatively easy rule established by the majority opinion, authored by Justice Scalia - if law enforcement physically trespasses on...

Read More

Tech Watch: Services allow users to communicate via webcam with strangers; What could go wrong?

Screenshot of Chatroulette. Click to enlarge. Give a person a webcam, some anonymity, and the ability to connect to strangers over the Internet, and wayward things are certain to happen. In fact, they happen quite often. Many online services now do just that, including Stickcam and Chatroulette. Both of these services allow users to connect via webcam with total strangers from around the world at random. Users can talk through their microphone...

Read More