unearthing and dissecting internet fraud
DESCRIPTION
TRANSCRIPT
![Page 1: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/1.jpg)
Unearthing and Dissecting Internet Fraud
![Page 2: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/2.jpg)
Michael Krieger• Michael Krieger has practiced high technology business and
intellectual property law for more than 20 years. His practice focuses on protecting and exploiting clients' patents and other key IP assets via a combination strategic counseling, litigation and preventive means as needed.
With degrees in mathematics (B.S., Caltech; Ph.D., UCLA) and law (UCLA), he was on the MIT Mathematics and UCLA Computer Science faculties and also a Fulbright Scholar prior to practicing law. This technical background led to early involvement with encryption, the domain name-trademark clash, and open source issues as well as IP litigation for content providers and patent holders. His clients have ranged from start-ups to industry leaders, including counseling in the tech transfer arena and for the United Nations and other international technology initiatives. He also serves as an expert in technology litigation.
![Page 3: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/3.jpg)
“You will never catch up with the new technology.”
![Page 4: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/4.jpg)
“I swear I wasn’t looking at smut – I was just stealing music.”
![Page 5: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/5.jpg)
”I loved your E-mail, but I thought you’d be older.”
![Page 6: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/6.jpg)
We all face increasingly challenging problems, arising
from . . . .
![Page 7: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/7.jpg)
Spam
ever-more-ubiquitous technology sophistication,
”Just for kicks, Leon, let’s shut down the FBI again.”
![Page 8: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/8.jpg)
Spam
to identity and privacy scams,
![Page 9: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/9.jpg)
to overt criminality, some latent
“You know, you can do this just as easily online.”
![Page 10: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/10.jpg)
“Big Tony’s website – get rid of it.”
… and others well-organized.
![Page 11: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/11.jpg)
Introductions
![Page 12: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/12.jpg)
David J. SteeleDavid J. Steele specializes in Internet law at Christie, Parker & Hale in Newport Beach. Mr. Steele also teaches Trademark and Internet Law at Loyola Law School.
An expert on Internet law and technology, Mr. Steele has successfully handled hundreds of Internet cases, typically for famous trademark owners.
Mr. Steele holds a B.S., Electrical and Computer Eng., CS Polytechnic University, Pomona, and a J.D. from Loyola Law School
![Page 13: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/13.jpg)
Bennet KelleyBennet Kelley has been at the center of the legal and policy debates over many of today’s top internet issues, having provided legal advice, litigated, lobbied, testified and written commentaries on issues such as privacy, spam and spyware. Mr. Kelley currently serves as Assistant General Counsel and Director of Governmental Affairs & Privacy for ValueClick, Inc. and also is Co-Chair of the Legislative Subcommittee of the California State Bar’s Cyberspace Committee. In September, he will launch the Internet Law Center with offices in Santa Monica and Washington, D.C.
Mr. Kelley received a B.S. in Political Science from The American University in 1984 and J.D. from Georgetown University Law Center in 1990.
![Page 14: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/14.jpg)
Part 1
The Problems
![Page 15: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/15.jpg)
A Growing Problem
Internet Crime Complaint Center 2006 Internet Crime Report
• Referrals– 2001 - ≤ 50,000– 2006 – 207,492
• Dollar Loss– 2001 - $17.6MM– 2006 - $198.4 MM
• Top Mechanisms– Email - 73.9%– Websites 36.0%
![Page 16: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/16.jpg)
Lions and Tigers and • Phishing• Spyware• Malware• Cybersquatters• Domain Tasters• Click Fraudsters• Counterfeiters • Rogue Vendors• ‘419 Scammers
OH MY!
![Page 17: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/17.jpg)
Phishing
What is Phishing?– “Phishing attacks use both social engineering
and technical subterfuge to steal consumers’ personal identity data and/or financial account credentials.” Anti-Phishing Working Group
![Page 18: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/18.jpg)
Common Types of Phishing
• Dragnet– Bulk E-mails to large groups of users
• no specific target pre-identified
• e.g., directing users to a falsified identification
• Rod-and-Reel– Targeted contact with pre-identified victim– e.g., lure to visit website
• Lobsterpot– Set trap and wait for victim– e.g., confusingly similar domain name
![Page 19: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/19.jpg)
Dragnet Example
From: Customer Support [mailto:[email protected]]Sent: Thursday, October 07, 2004 7:53 PMTo: EiltsSubject: NOTE! Citibank account suspend in processDear Customer:Recently there have been a large number of cyber attacks pointing our database servers. In orderto safeguard your account, we require you to sign on immediately. This personal check is requested
of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://211.158.34.249/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R)
Regards,Citibank(R) Card Department(C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc
![Page 20: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/20.jpg)
Lobstah Paht
![Page 21: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/21.jpg)
SpywareA somewhat vague term generally referring to software that is secretly installed on a users computer and that monitors use of the computer in some way without the users' knowledge or consent.
Most spyware tries to get the user to view advertising and/or particular web pages. Some spyware also sends information about the user to another machine over the Internet.
Spyware is usually installed without a users' knowledge as part of the installation of other software, especially software such as music sharing software obtained via download.
- Matisse Glossary of Internet Terms
![Page 22: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/22.jpg)
The WaresAdware• Software bundled with ad service
software• Notice & consent issues
Spyware• Gathers information on user
without knowledge– Email addresses– Passwords– Credit Card Information
• Keystroke Logging• Alters default settings
Malware• Software designed specifically to
damage or disrupt a system, such as a virus or a Trojan horse.
Rogueware and Scareware• Faux Anti-Spyware Programs or
legitimate programs that overstate threat by labeling benign applications as Spyware
Warez• Term used by software "pirates" to
describe software that has been stripped of its copy-protection and made available on the Internet for downloading..
![Page 23: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/23.jpg)
Domain Name Fraud
• Cybersquattering
• Domain Name Tasting
• Other Domain Name Fraud
![Page 24: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/24.jpg)
Domain Name “Tasting”
• Register and “taste” name for 5 days• Return domain names for full refund• Measure Traffic Through Pay Per Click Ads• Keep domain names that earn more than $6• Monetize domain names
– Misdirect customer – Get paid by advertisers (e.g., Google’ AdSense)
![Page 25: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/25.jpg)
![Page 26: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/26.jpg)
How Bad is the Problem?
• March 2005 – Nearly 43 million .com and net domain names registered.
• Only 2.5 million names were deleted that same month.
• In April of 2006, 35 million names registered.
• Of those names 32.7 million were used again and again but never registered permanently!
![Page 27: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/27.jpg)
Other New Domain Name Abuses
• Domain Name Kiting – Registrars Taste, monetize domain names in
Bulk and delete them– then, using an automated process, they
automatically re-register them... again and again.
![Page 28: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/28.jpg)
Other Domain Name Abuses (con’t)
• Domain Name Spying– Cybersquatters obtain information that a
domain name is of interest to a consumer• they most often purchase this information from
– whois websites– domain name registrars
– then register the domain name before the consumer can register them using an automated process
– offer to sell the domain name
![Page 29: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/29.jpg)
![Page 30: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/30.jpg)
Click Fraud• Generated manually or by
automated software.
– Primarily initiated by advertising competitors and CPC affiliates and traffic partners.
– Other reasons - revenge (disgruntled employee) and blackmail (exploit network limitations for profit)
• Click Fraud Network – Overall – 15.8% (Q2 -2007) – Search Engines – 25.% (Q2 -2007)
• Google– 10.0% total, but after filtering only 0.2%
is actually billed
– Released report in 2006 on “How Fictitious Clicks Occur in Third-Party Click Fraud Audit Reports”
![Page 31: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/31.jpg)
Counterfeiting on the Internet• Accounts for 10% on online
commerce – approx $35BB– Beneficiaries include organized
crime, terrorist groups (Source: Intl Chamber of Commerce)
• US companies lose an average of 23 percent of potential sales due to trademark infringement and counterfeiting (Source: Intl Trademark Association)
• Tiffany’s found that 95% of its products sold on eBay were counterfeit or grey market goods
![Page 32: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/32.jpg)
Protecting Your Brand
• 25% of Porn Sites use popular brand names (search engine magnets, metatags and links) (Source: Cyveillance)
• 32 million out of 35 million registered domain names appear fraudulent (Source: GoDaddy.com)
• 92 of top 100 brands used in third party search ads (Source NameProtect)
– 98% used actual brand name– 45% were directly competitive
![Page 33: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/33.jpg)
Spam
![Page 34: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/34.jpg)
Rogue Vendors
• Engaging in unauthorized conduct– Spam– Changing your creative content– Using your content for other purposes– Deceptive advertising
• Key word search• Email marketing• Banners
![Page 35: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/35.jpg)
Let’s Not Forget . . .
![Page 36: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/36.jpg)
Nigerian 419 Schemes• Pre-dates the Internet• At least 15 people killed• Losses in 2005
– US $720 MM
– Worldwide $31.8 BB
• Bankruptcies Caused By ‘419 Schemes (1996-2006)– US – 8,350
– Worldwide 13,087
![Page 37: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/37.jpg)
Scam Dates Back to 1588• “It's an interesting setup, Mr. Ross. It is
the oldest confidence game on the books. The Spanish Prisoner... Fellow says, him and his sister, wealthy refugees, left a fortune in the Home Country, he got out, girl and the money stuck in Spain. Here is her most beautiful portrait. And he needs money to get her and the fortune out. Man who supplies the money gets the fortune and the girl. Oldest con in the world."
• From Wikipedia: The Spanish Prisoner is a confidence game dating back to 1588.
• FYI: If a sucker is truly born every minute – there would have been over 13.2 billion suckers born during this period.
![Page 38: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/38.jpg)
Part 2
Prevention and Remedies
![Page 39: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/39.jpg)
Prevention / RemediesDevelop a Plan
– Now … not then– Consider likely problems– Implement preventative measures– Detection / Monitoring tools– Action plan for problems– Remedies
![Page 40: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/40.jpg)
Contractual Protections
• Strong anti-fraud provisions
• Restrict risky conduct by requiring prior approval
• Audit rights• Termination • Liquidated damages• Make sure vendors’
partners have made similar warranties
![Page 41: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/41.jpg)
Protections for Consumers
• Inventory your wallet's contents
• Consider a credit-monitoring service: Equifax, Experian, TransUnion
• Order a free credit report every four months (AnnualCreditReport.com)
• Renew the 90-day fraud alerts placed on your credit reports.
![Page 42: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/42.jpg)
Detection / Monitoring Tools• Search and Web Monitoring
– RSS– Technorati– MonitorThis– WatchThatPage– Google/Yahoo Search Feeds
• Private Services (mark watch & domain names)– MarkMonitor– Thompson & Thompson
![Page 43: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/43.jpg)
Action Plan• Fact Gathering
– ensure you understand the problem
• Containment• Remediation
– disclosure requirement?
• Remedies– Civil– Criminal
• N.B. Law enforcement action may preclude some/all civil options (temporarily)
![Page 44: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/44.jpg)
Spyware Federal Enforcement
![Page 45: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/45.jpg)
State & Civil Enforcement
![Page 46: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/46.jpg)
Phishing Remedies
• California Anti-Phishing Law--Cal. B&P Code Sec. 22948
• "It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."
![Page 47: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/47.jpg)
Click Fraud EnforcementAgainst Search Engines
• Google settles nationwide
class action for $90 million Lane's Gifts & Collectibles LLC et al. v. Yahoo! Inc. et al. (Ark. Cir. Ct)
• Yahoo settles class action for $4.5 million in attorneys fees plus refund of fraudulent charges. Checkmate Strategic Group v. Yahoo (C.D. Cal.)
By Search Engines
• Google v. Auction Experts International (Cal. Superior Ct. 2005) ($75,000 default judgment)
![Page 48: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/48.jpg)
Attacking Counterfeiting• Tiffany & Co.
– wins $960,000 verdict and injunction against online seller of counterfeit goods
• eBay Litigation– Rolex
• German court rules eBay must take measures to prevent recurrence of counterfeit Rolex postings
– Pending
• Civil RemediesLanham Act/ Copyright Act– Injunctive relief– Damages– Forfeiture
• Criminal RemediesTrademark Counterfeiting Act– Criminal penalties– Forfeiture
• Administrative Remedies– Intl Trade Commission Section
337 - Exclusion Order for infringing items
– U.S. Customs – border seizure
![Page 49: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/49.jpg)
Domain Name Remedies
• Uniform Dispute Resolution Policy (UDRP)
• Anti-cybersquatter Consumer Protection Act (ACPA) – 15 USC 1125(d)– in personam– in rem
![Page 50: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/50.jpg)
Jurisdictional Issues• Foreign actors
– or US actors who fake being overseas– hard to track down the real bad guy
• Amounts not worth pursuing (just fix it and move on)• No jurisdiction over defendant?
Jurisdictional Issues
![Page 51: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/51.jpg)
Legislative Response: Spyware
15 States with Spyware Laws• California law is model
– Prohibits deceptive downloading and/or collection of information– Prohibits taking over third party computer or altering default settings
No Federal Law • FTC Position - already have sufficient authority
Spy Act/I-Spy Act• The Spy Act
– proscribes conduct associated with spyware – notice requirements for adware and other downloadable applications
• I-Spy Act - criminal penalties for spyware• Both passed House in 2004 and 2005
![Page 52: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/52.jpg)
Current Spyware Legislation• H.R. 1525 – I-SPY Act
– 754 words– Passed House by Voice Vote
• H.R. 964 - SPY Act– 5,421 words– Expands reach to include Websites and regulate “unfair” as well
as deceptive– Managers amendment morphed into online privacy bill.– Passed House 368-48
• Opposed by principal sponsors of I-SPY Act
• S. 1625 – Counter Spy Act
![Page 53: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/53.jpg)
Legislative Response: Domain Tasting
• Coalition Against Domain Name Abuse (CADNA)
• Several Large TM owners
• ICANN working group(s)
![Page 54: Unearthing and Dissecting Internet Fraud](https://reader033.vdocuments.net/reader033/viewer/2022061210/548ea0beb4795939218b45f8/html5/thumbnails/54.jpg)
Questions?