This document discusses strategies for using civil litigation to combat cybercrime by targeting the enablers of cybercriminal activities. It argues that cybercrime resembles an online riot and recommends applying proven riot control strategies such as establishing rules, monitoring events, intimidating enablers en masse through legal notices, targeting leaders through lawsuits and asset seizures, and dispersing smaller actors. The goal is to consolidate criminal activities around "black hat" enablers to simplify enforcement efforts or disperse them to leverage corporate resources against enablers. Early targets would receive light enforcement while surviving leaders face heavier legal actions.
1. Using Civil Litigation to Fight Cyber Threats:
How Corporate America
Can Stop Enabling Cyber Crime
May 2, 2008
Jon Praed
Internet Law Group
jon.praed(at)i-lawgroup.com
2. 2
What ILG Does
• Target major Internet fraudsters attacking multiple
corporate victims
• Capture “fingerprints” tied to Internet fraud
• Aggregate “fingerprints”
• Use investigative and legal process to identity fraudsters,
their assets & their enablers
• Formulate strategic solutions against fraudsters
• Leverage information across client base
• Current lawsuit focusing on pharmacy spam
3. 3
The Real Scope of Cyber Crime
• Illegal Business (willing buyer and seller)
– Counterfeit and pirated goods
– CP & obscenity
– Fake IDs, passports & identity papers
– $ almost always changes hands
• Fraudulent Business (regretful buyer/seller)
– Scams, phishing, malware injection
– $ usually changes hands (eventually)
• Traditional Economic Crimes (unwilling single party)
– Extortion, blackmail (HD encryption & physical threats)
– $ typically changes hands
• Terrorism & Acts of War (unwilling multiple parties)
– Estonia DDoS
– $ rarely changes hands
4. 4
Cyber Crime Looks Like Normal Business
• Communications
• Movement of hard goods
• Movement of money
5. 5
Defining the Strategy Against Cyber Crime
• DHS Secretary Chertoff, RSA Conf. April 2008
• “Large-scale cyber attack might result in
consequences comparable to the Sept. 11, 2001,
attack on the World Trade Center buildings in New
York”
• Calls for Cyber “Manhattan Project”
• US Gov’t to reduce Internet access points from
4,000 to 50
6. 6
Cyber Manhattan Project =
Wrong Analogy
• Manhattan Project’s Objective
– Build a small number of working nuclear
bombs to be deployed offensively
– “Silver Bullet” to force Japan’s surrender
• Today’s Cyber Crime Objective?
– Defensive, not offensive
– No unitary enemy to surrender to us
– “Silver bullet” solutions seem unlikely
7. 7
Characteristics of Cyber Crime Problem
• Massive initial data set
• Most individual acts are trivial standing alone
• Architecture inherently insecure
• Bad actors cover spectrum of dedication/sophistication
– Most actors are juveniles, newbies, part-timers
– But most harm caused by sophisticated, full-time experts
• “Innocents” populate the battle space
• Government LE resources overwhelmed
• Private sector resources inefficiently directed
• Victims feel powerless and prefer to free ride
8. 8
If Cyber Crime = Online Riot,
Then Shouldn’t Our Strategy Look Like...
Riot Control
9. 9
Five Proven Strategies To
Fight Physical Riots*
1. Establish the ground rules in advance
2. Monitor events
3. Intimidate en masse
4. Stop the leaders
5. Disperse the crowd
*http://people.howstuffworks.com/riot-control.htm
10. 10
Even Simple Monitoring Shows:
It’s a Small World – in Cyberspace
paypal-security.com
WhoIs Registrant Fingerprint:
xiaowen,
No.12 chang'an road, 100001
Phish
11. 11
It’s a Small World – in Cyberspace
200soft.com
paypal-security.com
WhoIs Registrant Fingerprint:
xiaowen,
No.12 chang'an road, 100001
Phish
Pirated
Software
12. 12
It’s a Small World – in Cyberspace
200soft.com elitezmed.com
paypal-security.com
WhoIs Registrant Fingerprint:
xiaowen,
No.12 chang'an road, 100001
Pirated
Software
Phish
Counterfeit
Drugs
13. 13
It’s a Small World – in Cyberspace
200soft.com elitezmed.com
paypal-security.com
WhoIs Registrant Fingerprint:
xiaowen,
No.12 chang'an road, 100001
Over 600 Domains in 1Q 2007
14. 14
Deeper Monitoring Shows
Real Aggregation around Enablers:
Illegal Online Pharmacies Case Study
• 30,000+ domain names over 18 months
– 90% tied to <200 OLP “Brands”
– All have credit card merchant accounts
– Most tied to just a few credit card acquiring banks (Russia & St. Kitts)
– All have consumer credit cards/bank accounts
– All have access to call centers (many toll free)
– Most have access to known drug manufacturers in Asia
– Must are using handful of Chinese Registrars to acquire domains
– Limited number of emails in WhoIs registrations and email hosts
– Spam-sending IP’s in 7 figures; BUT harvesting IP’s only ~20,000
• ~12 Gangs responsible for >80% of activity
• Highly diversified into phish, pirated software, other cyber crimes
• Identity of gangs is contained in collective filing cabinet of Corporate America
15. 15
Bad Guys Seek Enablers
"The Capitalists will sell us the rope
with which we will hang them."
– Vladimir Lenin
16. 16
Bad Guys Reward Enablers
"The Capitalists will sell us the rope
with which we will hang them."
– Vladimir Lenin
“The last Capitalist we hang shall be
the one who sold us the rope.”
– Karl Marx
18. 18
The Enabler in the Mirror
• We nearly all sell rope to bad guys
• We are nearly all victims too
• Stages of Enablement
– Innocent
– Negligent
– Reckless
– Knowing
– Intentional
19. 19
Putting a Stop to Enablement
• We must use carrots & sticks against those
who sell rope to bad guys
• Key to Success: Intelligent Cost Shifting
– Shift micro costs first, then macro costs
• Purpose of cost-shifting is to clear middle
of the room of innocents (& reduce risk of
collateral damage)
20. 20
Carrots
• Data sharing
• Cooperative enforcement actions
• Reduced costs arising from security & trust
• Identify castle walls and make life better inside the
walls than outside the walls
21. 21
Sticks
• Challenge others
– to act on their own data
– to share their own data
– to identify and seek missing data
• Impose obligation to act via legal notices
• Pursue legal liability for failure to seek, share and act on data
– Contractual liability (direct and third party beneficiary)
– Regulations (e.g., Bank Secrecy Act)
– Common law tort liability
• Focus first on co-conspirators
• Focus second on cheapest cost avoiders
• Watch for decision in Tiffany v. eBay (SDNY, #04-4607)
22. 22
The “Death Spiral”
• Cost-shifting is a tactic, NOT a strategy
• Non-strategic plaintiffs lawyers
– Do not monitor anonymous problems
– Do monitor deep pockets, waiting to pounce
– seek low-lying fruit
• Non-strategic actions hurt
– merely shift costs between victims
– deprive us of resources for strategic actions
– Lead to Death Spiral
23. 23
Avoiding the Death Spiral
• Anticipate legal notices and lawsuit threats
• Data mine inbound notices & subpoenas that seek
information from you
• Share data with co-victims voluntarily
• Seek missing data proactively
• Challenge other enablers to act
• Ensure your privacy policy distinguishes between abusive
and valued customers
• Surcharge for abusive practices of customers
• If you profit from steady state abuse, raise your prices and
isolate your acts of enablement until abuse falls
24. 24
Value of Strategic Civil Actions
• Private sector already has all the information
• Self-defense is an intuitive right (legal “safe harbors” are everywhere)
• Seamless information gathering across borders
• Joint prosecution agreements enable voluntary data sharing
• Strong legal privileges protect cooperating parties
– Attorney work product privilege
– Attorney-client communications privilege
• Subpoena power compels reluctant enablers to share data
• Unlike LE, victims can receive immediate feedback from civil discovery
• Empowers self-help and technical improvements (what borders do you see?)
• Average costs per action are lower than criminal actions
• Encourages development of best practices among enabler communities
• Establishes and preserves evidence of intentional enablement
• No right to court appointed defense counsel - costs of defense are significant and immediate
• Fifth Amendment rights are limited and are penalized in civil arena
• Civil laws permit discovery under seal, John Doe discovery, pre-judgment seizure of assets,
repatriation based on citizenship
• Participants are inoculated against Death Spiral
• Judiciary and LE retain control over conflicting civil and criminal actions
• Leverage LE resources
26. 26
Cyber Crime = Online Riot*
1. Establish the ground rules in advance
2. Monitor events
3. Intimidate en masse
4. Stop the leaders
5. Disperse the crowd
*http://people.howstuffworks.com/riot-control.htm
27. 27
Cyber Crime = Riot
1) Establish the ground rules in advance
- Internet acceptable use policies
- State and federal laws
- International law / cooperation
28. 28
Cyber Crime = Riot
2) Monitor events
- Collect samples
- Capture Internet fingerprints
- Systematically identify “Hot Spots”
- Obtain feedback from “Hot Spots”
- Penetrate financial systems through undercover
buys
- Share information within enforcement community
29. 29
Cyber Crime = Riot
3) Intimidate en masse
– Legal Notices to “Hot Spots” Providing Material
Support
• Preserve Information
• Investigate
• Enforce AUP
• Report on Outcome of Investigation & Identity
– Subpoena Non-Cooperative “Hot Spots” via
strategic John Doe civil lawsuits
30. 30
Cyber Crime = Riot
4) Stop the leaders
– Target the top offenders for investigative focus
– Civil lawsuits/asset seizures
– Criminal referrals
– Extra-legal actions
– Technical responses
31. 31
Cyber Crime = Riot
5) Disperse the crowd
– Encourage marginal actors to exit the business
– Force committed criminals to:
• consolidate around “black hat” enablers, or
• disperse across “white hat” enablers
32. 32
Consolidation or Dispersion:
Do We Care?
• Consolidation around black hats
– Simplifies cost-shifting
– Enables blunt enforcement tools
– Creates borders
• Dispersion around white hats
– Leverages our resources
– Increases reporting opportunities
– Enables immediate enforcement actions
33. 33
Cyber Crime = Riot
Numerous Early-Stage Actors Receive Light Touches
Top Surviving Targets Receive Heavy Touches
34. 34
Opportunities For Progress?
• Online pharmacies
– Huge profits from counterfeiting fund illegal enterprises
– Patent protections at risk (yet another Death Spiral)
• Money laundering mechanisms
– Highly regulated and jurisdictionally divided
– Bad guys already consolidated around a few enablers
• Registrars (.flag)
– Must get beyond privacy v. security debate
– Privacy rights should be subject to forfeiture and financial penalties in cases of
abuse
– Technology must distinguish between registrars & .flags
• Botnets
– Focus on botnet customers/lessees
• Telco call centers
• Other areas where technology & law can create & defend borders?
35. Using Civil Litigation to Fight Cyber Threats:
How Corporate America Can Stop Enabling Cyber Crime
May 2, 2008
Jon Praed
Internet Law Group
jon.praed(at)i-lawgroup.com
Editor's Notes
Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.