Techy Things lawyers need to know


Published on

A very general introductory presentation for the Law Society on NSW on Internet, Technology and relationship to current criminal and civil law.

Looks at the fraud ecosystem and the players that make money. From malware, keylogging, phishing, trojans, carders (folks who sell stolen identities), fraud thru to copyright issues and new business models for selling songs and finishing up with workplace policies and acceptable behaviour on social networks.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Law Reform Commission’s long awaited report on Australia’s Privacy Laws tabled in Federal Parliament on 11 August 20081. By any measure the ALRC’s report and the work that has gone into it is big. It is 2700 pages long with 74 chapters and 295 recommendations, and by all accounts if you print it all out, it will come in at over 5kg. The original reference was made over 2 and a half years ago and under a different Government. More importantly the ALRC undertook an enormous volume of work to complete this report, including 585 written submissions, 3 major public forums, over 200 hundred face to face meetings, roundtables with stakeholders, and a 2 day phone in, with over 1000 members of the public calling the ALRC to share their opinions.
  • Techy Things lawyers need to know

    1. 1. <ul><li>Hamish Fraser - Partner, Truman Hoyle </li></ul><ul><li>David Jones – CTO & Founder, ThreatMetrix </li></ul><ul><li>Did You Know </li></ul>Techy things that lawyers need to know
    2. 2. If you think that was fast… <ul><li>Hacking and Cybercrime </li></ul><ul><li>is a war of countermeasures </li></ul>
    3. 3. Cybercrime Foodchain (organised, cellular, distributed, technically skilled) ThreatMetrix Confidential Credit: Verisign
    4. 4. Cybercrime is mostly dealt with “in the trenches” ???? <ul><li>When credit-cards, logins and identities are </li></ul><ul><li>Stolen and traded - verifying or forensically </li></ul><ul><li>investigating is time consuming and flawed. </li></ul><ul><li>Mostly prevention rather than remedy: </li></ul><ul><li>Local criminals pretending to be Overseas </li></ul><ul><li>Overseas criminals pretending to be Local </li></ul>
    5. 5. Step 1: Get some stolen ID/Card
    6. 6. Step 2: Bad Guys hide location with proxies and anonymisers <ul><li>Countermeasure: </li></ul><ul><li>Reveal True IP and Location </li></ul>UTC+2
    7. 7. Synthetic Identities generated by Fraudster spoofing IP Transaction Time Threatmetrix Device ID Account Email Browser Lang. Masked IP Add. Masked IP City 8/25/2008 17:24 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 8/25/2008 18:17 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 8/27/2008 12:57 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Brussels 8/28/2008 12:25 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 8/28/2008 19:09 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Los Angeles 9/3/2008 13:33 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Kalispell 9/5/2008 12:24 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/12/2008 13:08 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Brussels 9/12/2008 13:20 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Los Angeles 9/12/2008 16:48 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/16/2008 14:33 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/17/2008 14:19 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/18/2008 11:59 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/18/2008 12:56 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/18/2008 15:02 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/19/2008 12:38 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/19/2008 13:25 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Brussels 9/19/2008 18:40 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Kalispell 9/22/2008 16:51 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/22/2008 17:35 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/22/2008 19:13 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn New York 9/24/2008 17:29 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 66.2228.113.2 New York 9/25/2008 12:45 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn Kalispell One Month Same Device 23 User Names In China Pretending to be in…
    8. 8. Botnets: Ultimate Anonymity
    9. 9. Botnet: DDOS impact (Distributed Denial of Service, rentable by the hour!)
    10. 10. Faking Emails
    11. 11. Faking Emails (manual and 5mins work)
    12. 12. Faking Emails (or send millions with a Botnet)
    13. 14. Why merchants need “some” info With ThreatMetrix [Fraud Stopped 1 st time] Using old-school “velocity” detection[Fraud stopped on 5 th try] ThreatMetrix Confidential Stop fraud first time by detecting and piercing proxies to discover true location of device Stops Fraud First Time
    14. 15. CloudComputing Security <ul><li>PCI – Visa/Mastercard </li></ul><ul><ul><li>TJMAX, Heartland Breaches </li></ul></ul><ul><li>PII – Personally Identifiable Information (SSN, DOB, Drivers License, combinations) </li></ul><ul><li>Problem for data owners: </li></ul><ul><li>Quite often they are not competent </li></ul><ul><li>Outsourced Development has risks </li></ul><ul><li>Zero-day flaws = Its easier to hack than protect (?) </li></ul>
    15. 16. Privacy and ALRC <ul><li>Australian Law Reform Commission (ALRC) report in Aug 2008 (after 2 ½ yrs) </li></ul><ul><li>2,700 page report making 295 recommendations </li></ul><ul><li>2 parts, the easy (18 months) and the hard (no likely time frame) </li></ul><ul><li>Nothing yet! </li></ul>
    16. 17. Not much better in USA <ul><li>CA SB1386 (PII) </li></ul><ul><li>“ (e) For purposes of this section, &quot;personal information&quot; means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. ” </li></ul><ul><li>Or not </li></ul><ul><ul><li>email address? </li></ul></ul><ul><ul><li>Combinations? </li></ul></ul><ul><ul><li>EU? </li></ul></ul>
    17. 18. <ul><li>Play Channel 7 Video seven.mp4 </li></ul>
    18. 21. Google Buzz: Whats wrong with this picture? BTW, Why can “I” see this?
    19. 22. Other ways to offend other laws <ul><li>Twitter </li></ul><ul><li>Blogs </li></ul><ul><li>Gaming </li></ul><ul><li>Web 2.0 (UGC) </li></ul><ul><li>Defamation </li></ul><ul><li>Vilification </li></ul><ul><li>TPA </li></ul>
    20. 24. What issues arise here?
    21. 25. Copyright <ul><li>Filesharing </li></ul><ul><li>iiNet wasn't authorising </li></ul><ul><li>Lily Allen was offended, but still got it wrong! </li></ul><ul><li>Google images misconception. Google Books </li></ul><ul><li>YouTube content </li></ul><ul><li>General confusion </li></ul>
    22. 26. <ul><li>JK Wedding </li></ul>
    23. 27. Chris Brown - Forever <ul><li>Song was released in May 2008 </li></ul><ul><li>JK Wedding in July 2009 (43M views – 16M in first 10 days) </li></ul><ul><li>Got to #6 in iTunes Downloads in July 2009 </li></ul><ul><li>What happened? </li></ul>
    24. 29. Chasing Copyrighted content is tough <ul><li>Digital Checksums/Fingerprints </li></ul><ul><li>Watermarks </li></ul><ul><li>Steganography </li></ul><ul><li>Media manipulation is easy (Shenzhen image touchup sweatshop) </li></ul><ul><li>Photoshop in dating and outsourcing market (faked DL’s passports and avatars) </li></ul>
    25. 30. Questions? (Slides at: ) <ul><li>David </li></ul><ul><li>@djinoz </li></ul><ul><li>http :// </li></ul><ul><li> david.jones </li></ul><ul><li>Hamish </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>