When does unauthorised access to email become hacking?

In late December 2010 in the US state of Michigan, a man has been charged by Police under anti-hacking laws intended to combat the unlawful accessing and copying of data such as Intellectual Property, personal data or financial related information. However, the man is accused instead of logging into his wife’s email account without her permission and viewing her emails.

The man, Leon Walker, instead learned from the emails in his wife’s Gmail account that she was having an affair with her second husband. Walker decided to inform his wife’s first husband [this gets complicated] as there was an issue regarding the son of the first husband and Walker feared for the boy’s safety. When the first husband took action based on these emails, the wife reported Walker to the Police and he was arrested.

Walker’s arrest raises considerable queries over evidence obtained in relation to divorce and family court matters. Around half of US divorce cases centre on the disclosure of some form of electronic data such as emails, text messages or social networking posts. If the other side’s legal team can object to this data claiming that it was collected in an underhand way, then the evidence may be thrown out by the court. This could result in many family court and other civil matters being unable to proceed.

Walker has claimed that he and his wife shared the computer and that he merely looked at the emails and didn’t need consent. The wife claims that this isn’t so and that Walker had no right to look at the emails. It will be interesting to see how the court rules and whether any appeals will make precedence for future cases. Other cases have turned on whether an individual had actual or implied permission to view certain information on a computer, website or mobile phone.

Walker’s legal counsel stated that the prosecutor was using a law that was aimed at computer hackers attempting to steal data or compromise systems and instead applying it to a divorce matter. The main

This case has some similarities to that of a famous case involving the unofficial viewing of emails; that of former Governor of Alaska Sarah Palin’s Yahoo emails in 2008. In May 2010, David C Kernell was found guilty of obstruction of justice and unauthorised access to a computer. Kernell was alleged to have broken into the personal Yahoo email account of Sarah Palin by guessing her password reminder. Kernell had no relationship to Palin that could explain why he may have a reason to access her emails.

After accessing the yahoo account, Kernel then went on to post copies of Palin’s emails, addresses of her contacts, and family photos on Wikileaks. As Palin was running for Vice President at the time, this simple breach of security had serious ramifications for her campaign.

The obstruction of justice conviction related to the fact that Kernell had deleted evidence from his computer hard drive after investigations commenced in to identifying the person responsible for hacking into the Yahoo account.

When conducting an investigation that involves the viewing of electronic files and data, it is imperative that the provenance of the data be established. Does the investigator have the right or permission to copy, recover, analyse or view these files – from the owner or via a court order? Legal privilege issues should also be considered and legal advise should be sought if anything appears to uncertain. Failure to follow proper forensic computer procedures could result with the evidence being invalidated and the matter being dismissed by a court.

Do you need to know more about our services and how Regents can assist you with computer forensics? Simply go to our Computer Forensics page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Desperately seeking FaceBook nude photos poster

The teenage girl reportedly behind the posting of naked photos of St Kilda AFL football player Nick Riewoldt on her FaceBook page remains unrepentant and un-contactable. The teenage girl is believed to have taken a number of digital photos from the laptop of a fellow St Kilda player Sam Gilbert and then posted them on FaceBook. She has told reporters that she has further photos and will post them at a later time.

Lawyers representing the football players and St Kilda club have taken civil legal action to prevent the teenage girl and FaceBook publishing these photos. This has taken effect but the teenager has responded via other sites such as Ustream and also made tweets from her Twitter account that she won’t be bound by these restrictions.

As the teenager is thought to be interstate, the lawyers took the novel step of posting details of the Federal Court action on the Ustream site after she used it earlier in the day. The teenager claims that she had not been made aware of the action or restrictions in talks with journalists – whether the court will take a different view is another matter.

This raises the real issue of the differences between the online and offline worlds when parties are in dispute and enforcing legal actions or judgments on perpetrators or witnesses. The lawyers have also tried sending details of the court actions to her and her father’s email addresses – but proving that this made it through to the teenage girl will be very difficult.

The lawyers are unable to use the resources of the Police to track down the teenage girl as they have viewed the matter as a civil dispute and not a criminal event. It is not known whether or not they have engaged an investigator to find her whereabouts but that would be a smart move under such circumstances.

An experienced investigator should be able to identify her whereabouts and serve and court papers so as to take away the claim that she’s unaware of any actions. The usual response from a party once they have been located and served is to quickly reassess their situation and move to communicating with the lawyers directly – court papers have a sobering effect on most people.

Whatever the result in court over the next few days and the effectiveness of the restrictions on publishing the photos, terrible damage has already been done to the AFL code and St Kilda in particular. Locating and communicating directly with an aggrieved party is an effective tool in dealing with sensitive matters that are best handled passively rather than online in the glare of the media.

Do you need to know more about our services and how Regents can assist you with investigations? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Police use FaceBook to serve intervention order on people they can’t find

Australian Police have taken the unusual step of serving an intervention order via social networking site FaceBook. The order seeks to ban the accused cyber-stalker from bullying, threatening or intimidating another internet user.

In the Australian first, the Police Constable had a video shot of him reading out the interim intervention order to the accused person, as if he was directly speaking to the individual and then made to serve the order.

The order, with an explanation plus contact details for the Police and the Court were typed up and sent in private messages to the person’s FaceBook account.

The complaint arose after a woman claimed that her former boyfriend had harassed and bullied her via their FaceBook accounts. The woman felt intimidated and made a report to the Police.

The boyfriend had been the subject of an earlier intervention order but this had lapsed when the woman was re-contacted by her former boyfriend via her FaceBook account. The Police sought to physically locate the boyfriend but could not find him at his last known address or place of work. Efforts to track him via his FaceBook account indicated he was in Australia.

This new and innovative approach to serving the intervention order was upheld by a magistrate despite the former boyfriend not attending court in person. The order also required the former boyfriend to remove his FaceBook profile.

However, initially the Police could not be certain that the boyfriend had read the private messages though it was confirmed that the video had not been viewed. When the Police did manage to locate the boyfriend he confirmed he had read the FaceBook messages.

The Police expect having to use the internet and social networking sites to locate, contact and warn offenders in the future especially when the offence has been committed online.

Do you need to know more about our services and how Regents can assist you with investigations? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

NSW MPs or staffers viewing porn on parliament computers

Police may be instructed to investigate reports New South Wales Members of Parliament or their staffers over allegations that they viewed websites containing sexually explicit images of young people.

The allegations were contained in an independent report undertaken by consultancy firm Ernst & Young. The report was requested in September 2010 after accusations were made based on an unofficial audit of computers used by Members of Parliament and their staffers.

The audit was undertaken by the Department of Parliamentary Services and found that certain computers used by Members of Parliament had tens of thousands of hits on pornographic and gambling websites.

The audit was conducted using forensic software to determine the IP addresses of websites visited. Further analysis was made to ascertain what images were viewed or downloaded plus the time spent on each site. The data was contained in web surfing histories known as DAT files which are automatically saved on the personal computers and on back-up tapes. Further searches were made of the internet activity monitoring software installed on the gateway servers to cross reference the activity.

Earlier in 2010 following the first audit, Labor government Ports Minister Paul McLeay was fired by Premier Kristina Keneally after he admitted that he had been accessing online adult pornography and gaming sites whilst he served as a minister and as a backbencher.

The Ernst & Young report reported that nearly half of the 72 most-used websites on parliamentary computers during a 10-month period “appear to be adult-related sites”. Nine of these websites were found to contain sexually explicit images of young people. The age of those pictured in these images may be under 16 though that is the subject of further investigations.

Do you need to know more about our services and how Regents can assist you with computer forensics and data recovery? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Police Department background checks delve into Facebook history

Just how far should background screening delve into the private lives of candidates? If you want to be a Police officer candidate for some Police Departments in the US, you may have to undergo some deep digging into your background.

The International Association of Chiefs of Police (IACP), the largest group of Police executives, recently released a report on the practice of those Police Departments background screening their recruits. The report outlined that over a third of association member Police Departments actively review applicants’ social media activity during background checks.

These background checks include reviewing Facebook, MySpace, Twitter and YouTube for any unreasonable, objectionable or criminal behaviour. The Police Departments regard such online activity as being in the public domain and thus reasonable to be check upon.

For more sensitive positions that require a positive vetting level of background checking, some Police Departments are demanding that applicants provide private passwords, screen names, details of text messages and even email logs. To enable these checks, the Departments either request waivers from candidates or full disclosure of their internet activity. However, some data privacy advocates say such background investigations may be going too far.

One reason for this approach by Police Departments has been the development of Criminal defense lawyers trawling Police officers’ posts to social network sites to undercut their credibility as witnesses in court. Any indication that a Police Officer has a bias against certain racial or ethnic groups will be seized upon by a defense lawyer. One such incident involved a Police Officer who became a member of a Facebook group called `Wanting to hit people in the back of the head who get in your way’. The defense attorney claimed this showed that the Officer was prone to violence and breaking rules.

As new candidates have been raised connecting on the internet and are prone to post photographs, images, musings and comments on the web, the incidence of inappropriate material linked to Police Officers and others in positions of authority will only grow. Matters are likely to progress to a stage whereby prospective employers will check social networking profiles they way they have previously scanned their high school performance.

Here are a few tips for likely candidates for law enforcement positions as they engage in social networking:

  1. Once something has been posted and indexed, it is nigh on indelible
  2. The ownership of posts on some sites become the property of the site
  3. What may seem hilarious on a Saturday night may not look so amusing on a Tuesday morning
  4. If you wouldn’t want your mum to see it or read about it in the newspaper, best not post
  5. If in doubt, leave it out

Are you seeking assistance with Pre Employment Screening of employees or contractors? If so, we at Regents can help you – just visit our Pre Employment Screening Webpage for further information

Passwords? As simple as abc 123

In 2010, typed passwords remain the principal method for logging into various accounts on the internet. Despite the critical part that passwords play in securing access to email, FaceBook or Bank accounts, many users still use unsuitable and simple passwords.

The danger of a password being guessed by way of a dictionary attack or brute force process increases greatly with a simple password or one commonly used by others. The problem is compounded when such users also employ the same password across all their different accounts accessed via the internet; namely email, social networks, bank accounts and work place networks. Once a hacker can breach the password for one account, with some more work they can cascade through to other accounts and enable them to steal the identity of the user.

Recent surveys of compromised accounts have revealed some of the most obvious and easy to guess / crack passwords, including:

1.    123456
2.    Password
3.    Qwerty
4.    iloveyou
5.    Princess
6.    Welcome
7.    abc123
8.    Dragon
9.    Football
10.    777777

Some slightly more bizarre passwords but popular enough to make them known to hackers and dictionary attack programs are:

1.    ncc1701 – The ship number for the Starship Enterprise
2.    abbaabba – Reference to the Swedish pop group
3.    qazwsx  – Similar to the qwerty pattern when typed on a typical    keyboard
4.    221bbakerstreet – The fictitious address for Sherlock Holmes
5.    ou812 – The title of a 1988 Van Halen album

Improve the strength of your passwords
Experts recommend a number of improvements to strengthen your passwords and make them harder to be guessed or hacked:

1.    The password should contain at least eight characters
2.    It should contain a mix of four different types of characters (i.e.: upper case, lower case, numbers and symbols)
3.    It should not be a name, normal word, date of birth, street address, team name or contain any part of your own name, car plate number or email address
4.    It should not be stored unencrypted on your PC or phone
5.    It should be changed regularly, at least once a month
6.    You should have more than one password for different websites [such as social networking] whilst the password for your bank account etc should be unique
7.    It should not be shared with anyone else and not disclosed to any `IT support’ people phoning you to give assistance
8.     It should not be written down on paper left in a place with public access

There have been occasions when I have sat down at other peoples’ desks and observed post-it notes with usernames and passwords written on them pasted next to the screen or else left in a drawer. Frauds can often get started when a fraudster easily accesses passwords via simply combing a colleague or supervisors desk.

Lastly, if you are issued a password when an account is first created, be certain to change the given password immediately to one of your own making. I once worked on a fraud matter and discovered that a number of employees had failed to change their password after being given access by the IT department. The password? Welcome.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

German firms ban FaceBook at work

A number of top German companies are uniting to ban social networking sites FaceBook and Twitter from the work space. The ban has been driven by fears of industrial espionage and the threat of competitors obtaining company information via the internet links.

The German firms include VW and Porsche, leaders in research and development in the motor industry, who have poured millions into improving manufacturing techniques and better materials. The firms are concerned that they may lose their technological edge – plus the time and millions of Euros – to overseas competitors.

Recent security reviews have indicated that the social networking sites are potential leakage points for company information and Intellectual Property. As improved email filters and patches for web browsers are implemented, hackers must look for other gateways to snatch snippets of information that can build up a profile to either mount an identity theft assault or else construct a network map of the system.

Often, hackers are seeking to exploit security failures within the social networking formats to access restricted information. By hijacking accounts they can seek to unleash Trojans on other computers and download useful information.

Another reason for viewing social networking sites as weak points in the security shield of a network is that employees can inadvertently disclose information which may be of use to an outsider. Mentioning product launch dates, test areas or product names can all be pieced together by an entity using competitive intelligence and create a portrait of which direction the company is moving.

And besides, German bosses didn’t like the idea of their workers slacking on the job and watching YouTube or updating FaceBook.

But this can cut both ways. In August a law was proposed which would restrict employers from trawling information on prospective job candidates from their postings on social networking sites to protect the privacy of the employee.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.


Cyber scams and cheats target job seekers

As more and more job seekers turn to the internet looking for employment, scammers are finding ways to dupe them out of their money. Cyber fraud, money laundering and scams are waiting to tempt online job seekers. Authorities have reported a large rise in online scams targeting those seeking a new job or a casual part time position. Police and investigators are uncovering new variations on old scams being utilised by groups focusing on the vulnerable job seeker.

One of the most successful businesses to transfer on to the internet has been the recruitment industry. Job seekers have found it easy to review various positions vacant in which suit their qualifications and experience as well as post their on details online in the hope of matching a position.

Unfortunately many job seekers, in their desperation to grab the opportunity of making some money, have fallen foul of fake adverts for nonexistent jobs. The dubious advertisers often use an interchangeable roll of generic business names, such as Green Recruitment, and obscure their office location and contact details – choosing to communicate via email only so that tracking them down later is extremely difficult.

One of the popular types of scams is to offer a supposed work from home position which involves the applicant utilising their own bank account to receive and make payments. Unfortunately, deposited cheques are fake or stolen and the electronic transfer deposits are from unwitting victims of different scams.

The fake employer offers to help get the job applicant started by depositing cheques into the job applicant’s bank account. The job applicant is then instructed to pay over most of those funds to other parties via electronic transfers. Unfortunately, the cheques are either fraudulent or already cashed whilst the recipients of the transfers are part of the criminal sting. This leaves the victim not only out of pocket for thousands of dollars but also liable for criminal prosecution for money laundering, however naïve and innocent the victim is.

Another scam is to have the victim complete a fake online application form which includes all their personal information such as full name, date of birth, current & past addresses, SSN or driving licence numbers. The position is nonexistent and the scam is to glean as much personable information as possible to affect the theft of their identity and start taking out false loans, mortgages over their property, credit cards applications etc.

One slightly more innocuous scam is to charge a small fee [usually less than $100] for assistance with finding that lucrative and sought after position. The assistance mainly consists of little more than obvious advice, contact numbers, government website addresses etc. Any person wanting a refund will find it nigh on impossible to contact the entity behind the website and any effort to do so is way beyond the $100 lost.

Some fake recruiters have been known to falsely claim to represent international companies for positions overseas. These fake recruiters then charge `processing fees’ and even go so far as to arrange bogus interview boards and medical examinations. The job seeker only learns that they have been scammed when the promised job fails to materialize and the HR Department of the intended employer has never heard of the agency. By this time, the recruiter has closed down, moved on, changed names and moved offices.

The most insidious schemes are those that dupe job seekers into frauds known as cash smugglers. These frauds are carried out by highly organised criminal syndicates with links to computer crime and money laundering. Victims are duped by fake financial services businesses supposedly operating from Switzerland or Hong Kong seeking “receiving payment agents”. The main qualities they seek are individuals who maintain a bank account and can make transfers [not much of a prerequisite].

The victim will be asked to receive payments into their bank account from “clients” (usually other fraud victims who have bought non existent goods) and forward the money to their “employer” (overseas bank accounts operated by members of the gang). Some victims are allowed to keep ten percent of the funds but most are promised payment later by direct deposit, which never arrives.

Re-shipper frauds take a similar tack but the victim handles goods rather that money. The victim gets taken in by an advert for fake international courier companies looking for a `logistic manager’. The victim then receives valuable items such as PlayStations, iPads and iPhones which have been purchased fraudulently on eBay or else online with stolen credit cards. The victim is required to forward these items to a foreign destination so that they can be resold in a third country for most of their retail price. The fraud normally comes unstuck when Police or investigators visit the victim’s address searching for stolen goods.

Tips to protect you from the scammers

Don’t Spread Your Personal Information. Be wary as to how much of your personal information you put out online via FaceBook, Twitter, postings etc. Scammers will pick up on this information to either engineer a plausible approach to you or else engineer theft of your identity.

Query any unsolicited approaches. Any email which appears to be mass marketed offering easy ways to make money is probably false. Look for a strange email address, poor spelling or punctuation, generic sounding names or addresses and the use of free email accounts.

Be realistic. Ask yourself why a finance company is willing to pay 10% for an act as simple as forwarding funds – what kind of business can’t open their own bank accounts. Computers and other devices are sold legitimately across the globe – why is there a premium discount for buying them in your country? Unless they’re stolen

Ask a friend. Before responding to any dubious sounding emails, ask a friend or relative to have a look and give their opinion. A fresh perspective not clouded by an urge to answer the email will spot it for what it really is.

Check them out. Some basic internet searching can reveal how likely the company is to be genuine. Do they have offices at genuine sounding addresses, how long has the website been running, what are the other links to the website and what information can you cross reference? Visit anti-fraud sites such as http://www.scamdex.com/ for any mentions or similar approaches.

Basically, use your common sense and be realistic about any job or money making offers. The internet levels the playing field in many sectors [think call-centres in India] so when an opportunity claiming to reward you for minimal effort sounds too good to be true, it probably is.

Do you need to know more about our services and how Regents can assist you with preventing fraud? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.