Tag Archives: cyber

Instagram Hacking Not a Computer Crime Says Court in Florida

Posted on by
Instagram Hack Computer Crime

Instagram Hack Not a Computer Crime in Florida

Is Hacking an Instagram Account always a Crime in Florida?

A guy in Florida was convicted of unauthorized computer use. the court reversed his conviction. The guy “logged into his ex-girlfriend’s Instagram account and posted nude photographs of her without her permission.”  The prosecutor claimed that constituted a violation of section 815.06(1)(a), Florida Statutes (2013).

What is Hacking a Computer Network in Florida?

 

Section 815.06 makes it illegal under Florida computer law and states “[w]hoever willfully, knowingly, and without authorization [a]ccesses or causes to be accessed any computer, computer system, or computer network . . . commits an offense against computer users.”  § 815.06(1)(a), Fla. Stat. (2013).

The court reversed the conviction and focussed on three defintions in the law:

  • “Computer” means an internally programmed, automatic device that performs data processing
  • “Computer network” means any system that provides communications between one or more computer systems and its input or output devices, including, but not limited to, display terminals and printers that are connected by telecommunication facilities.
  • “Computer system” means a device or collection of devices, including support devices, one or more of which contain computer programs, electronic instructions, or input data and output data, and which perform functions, including, but not limited to, logic, arithmetic, data storage, retrieval, communication, or control. The term does not include calculators that are not programmable and that are not capable of being used in conjunction with external files. § 815.03, Fla. Stat. (2013).
The state failed to prove that Instagram was a Computer, computer system, or “computer network. The winning argument was that an Instagram account does not fall within any of these statutory definitions.

Instagram Hack Case Excerpt:

“The plain language of the statutory definitions of “computer,” “computer system,” and “computer network” refer to tangible devices, not the data and other information located on the device. Thus, to prove a violation of section 815.06(1)(a) the State must establish that the defendant accessed one of the listed tangible devices without authorization, not that the defendant accessed a program or information stored on the device without authorization. See Rodriguez v. State, 956 So. 2d 1226, 1230 (Fla. 4th DCA 2007) (reversing conviction under section 815.06 because evidence only established that the defendant accessed a “computer function” that he was not authorized to access).”
“Here, the charge against Appellant was based only on the unauthorized access of his ex-girlfriend’s Instagram account, not the computer server on which the account is presumably located. We say “presumably” because the only evidence in the record explaining what Instagram is was the ex-girlfriend’s testimony that it is a form of social media and “a place where you post pictures [and] your friends get to see it.” Nothing in the record establishes or explains how accessing an Instagram account works from a technological perspective, leaving unanswered whether or how Appellant’s actions amounted to accessing a specific computer, computer system, or computer network. Accordingly, in this case, the State failed to provide the necessary evidentiary foundation to prove that Appellant’s actions violated section 815.06(1)(a).”

Revenge Porn Statute Section 784.049, Florida Statutes

 

The court conclude a revenge porn prosecution under Section 784.049, Florida Statutes, that specifically prohibits the publication of sexually-explicit images of a person on the Internet without his or her consent is now a tool prosecutors can use. The court noted the new revenge porn statute was needed because “Florida law does not specifically prohibit posting pictures of a nude adult person on the Internet for viewing by other adults if the picture was taken with the knowledge and consent of the person”.

Source: Crapps v State, CASE NO. 1D14-4569 (Fla 1st DCA Dec 8, 2015).https://edca.1dca.org/DCADocs/2014/4569/144569_DC08_12082015_090851_i.pdf

 

The Web Mob a/k/a La Cosa Webstra

Posted on by

Millions of stolen credit card numbers and other personal identification information are available for less than ten dollars according to experts at Baseline magazine and the United States Department of Justice. Unlike Michael Corleone’s crew, these mobsters exist solely in cyberspace. Phishing expeditions are their forte, with estimates of between 75 and 150 million scam emails sent daily.

Virtual Hit Men

Recently one large data collector was hit by mobsters who stole or accessed nearly 150,000 consumer records, credit reports, and Social Security numbers. This gang hides behind digital aliases, screen names, and nicknames. To punish wayward gang members, enforcers will publish the true names and identifying information of formerly anonymous transgressors on websites. Supplying the rat’s true identity to law enforcement virtually assassinates the individual in cyberspace.

The Secret Service recently tracked down one such gang. With 28 arrests, 19 indictments, and 4,000 gang members, the Government has penetrated one of the largest, if not the largest known web mob. Again, unlike secret meetings of the heads of the families, the web mobs met in web based discussion forums where they discussed and attempted to perfect the stealing and the forging of bankcards, and a myriad of other personal identification documents. They cloak their identities and encrypt their communications.

Web Mob Busted

Agents with the Secret Service staged synchronized raids on several gang members. Since word travels fast in cyberspace, they simultaneously knocked on dozens of doors across the country while the gang members were chatting and plotting in a web-based forum. By moving in concert, they captured the capos before they could compromise further investigation by publicizing the bust and/or destroying computer records of their dark deals. Eventually the agents took control of the mob’s website and posted a warning on their homepage to those not yet busted – “Contact your local United States Secret Service field office before we contact you!!!”

In the digital equivalent of a bunch of televisions falling off Tony Soprano’s truck, batches of credit card data were falling off electronic trucks and onto the hard drives of gang members. They tested batches of purloined information to grade and evaluate the data for accuracy and to determine whether or not the card numbers were cancelled or valid. Testing of the data consisted of illicit entry into a retailer’s computer and running a series of nominal charges for each card number to see if the charges were approved or declined. Once tested and graded, the data is sold to the highest bidder on clandestine websites.

Bottom Line

According to the Secret Service, a credit card with a $10,000 limit would sell for between $1 to $10 dollars or more. E-mail addresses and associated personal identification information are cheaper – they go for a few cents each. From high school dropouts to post graduate students of Information Technology, cyber criminals now use the illusion of anonymity and take unrestricted license with confidential information housed on the world’s computer networks.

Authors: W.F. “Casey” Ebsary, Jr., CentralLaw.com and Albert Lucas, B.A. Mathematics

Tech Wreck

Posted on by

We are inundated with technologies designed to more effectively communicate. Some have caused users to defectively communicate. Misuse yields communications breakdown or even worse – death by PowerPoint®. With 400 Million Copies of Microsoft Office® and millions of PowerPoint® Presentations every day, one commentator, Dave Paradi surveyed and found several annoying elements in the bane of boardroom and courtroom technologies, PowerPoint®. Lest you not be familiar with potential side effects of poorly executed digital slideshow software, be assured watching slides from industrial safety filmstrips is more bearable than the painful boredom from this assassin of effective messaging from Microsoft®.

The survey found that speakers reading slides, flying text across the screen, and annoying use of sounds were some reasons for disdain for the technology. To that list add the users’ tech timeouts when the software or the hardware fails to display the desired show. With prices tumbling on hardware, including cheap projectors and notebook computers, expect the visual delirium to continue until audiences stand up and complain, walk out, or fall asleep during these moments of mediocrity.

Combining the laser pointer with the video projector can exponentially increase the risk of midday narcolepsy in the jury box or the seminar room. Actually, since the searing red dot of the laser pointer resembles the laser sight on the SWAT team’s M-16, some might claim it to be a useful device for waking up bored audience members or jurors. Jurors know that labels on laser devices warn of eye damage. Use of the powered pointer might actually keep them on the edge of their seats protecting themselves from blindness and more importantly not hearing a word said.

We revel in new technologies but hope their use will help, not distract and bore the audience. To that end, make sure that use of presentation technology serves and does not supplant. Evaluate each tool and ask a few simple questions: Does this technology work? Do you know how to work it? Is the technology really necessary to convey the message? Does it distract from the message? Is the technology persuasive? New technologies will emerge. Each must be reviewed by asking these questions.

In a culture where computer-generated scenes can appear real, just because it was on the television or the big screen projector doesn’t necessarily mean that the audience is convinced that either a droid army saved the universe; or that your side of the case should prevail.

Authors: W.F. “Casey” Ebsary, Jr., CentralLaw.com and Jodi Ann Baudean, Master of Science in Civil Engineering

Securing a Cable Modem Against Computer Criminals

Posted on by

As the use of commercial broadband cable modem’s flourishes, the opportunity for computer criminals or hackers to attack computers attached to these networks similarly has skyrocketed. Unbeknownst to most users, a cable modem provides easy access to an attached computer. Protection of these computers is a three-stage process.

A first line of defense against malicious access is a hardware firewall. Without a hardware firewall, the attached computer is easily accessible. With a hardware firewall such as a Linksys Cable/Broadband router as the first layer of protection a hacker will not be able to see your computer as a first device attached to your cable modem.

The second line of defense is a software firewall. A heuristic firewall such as ZoneAlarm looks for suspicious activity per se in addition to an ever-evolving defined list of threats. ZoneAlarm uses a permission-based system to allow access to and from the Internet to be granted or denied by a user. For example, a number of attacks on Windows operating systems using Outlook as an email client, have exploited easy access to the Outlook
contacts database. Once accessed those attackers replicate themselves and redistribute information from the attacked computer to email addresses found on the victim’s computer. Obviously, distribution of confidential client information is not an option for any of us. So not protecting our information is not an option either.

The third and final line of defense is maintenance of current virus protection software. Most top of the line software packages will automatically access the publisher’s website to obtain a current list of threats or virus definitions. This third line of defense will provide protection in the event the other two layers do not intercept the malicious file(s) that can compromise your home or office network.

Remember that your security system is only as strong as the weakest link. So while we obviously will focus on our desktop computers, legitimate remote access to our networks with a laptop from home or from onsite from a courtroom or client’s office, will provide opportunities for hackers to exploit our systems. You must make sure that all devices accessing our networks are equipped to deter hackers. Furthermore all users must be aware of the best practices to prevent illicit access to your firm’s digital resources.

Secret Messages that are not Secret

Posted on by

There are secret messages in your documents that are not secret. Both major word processing packages, Word and Word Perfect, contain hidden information that unless carefully removed can be a rich source of information to an opponent to whom the document is digitally distributed. Documents contain far more information than can be seen on screen.

A document contains information about the author, creation and revision dates, and other information about the lineage of the publication. The metadata as it is referred to can be used by a party to track revisions, additions, and deletions from the text. Therefore, care should be used to strip documents of these attributes when the document is to be distributed outside of the firm. Tips on stripping these attributes are available from both Microsoft and Corel. The Microsoft resource can be found atsupport.microsoft.com. The Corel resource is located at corel.com.

Surprisingly, the Microsoft Office stores all previous revisions of a Word document within the document itself. The revisions can be removed. One easy way to strip most of the identifiable information from document is to open a document in your word processor, select all of the text and copy it, open the Notepad application, paste the text into the Notepad document, and save the document as a text document.

Phishing and Spoofing

Posted on by

Phishing

Phishing is not to be confused with ‘fishing.’ There is no cast net, no baiting of the hook, and no minnow awaiting a large-mouth bass. But there are plenty of wireless fly rods out there. What do I mean? Specifically, an enterprising nerd or computer wizard of the binary-off generation can send you a disguised email representing a company you know and highly regard. The message may be duplicating a well-known logo in a misleading email suggesting you, the gullible, reply and update their files. They will frequently ask for a Social Security Number, credit card number, username and password, and/or your bank account number. Such data provides a license for identity theft. It goes on all the time. You read stories of months and months of futile effort to rectify credit reports done in by the virtual criminals. Frequently, the bait appears as an online financial intermediary asking for an update of personal information. In reality, takers just feed the ‘phisher’ valuable key information used to exploit the theft of the vulnerable victims’ identities.

Spoofing

Another popular indoor sport for some phisherman is spoofing. The digital sportsmen are hacking wireless cellular networks. First, the angler finds a cellular telephone with voice mail. Second, the piscator spoofs the cellular phone number, fooling the cellular network into authorizing access to the cellular telephone’s features. Third, the woesome whaler harvests the data and voicemail stored in the victim’s account. Data can include voicemail, user identification information, address books, photos, and passwords.

Explaining

How do they do it? Spoofing is easier and simpler than compromising most computer networks. We will not publish specifically where to go to spoof caller identification information. However, accept as fact, that information appearing to identify a caller can be falsified. Some cellular providers allow users to turn off the requirement that passwords be entered when accessing services from the user’s handset. The cellular caster then calls a cell phone number whose password is not required by the user – an option popular among many callers. The happy harpooner then gains entry into the victim’s voice mail, can control the options available to users (both authorized and otherwise), and has reign over whatever data and information is stored therein. A celebrity such as Paris Hilton and all her friends in her address book know all about it.

Preventing

Avoiding phishing and spoofing requires vigilance. Don’t supply usernames and passwords to anyone. Networks and providers already know your username and password. Change passwords regularly and use your cell phone pin number to access your voicemail every time no matter how busy you may be. These basic precautions will not stop the ever-advancing threats, but will provide a safety net. Be wary and be warned from your lighthouse attendant from on the bay.

Authors: Albert Lucas, B.A. Mathematics and W.F. “Casey” Ebsary, Jr., CentralLaw.com

I, Spybot

Posted on by

Last year we published an article on securing a cable modem. In the few months since that article, new threats to computer security have arisen. Previously a hardware and/or software firewall coupled with anti-virus protection was sufficient. New threats have arisen from programs that are installed by mere visits to web pages. Recommendations for securing a mobile or home-office computer will be discussed along with some key strategies for protecting us from some new threats that are beyond viral.

Firewalls

A two-tiered approach to security is advisable. First, a hard firewall, as simple as a router can harden you defenses against nefarious efforts to access your computer network. At CentralLaw.com we use a simple device manufactured by LinkSys. It comes in a variety of flavors both wired and wireless. Key point here with the wireless variant is to enable password protection of the device and change the default password. Those with wireless mobile access and nothing better to do play a fairly common game – “war driving.” Contestants cruise the streets of Metropolis searching for unprotected wireless networks or networks whose passwords and username were never changed from the manufacturers’ default settings. Once a wireless connection is found, the players have access to your Internet connection, possibly to you data, and possibly to your office network.

Second, a software firewall is quite useful. They are frequently and often automatically updated and can respond to threats developed after the installation of the hard firewall. Heuristic or artificially intelligent firewalls are available. At CentralLaw.com we use ZoneAlarm. This new generation of protection enables a permission based security system that learns about the user’s legitimate accesses to the network and affirmatively requests permission from the user before allowing a program or process to access a protected computer. The program is trained to learn how and what legitimate users do on the protected computer. The program will log, alarm, and identify the evil-doer, and prevent the wicked from wandering.

Recently, one morning ZoneAlarm caught and blocked a suspicious effort to access a computer resource in our office. The artificially intelligent software firewall noted viral activity that had not previously been permitted by our systems’ users. Later that day, the media publicized the latest viral attack on the world’s computers and suggested users go to their anti-virus software and update it. We followed the advice, but were already protected from a threat. Since anti-virus and/or system software vendors had not yet responded to the attack, we would have been vulnerable.

spy bot search bot

Spyware

While programs usually run and are visible to users in the taskbar along the bottom of your computer screen, spyware installs itself in your operating system and its effects are not noticed until a computer’s internet access has slowed, a browser home page has been changed, a new search bar appears, or myriad other odd symptoms surface. We use a two-tiered approach here also. AdAware from LavaSoft and SpyBot Search and Destroy are a one-two punch to knock out these veiled threats.

Software Updates

Computer networks, like chains, are only as strong as the weakest link. Make sure all machines accessing your network are secured with the latest operating system updates. Some system updates have file sizes that require hours to download by a telephone dial-up connection. The masses use dial up, virtually guaranteeing that these updates will not be installed on those computers. Consequently, new threats propagate from throngs of unprotected computers. Take the time to assure that all computers under your control or terminals that have access to your network are regularly keeping pace with these updates. Recovering compromised data from even a single destroyed hard disk drive begins at around $5,000.00 per disk drive and it is not uncommon for data to be unrecoverable.

Electronic Fingerprints

Posted on by

Electronic fingerprints remain available for review if you know what to look for. The skeletal remains of files deleted or history of persons and places visited are seemingly hidden in the world behind the computer’s display. A plan to recover this information by a team with computer forensic expertise can be a powerful tool for civil and criminal litigants, for law enforcement, and for computer support services.

File deletion either through an accident, an application, or through the familiar desktop icon, the trashcan, seldom makes recovery of the deleted files impossible. Use of these commands on most computers merely delays the inevitable recovery of the files by those with a desire to do so. Most computers delete files by eliminating entries on the directory or index of the hard drive, but really the data associated with those entries remains accessible. Experts frequently analogize such deletions to the tearing of the table of contents from a book. Even though the outline of the book has been removed, pages of content remain.

Many common consumer applications can resolve these deleted files. Recovery of the files for evidentiary purposes requires the use of a computer forensics expert. These professionals use techniques designed to maintain chains of custody and software designed to assure an audit trail for files recovered. Professional recovery using scientifically valid recovery methods prevents claims that files recovered are not admissible for a number of evidentiary foundational reasons.

The computer forensics expert can also help devise a strategy to efficiently recover relevant data from diverse types of storage devices and from a number of geographically distinct storage locations. A well-planned search strategy can maximize an investment made in a forensic investigation. One megabyte of data is roughly 180,000 words of text or about the size of a typical novel. One gigabyte of data is 1,000 megabytes and will contain the information that one might find in 1,000 books.

With the price per megabyte of storage plummeting, large capacity storage devices capable of storing 120 gigabytes are common and cost less than $200.00. A poorly planned or executed search strategy can be quite costly. Searching the wrong storage device or looking in the wrong places will mobilize a marathon of futility; like searching 120,000 books in the wrong library.

Data Recovery: Major Disaster or Minor Loss?

Posted on by

“If mission critical data is lost, then call in a pro. Finagling with missing or damaged files can render them irrecoverable.”

Everyone has lost a document or probably will encounter someone who will try to “lose” a piece of evidence. On the innocent side, the computer could “freeze,” lose power, be hit by a hurricane, or data can be accidentally deleted. On the nefarious side an opponent may try to bury a smoking gun. What is not generally known is that loss or destruction can be remedied. The key is having the right tools, software, and expertise to recover the wayward data. This month we will cover the basics of data recovery.

First Issue: Where Do The Lost Files Go?

Most people believe the deletion is tantamount to destruction. Actually if piece of data is viewed as a page in a book, deletion is not analogous to running the page through a shredder. The better view is that deletion is like removing the entry from the book’s table of contents, while leaving the pages of information. The only things erased are a few characters of information that point to where the actual document is located. In time, the section of the hard drive will be overwritten, but in the short run, its still there.


In Technospeak: “The pointer, along with other pointers for every folder and file on the hard drive, is saved in a section near the beginning of the hard drive and is used by the operating system to create the directory tree structure. By erasing the pointer file, the actual file becomes invisible to the operating system, even though it is still there until the file system reuses the space.” Source: Ontrack Data.

Second Issue: How Do We Bring Them Back?

Initially the expert must find the original table of contents so we can find where and whether the actual files still exist. A technologist can rebuild the table of contents and bring the missing information back from the dark side. By deleting the entries in the table of contents, the computer allows data to be written where the deleted data used to reside. The files must be recovered before they are overwritten.


In Geekspeak: ”Every operating system has a file system, which is a unique method of indexing and keeping track of the files. Unfortunately for those that lose data, file systems can be very complex, which is why it can be so difficult to locate missing files. For instance, file systems that are used in business environments require security details and access transaction details. A good example is a transaction-based or journaling file system, whose goal is to log when each file is accessed, modified or saved – making the file system more complicated and harder to rebuild. . . . Recovery engineers are internally trained to work on data recovery, working with computer hardware for a number of years
and learning the low-level specifics of every type of file system.” Source: Ontrack Data.

Lost Files, Data Recovery

Lost Files

Third Issue: Should the Recovery be Outsourced?

From the legal perspective, it may be important to preserve a chain of custody and to have a witness who can testify about the methods used to retrieve the wayward file. From a cost perspective the file may only need to be retrieved from a the computer’s trash can (Macintosh) or recycling bin (Windows). There are also over-the-counter file recovery software packages for the do-it-yourselfer.


Deleted files can be damaged on their journey to the hinterlands. Subsequently recovered files can be damaged or incomplete or in need of repair. Here is where the pros come in. The pro will use a two-step process consisting of diagnosis of the data loss followed by the repair and recovery of the information. Seldom do the experts work on the original data. They most always attempt to make a mirror image of the files and always work on a copy.


In New Speak: “During this stage, recovery engineers can determine if the drive requires special attention from the cleanroom, which is an ultra-clean environment used when working with microscopic components. The cleanroom will work at an electronic and mechanical level to get the drive operational. This can include anything from physically cleaning the disk platters so they can spin properly to swapping out electrical components to power up the drive . . . . After the drive is operational and a copy of the drive can be made, data recovery engineers work to repair the file structures and produce a complete file listing that shows all of the files and directories on the volume. This file listing will also tell the customer if there are holes (or Input/Output errors) within the file itself. The final phase is the recovery phase. The goal of this phase is to copy out the data and backup that data on media that the customer requires. Source: Ontrack Data


In Technospeak, Geekspeak, or Newspeak, the message is the same: If mission critical data is lost, then call in a pro. Finagling with missing or damaged files can render them irrecoverable.

Tampa Computer Trial Attorney – Lawyer on Computers in Court

Posted on by

Tampa Computer Trial Attorney on Computers in Court

Law Enforcement and attorneys for the other side have a team working against you. Why not have your own Forensics Team working for you? More than ninety percent (90%) of documents are now created electronically, and less than thirty percent (30%) of those electronic documents are ever converted to paper. Rules on preserving electronically stored information and strategies to recover that data make having a Forensic eDiscovery team more important than ever before.

 

Tampa Computer Trial Attorney - Lawyer
Police have specialized equipment analyzing original digital media such as hard drives, disks, and flash drives, and optical disk drives in the computer forensics lab. There is special hardware and software that retrieves evidence from cell phones, including text messages (SMS) and pictures. For computers, specialized software is used to examine the computers and extract the evidence. We can too.

 

We use a team of attorney(s) and forensics expert(s) to help sort through data used in prosecution of federal indictments and state charges, fraud, hacking, theft of trade secrets, and other forms of cybercrimes.

 

With surge in popularity of mobile devices we can now forensically retrieve Information from mobile devices.  We also provide help in searching corporate e-mail, personal e-mail, Short Message Service (SMS) text messages, personal notes, calendar entries, photographs, address books, and inbound and outbound call logs. This type of information can be invaluable to prove certain facts for a case.

Remember – an expert can help preserve the chain of custody and this data can then be used in litigation.

Computer in Court? Tell Me Your Story 813-222-2220 .