Internet Dating & Marriage Scams - how to avoid them

In the last four years I have seen numerous cases of this already classical Internet scam, obviously after they took place and there was little or nothing to do to reverse the financial damage on the victims. Basically, a Western guy meets an Eastern woman on Internet chat or dating services, they develop a relationship over the Internet and in some cases even meeting in real life, then he sends her large amounts of money and the girl eventually disappears. Are there chances of legal action success? What precautions should be taken?

Trust grows while the digital relationship evolves over months and even years. While the discussions go on, the theme of hard life, poverty and financial problems in the girl's family is gradually introduced, together with her wish to escape these problems. The most commonly met scenarios involve the guy coming to live in Romania, and in rare cases that of her leaving Romania to live somewhere else.

At some point, since the psychological involvement in her problems has grown - the guy offers to send her some money to help her solve a particular problem. This is the real start of the whole scam. Over the next months new small or increased amounts of money are sent in good faith for helping her and her family.

In some cases the guy even visits Romania and meets her and her family, all the things becoming more real and doubts about the girl's intention disappear.

Eventually, the idea of lending her money or sending her large amounts for the purpose of buying a flat or house or a piece of land appears and the money are sent in the end. Usually, this is the phase in which the girl disappears with the money.

I have seen cases with total loss ranging from 15.000 Euros to 87.000 British Pounds and the duration spanning between 1 to 3 or even 4 years of digital relationship.

There is little that can be done in such cases from the legal point of view and chances of legal action success depend largely on the evidence worthy of trust in court. This is usually the part where the guy mistakenly believes that he is able to sue her if something goes wrong, simply because legal provisions are different from his country to those in Romania. Especially when we deal with digital evidence.

The difficulties come from a wide range of legal mostly referring to evidence:

• Electronic evidence: Usually, evidence of such a relationship rely mostly on electronic evidence such as emails or Instant Messaging logs - in what degree can they be certified as true? was there at the other end, the intended person communicating? or was someone else pretending?
  Romanian laws require proper procedures for gathering electronic evidence. Simply printing the logs may not always be sufficient. Professional assistance is required here. 
• In the same time, in most cases, there are no persons on the guy's side that can testify about the relationship. 
• Bank statements or Western Union statements are helpful - most often in finding a person or proving that money was sent. But only that.
• Pictures of both persons together may be proof that the two have met
• The hardest to gather is the evidence of the agreement between the two on buying a property that should, in the end, belong to both and that one party's expectations were deceived. You need strong proof for that. 

Without clear evidence about the real intentions for sending the money, the woman can easily claim in court that there was a charitable act involved.

DISCLAIMER: This article is not intended to discourage international marriage and relationships. Far from it. It is intended to indicate that there may be proper legal ways of proceeding.

• If there is money for buying a property here - sure there is money for a trip to buy it in person, even if you both go to the notary and make the purchase.
• If there is the intention to lend large sums - it is best to make sure you make a notarized money loaning contract and that you have legal assistance on the matter.

Evidence is key and professional legal assistance is advisable.

Continue reading here...

Cyber-terrorism from fiction to reality

While preparing my two lectures for the Advanced NATO seminar that took place in Kiev, Ukraine, last week (sep 26 to 29, 2010) and had as topic "Cyber-Terrorism Prevention & Counteraction" - I had the occasion to go again through many books, reports and related documents on Cyber-Terrorism. Below are some key elements of the phenomenon, as a short introduction to this topic.

What strikes the reader the most while going through all these documents is the multitude of definitions that one can find for cyber-terrorism across authors, states and even among different security agencies in the same state.

In the same time, examples of actual cyber-terrorist activities are few and this comes not from the lack of such criminal events but from the difficulty of harmonizing the definitions. If we adopt a too narrow definition it will exclude many of the large scale cyber-attacks. Instead, a too broad definition would include in the category of cyber-terrorism too many of the actual cyber-crimes.

What are the key elements of cyber-terrorism?

• a cyber-attack or series of cyber-attacks destined to disrupt or otherwise cripple the functioning of computer systems and computer networks
• the computer systems or networks should, in theory, be part of the critical infrastructure - with direct impact on real life and/or economy 
• disruption or crippling of such systems and services should have direct or possible visible results or to create an important danger to life and/or economy
• there must be a political motivation behind such attacks - in the name of a political ideology or in furtherance of a political agenda with the intention to create panic, public danger, or to intimidate

Because no computer system is 100% secure and the vast majority of computers, including those controlling critical infrastructure are somehow connected to a network or even directly to Internet, there is, in theory, potential for such attacks.

In the same time, the computers that are not connected with the outside world, can be infected through other means - for instance an infected USB memory stick.

The large majority of the writings on the topic conclude showing that critical IT infrastructure - like computers coordinating flights on airports, systems controlling the production and distribution of energy, or computers controlling critical industrial processes - is never too well protected and proactive efforts should be taken to ensure security and safe operations of such systems.

On the other hand, there are many critiques on internet forums that this literature exaggerates on purpose this kind of dangers with the intent to draw funds for defense and computer security industry. Such opinions also underline the possibility that such possible threats are on purpose exaggerated by media in search of sensational news.

Even if this would be true - important cyber-attacks are taking place daily and most of the time it is very difficult to prove the political motivation behind them so that they would be categorized as cyber-terrorism. In any case, only at the end of an investigation - one could tell what was the motivation and if an attack was part of a political agenda (or not).

When discussing favoring aspects of cyber-attacks, aside from the almost every-day discovery of new computer systems vulnerabilities - one other aspect that puts a system or a network at risk is almost always present: the human factor.

Be it insufficient computer usage training or systems weakly configured, be it lack of adequate computer usage policies in organizations - we almost always find in grave cases some employee who, from lack of knowledge or from other reason, has neglected to take the necessary precautions and endangered the critical IT infrastructure putting it at risk.

More over, unlike not so many years ago - a characteristic of the today's cyber-crime modus operandi is the level of development and sophistication of the software tools used and the automation of the cyber-attacks and infection and controlling of the victim computer systems. 

Botnet networks - armies of civilian and institutional computers connected to Internet and infected with viruses that take commands and can be programmed to simultaneously attack from various places in the world a critical service or system connected to the Internet - have a proven disruptive capability.

To make this a cyber-terrorist activity we only need a political motivation. And such scenarios are easy to accomplish if we take into consideration the fact that such botnets are for hire and could be easily rented and used by a terrorist organization.

The most often example of possible cyber-terrorist attack we can find, in which botnets appear to be used si the attacks on Estonia in 2007. There are also other examples pointing out for instance the large scale impact - but most of the examples lack in showing beyond any doubt the political motivation aspect.

From theory to reality and practice

Research from computer security and antivirus companies in the last weeks have added a new aspect to all these digital doomsday's scenarios: the Stuxnet virus.

Much has been written on the topic of Stuxnet and much will be written from now on - because this virus has some interesting characteristics that bring some of the scenarios from imagination to reality. These aspects refer to the capacity of attacking and sabotaging critical IT infrastructure which, if malfunctioning, can cause visible results and even explosions of industrial facilities.

• this virus infects computers through USB memory sticks - no Internet connection needed
• it updates itself on the network using peer-to-peer technology
• it shows different behavior depending on the type of computer it has infected - if it's not an industrial digital control system (SCADA) it only does multiplication activity for spreading infection
• it detects if the computer it has infected is an industrial control computer and looks for connections to digital control devices for industrial processes
• it reprograms these devices and monitors their activity
• it hides the infection and reprogramming of the device from the operator who will never detect the change in the device's programming until, maybe, too late
• the  virus has been discovered in June 2010 - after it has already infected computers in various countries and continents
• it exploits 4 previously unknown vulnerabilities of the Windows operating system
• it is digitally signed with security certificates from two major manufacturers of computer spare-parts - the digital signature of the software is one of the methods widely used by antivirus software to identify legitimate software and it allowed the virus to pass undetected this security check

Various authors have long been imagined lots of scenarios in which critical IT infrastructure is attacked in various ways - Stuxnet is the first real life proof that such attacks are possible.

I will not get here into details about all the suppositions that have been made about this virus and its potential targets. I, however find it interesting that there has been found a way of reaching such critical computer systems and networks and reprogram them.

Even if this virus which has been deemed to be "the first real cyber-weapon" has not caused an explosion somewhere yet - we now have a precedent and an object of study and other potentially dangerous cyber-weapons can be built upon the research done on this one.

Prevention, Justice, Cooperation

Taking into account the essence of the cyber-terrorist phenomenon - which is that of cyber-attacks - discussions on this topic inevitably end in discussing combating cybercrime, prevention and security measures.

In my private practice I have met lots of computer users saying that viruses are inevitable, and the effort to keep your systems clean is too big, and that it's best to do your job than always taking care of our digital security in the way we operate IT.

Such individuals also argument that one single computer user protecting himself, has little or no impact on the global cyber-dangers phenomenon. Even so, having a security-aware behavior in IT operations, having a minimum set of security rules at home or at work when using computers and internet - must be part of the minimal education at all levels, starting from schools. In the same time it is necessary to implement computer usage policies in organizations and companies at all levels.

At legal level, there are also realities that favor computer crime: starting with the fact that cyber-crime is international in nature and there are different definitions of computer crimes from state to state making the task of prosecuting such crimes harder and ending with lack of harmonizing all the corresponding secondary laws like extradition procedures, for instance in some states. It is a huge and complex mechanism which requires lots of political will and many legal writings - and which at this time benefits cyber-criminals.

Even if we all wish that digital doomsday's scenarios remain simple scenarios, life offers us examples from time to time that such scenarios are in fact possible and come to life. Evolution is a trial-and-error process and lots of learning from such mistakes. Especially when we talk about computer security, most of the time security measures are challenged again and again until they fall. 

Unlike in firefighting where you are able to choose fire resistant materials for a certain amount of time or until a certain temperature is reached - in computer security there is no way of telling how long a new security measure will hold. 

It is desirable that mistakes are kept to a minimum, but for this, maybe we should not ignore warnings and stay alert.

More on the Stuxnet virus:

• Symantec - Stuxnet Introduces the First Known Rootkit for Industrial Control Systems
• Langner - Stuxnet is a directed attack -- 'hack of the century'
• TechNewsWorld - Stuxnet: Dissecting the Worm
• PCWorld -  Was Stuxnet Built to Attack Iran's Nuclear Program?
• CNet News -  Stuxnet could hijack power plants, refineries

Continue reading here...

Computer crime in Romania - press releases overview

Since we've just passed in the second half of year 2010 I have re-read for you the press release issued by the Romanian Directorate on Investigating Organized Crime and Terrorism (DIICOT) - the law enforcement body which also investigates computer related crimes in Romania.
I have made a selection of all press-releases for cybercrime cases in the first half of 2010 year in an attempt to analyze the data with respect to types of cybercrime most often encountered, areas covered, etc.

The total number of cases found is 12.



Romanian counties involved:
From a total of 41 counties in Romania, the actual number of counties in which computer related criminal activities were found is 19. On top, we can see the capital city Bucharest in 4 of the cases, Bacau, Constanta and Iasi in 3 cases, Hunedoara with 2, and the rest of the counties in the list with one case each.


Cross border criminal activity:
We can see from the data that, with the exception of two cases, the computer related criminal activity targeted foreign countries from Europe and America and even Australia and New Zealand.

In the top we have Italy, with 5 cases, especially for skimming and credit card forgery, followed by U.S. and Germany with 4 cases. On the third place we have The Netherlands and The Great Britain. All other countries appear as targeted in two or one cases. I have not included Romania on the list although there were cases of skimming targeting Romania.


Organized crime networks:
In all 12 cases there were hearings for 272 persons, part of them being arrested.

With the exception of one case, in which a single person appeared to be involved, all the others have multiple authors appeared to be involved as follows:

• under 10 persons - 3 cases
• between 10 and 20 persons - 3 cases
• between 20 and 35 persons - 4 cases
• 51 persons in one case
• 70 persons in one case

One other aspect that can be seen from the press-releases is the cooperation between computer crime groups, the permanent exchange of data and tools - one particular case of skimming outlines the way such a group is organized on several layers of activity:

• financing the travel abroad for the group members and financing the costs of electronic parts for manufacturing the skimming devices
• manufacturing the skimming devices
• setup of these devices in the target countries

Types of crimes identified:
The majority of cases were in the area of electronic payment fraud, main activities identified being:

• producing, owning and distributing of devices and software for copying the credit card electronic data
• copying and transmitting credit card data (skimming)
• phishing
• credit card forgery
• electronic payment fraud (online and from ATM)
• illegal altering if computer data
• electronic commerce fraud
• illegal access to computer system

One single case does not fit into this pattern of electronic payment related fraud and it was related to illegal phone-calls interception by means of software planted into GSM phones.

• DIICOT press releases - in Romanian languages are here.
• DIICOT annual report for 2009 is located here (also in Romanian).

Continue reading here...

Protect your busines from computer related risks

Two different conversations with the visitors of my blog had the same theme: how can I protect my business from the computer and internet related risks?. This article is based on a situation I frequently met here in Romania but which can be generally applicable in other countries too:

I am not talking about security auditing the business, investing in security technology and such, but instead I will refer here to some simple but important measures any company should take in protecting their business. It's about legal protection.

Let's start with a series of possible scenarios asking you if they seem familiar to you:

1. a company having their main advantage on the market in front of the competition the clients database or a certain know-how; one of the employees stoles this data from the computer, sells it to the competition or creates his own company
2. employees which are not forbidden to take home important digital data on a disk or USB key, and who loose the data or damage it - causing the company important losses
   
3. upset employee leaves company knowing the passwords and access codes to company servers or intranet and uses this knowledge to cause damage to the former company
   
4. keeping accounting data and other important business data on computers to which several persons have access and use the computer for other purposes including surfing the web, using social media sites, downloading and installing software, etc.
   
5. companies who do not create specific job requirements and descriptions for personnel using computer inside the business.

The list can continue, please suggest other possible situations that you have met.

A truth often ignored or not known by entrepreneurs: an important business risk when it comes to computer and Internet usage in the company is posed by the misuse (by mistake or on purpose) of the company's information technology infrastructure by the employees.

The first solution for protecting your business should be the legal protection which has two components:

• defining a computer usage policy and general conduct inside your business
• the employees signing that policy that they acknowledge the contents and agree to respect it
  

At practical level:  I would recommend a minimum of 3 documents to be drafted by the legal department and signed by the employees:

• a specific job description for employees using computers in your business - which enumerates the obligations and specific duties and responsibilities of the employee when using the computer
• a non-disclosure agreement - in which the employee agrees to keep the company's confidential data secret and not to disclose or in any other way take data outside the company and that he/she will not use it in event it leaves the job. This document should also define what is understood by company's confidential data.
  
• internal policy for computer usage - a more general document signed by all employees in which they acknowledge the general conduct they should have when using computers at work, who is allowed access to which computer, if they are allowed to transmit data outside the company, if they are allowed to use social media sites and other communication aside from what is needed for work, etc.

The employees will sign these documents.

In my experience at least here in Romania, if such documents would exist in every business and if they would be put into force, more than half of the computer related risks for the business would disappear.


If they existed but are not put into force, the company has at least open access to legal action against the employee, these documents defining grounds for bringing to justice the misconduct of an employee.

Romanian laws define computer related crimes such as data theft, illegal access to a computer, damaging computer data, etc., pretty well. All the employees should know these and act accordingly inside the business. The three documents I recommend are meant first as prevention, letting the employee know the conduct he/she must adopt, and second, as grounds for legal action if needed.

Doing business in Romania? My advice is to contact your attorney or a specialist to check the status of the computer usage policy in your company and to help you draft it or adapt it if necessary.

Continue reading here...

Is email accepted as evidence in romanian courts?

I receive this question very often and one of the answers is: Yes, you can use email in a Romanian court as evidence, in most of the cases but, only if you bring it in court in a proper manner.

Short explanation for non-technical persons:
Depending on the case (criminal or civil), using email as evidence in Romania can be easier or a little bit harder because:

• in criminal cases the evidence is most often produced by the  state according to their accepted procedures
• in civil or commercial cases, the evidence must be brought by the interested party and the effort to bring it in a trustworthy form is a little bit higher, especially when that proof is challenged and a a technical expert is needed to prove the message is not counterfeit

I have seen cases in which a person came to me with a simple print of an email asking me to present it in court. When I asked them, do you still have the original message in your inbox on the email server? - in some cases the answer was "no, but I kept the print".
In that particular case, the email cannot constitute evidence anymore, simply because there was no way to verify the authenticity of the message, since the print does not include the full headers (similar to the envelope of a letter, indicating the route, the origin of the letter, etc.) of an email.

So, the simple print can be challenged in court if there is no original on the server that could be investigated by a technical expert.

My advice to those needing to use an email in a Romanian court:

• keep the original messages in your inbox and in your email program
• print the message together with it's full headers for refernce (display Full headers or Extended headers in you email program prior to printing)

[original post in romanian language]

Continue reading here...

Prevention: How can I stay away from SPAM?

On the romanian language blog related to prevention of computer crime and dedicated to non-technical users, I have added a new practical advice in an attempt to answer questions from the readers asking how to keep their personal email addresses away from receiving SPAM.
Since the article is in Romanian I am outlining here the main points:

• since emails are automatically harvested from internet pages, if you must display your address on a page, write it in a form that will be difficult for software to interpret it as an email address (for instance  "myname [AT] mydomain dot com". Humans will understand it.
• other method is to have a different public email address which you give on public pages - and keep the private one for friends and family communication.
• keep your computer clean of viruses and updated
• do not send further the chain letters you receive from friends and educate them to delete all email addresses from the content of the message and, most important, put all the friends on the BCC (blind carbon copy) field instead of CC field. Chain letters are a method of collecting valid emails to send SPAM to.

Continue reading here...

Digital photos as evidence in Romanian courts

What should I do in order to use digital photos as evidence in court? Do Romanian courts accept photos from a digital camera? Do I have to turn in my camera or it's enough that I print the photos?..and so on... these are just a few questions I frequently receive from people concerning the digital photos as electronic evidence in courts in Romania.

Digital photos as evidence are used through the same rules set as the classical photos in Romania. Differences in using them to trials may appear when the evidence is challenged and the need for technical experts to investigate their authenticity appears.

Same as in the case of email, we recommend caution in handling and keeping them, because this evidence is more able to be altered than the classical photos thus easier to challenge them.

You can produce and present them to court or to law enforcement bodies in print - but you must take care not to alter the original image and to have it in case it's needed.

In short, be careful that any image processing as: resizing, saving in another format, changing the brightness and contrast, compressing, no matter the software you use to do that, may alter the image and make proving the authenticity harder. Therefore,  whenever you process it for print if you need that, do it on a copy of the image.

[original post in romanian language]

Continue reading here...

Fingerprints on the Internet?

How unique and identifiable are we while surfing the Internet from the silence of our home? Do we leave behind traces that through which we can be recognized?

Our Browsers, while useful tools for gathering information, communicate with the web-servers we visit, exchanging a plethora of information, giving to the server especially information about our computer, especially the configuration of the  browser and it's helper applications (the plug-ins, installed fonts, video and audio players, etc) that are installed.

The browsers do this so that the server has the possibility to format and adapt the pages that it will deliver to us so that they are displayed correctly. But usually, the server keeps this information after we leave.

Because all these fonts and plug-ins vary from computer to computer, all this data and information, although anonymous while it's not coupled with the IP address, gathered and analyzed create a configuration fingerprint almost unique, that we leave behind while surfing. Gathering this information from several servers, it's easy to create and follow a path we make on the internet and process and store and identify us while returning to a server. Like a fingerprint.

You can test how unique is your browser by visiting project Panopticlick...

Continue reading here...

Intro: Computer crimes and the legal system

The last 30 years have seen inimaginable technical advances in the fields of computers and communication technology. The development of Internet has radically transformed mankind, allowing almost instant communication and long distance cooperation between individuals, companies, institutions and governments. Computers and Internet have become part of the daily work of bilions of individuals.


More, expansion of businesses on the Internet and through the Internet, online shopping and Internet payment methods has lead to appearance and development of a whole new economic sector who's existence and activity depends solely on the stability of the Internet climate.


But the benefits of this new type of interaction and cooperation based on the Information Technology and the world-wide-web, have also brought new types of anti-social and criminal activities and threats who pose new and yet to be solved problems to the national and regional legal systems.

The new medium is forcing a response from the legal systems that cannot anymore be done solely through classical methods of investigation and prosecution, but through new and innovative ways.

We are talking here about crimes that generally fit into the cybercrime or computer related crimes category - a type of criminal activities that causes significant losses worldwide - and which have their own special characteristics different from those of the classical crimes, requiring a fast response and evolution of the national legal systems, as well as new international cooperation mechanisms. Some of these characteristics are:

• technical aspects and specific technical language involved in proving these crimes and bringing them to justice - law enforcement agencies and courts have to deal with countless technical aspects and a quite strong language barrier.
• electronic evidence is volatile - computer and network data are extremely volatile, being easy to miss or compromise, thus endangering the investigations and requiring the capability of fast response from the law enforcement bodies.
• cross-border nature of computer crime - a computer crime can be initiated from a country, use facilities from other countries and have victims in several other countries or continents - bringing them to justice require very good cooperation between law enforcement agencies world-wide and adequate procedures and international cooperation instruments.
• large numbers of computer related crimes possible at a certain moment - in some cases law enforcement bodies have to limit their investigations only to cases which result in a certain level of losses.
• difficulty of identifying the criminals beyond any doubt  - computers are everywhere, in every office and every household, as well as the public access terminals and hotspots thus a large number of individuals accessing the same computer makes tying the crime to a certain person a dificult task.
• lack of education of the general public regarding minimal technical measures of self-protection and conduct when accessing the Internet.

All these characteristics and many others, pose significant challenges to legal systems worldwide.

Why en.criminalitate.info ?

This is the English language version of the www.crimialitate.info a legal blog initially intended for the Romanian general public and Romanian specialists involved in fight against cybercrime. This specific version will contain translations of some of the legal articles published in Romanian, as well as specific articles in English.

For more information about us please visit the About Us page.
You can also contact us at the following address: contact [AT] criminalitate dot info.

Continue reading here...