Internet Crime Response by Corporation

Microsoft, a private corporation, appeals to the federal rules of civil procedure to authorize technical steps (a legal hack?) to stop a cyber threat.

"a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot." See official Microsoft blog post.

This lawsuit case shows that the civil judicial system has a role to play in limiting the impact and damage caused by Internet crime like botnets, phishing and identity theft.

Web Publicity Counters Lawsuit

Plainscapital Bank v. Hillary Machinery is one of the most unusual lawsuits in the history of cyber security law. Not only did the bank sue its customer, the victim (with no allegation that the customer was complicit with the cyber crime). But the customer struck back with effective, web-savvy public relations. This case is not over. Yet the experience shows how important public communications are to Internet security issues. http://legal-beagle.typepad.com/wrights_legal_beagle/2010/02/public-relations.html

in reference to:

"A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting . . . "
- http://www.computerworld.com/s/article/9149218/Bank_sues_victim_of_800_000_cybertheft (view on Google Sidewiki)

--Benjamin Wright

FTC mistaken

The Federal Trade Commission should reconsider its investigation of and settlement with TJX. FTC rushed its judgment of TJX, settled with the company too quickly and issued a press release prematurely, before all of the investigation was over. Later, the more complete investigation revealed that TJX was the victim of a major and unprecedented crime spree. After all of the facts are reviewed, it is clear that the FTC's approach to credit card security is narrow-minded and counter productive. http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html --Benjamin Wright, Dallas, Texas

in reference to: http://www.ftc.gov/opa/2008/03/datasec.shtm (view on Google Sidewiki)

--Benjamin Wright

Public communications about data breach

Early newspaper reports about a 2008 cyber break-in at Best Western Hotels were apparently overblown. BW Hotel's subsequent vigorous public communications response is now a case study example of how enterprise victims of cyberattacks should openly, carefully deliver appropriate public information about the attacks. Good public communications is critical to any IT security program. http://blogs.sans.org/computer-forensics/2010/02/09/public-communications-are-critical-to-security-incident-response/

in reference to: http://economictimes.indiatimes.com/articleshow/msid-3400493,flstry-1.cms (view on Google Sidewiki)

--Benjamin Wright, Senior SANS Institute Instructor on cyber defense and investigations law.

Public messages

This article highlights a major theme in my SANS legal courses: public communications -- whether terms, contracts, policies, banners, press releases -- are critical to effective cyber security and investigations. http://legal-beagle.typepad.com/wrights_legal_beagle/2010/02/computer-security-training.html

in reference to: http://www.sans.edu/resources/leadershiplab/cyber_consent.php (view on Google Sidewiki)

--Benjamin Wright, Senior SANS Institute Instructor for IT law.

Electronic Records in Lawsuits

Emerging technology could analyze large volumes of electronic mail and text messages to discover the legal intention of the writers.

--Benjamin Wright