Intellectual Property Offenses

Previous page
Table of content
Next page
I l @ ve RuBoard

Intellectual Property Offenses

Intellectual property has specific protections based on copyright and related rights. The intangible nature of this property makes the theft and redistribution easy. It also makes it more difficult to prosecute these offenses under traditional laws.

There are now laws addressing the violation of copyright and related rights as well as the circumvention of technological measures designed to protect these rights. Software counterfeiting and piracy laws have attempted to slow these activities, but better methods for the software to protect itself have to become more effective.

As the Internet becomes increasinglyimportant commercially, we are beginning to see new disputes around domain names related to cyber-squatting, warehousing, and reverse hijacking, and, naturally, there are also calls for rules and procedures to help deal with these problems.

Theft of Information

Information theft is different from physical theft since the electronic theft of information does not deny the owner's access to it ” only a copy of the information is stolen. However, this information could be valuable company secrets, expensive computer software, or private information about clients or partners . Information, if released, can cost the company in lost revenue, consumer confidence, and punitive damages. The theft of the information can have devastating effects on the owner of the information or on the entity which the information is about.

Trade secrets are some of the most valuable information to competitors of your company. This is what gives companies their competitive advantage. Sometimes the information is stolen not from the company itself but from a related company.

Cut-throat competition between two Japanese companies was the cause of a hacking attack at the National Space Development Agency of Japan.

NASDA confirmed that an employee at NEC Toshiba Space Systems, a joint venture set up by NEC and Toshiba, gained access to classified plans for satellite development drawn up by rival Mitsubishi Electric. The joint venture and Mitsubishi Electric were working together at NASDA's behest to develop a super-high-speed internet satellite due to be launched in 2005.

NASDA said it had barred NEC Toshiba Space Systems from tendering bids for one month and insisted that the employee be transferred to a different position. The spokesman said there were no plans to file criminal charges against the unidentified employee. [65]

[65] Farrell, Nick, "Japanese Space Agency Hacked by Rival," vnunet.com, 18 February 2002.

Trafficking in Pirated Information

Stealing software to use personally or to sell to someone else is illegal. The software may be either commercial software or in-house developed software. It can even include software created by the hacker for the company while employed by the company. You do not have to profit from the theft of the software for it to be a crime; only the act of taking it is required.

Often, the pirates trade their illegal software all over the world.

John Sankus, the leader of an online software piracy group known as DrinkOrDie, was sentenced to 46 months in federal prison on charges of violating criminal copyright law.

Known by his screen nickname of "eriFlleH" (HellFire spelled backwards ), Sankus supervised and managed the daily operations of the approximately 65 group members from more than 12 countries as they specialized in acquiring new software, stripping or circumventing its copyright protections and releasing it over the Internet.

DrinkorDie concealed its illegal activities using an array of technology and security measures. Members sent e- mails via the group's private mailserver using PGP encryption, identified themselves only by screenname, and communicated about group business only in private IRC channels. The group's FTP sites, which contained tens of thousands of pirated software, game and movie titles, were password-protected and secured by a combination of user ID and IP address authentication mechanisms.

The organization had a clear structure of member importance and responsibility, which allowed for very rapid distribution of cracked software.

"This is stealing, plain and simple," said U.S. Customs Commissioner Robert C. Bonner, "and those engaged in the theft of intellectual property deserve to be prosecuted and punished. The unprecedented penalty issued today should serve as a wake-up call to other cyber thieves ." [66]

[66] "U.S. Customs Dismantles One of the World's Most Sophisticated Internet Piracy Networks," U.S. Customs Service Press Release , 11 December 2001.

Storing Pirated Information

System owners and operators may well be legally at risk if their system is being used for the trafficking of stolen software. The courts continue to determine that the owners and operators of a computer system can be responsible for the activities on that system.

Compromised sites will often be used as a way station for information. Sites with lots of storage space or high-speed networks are often targeted to be used as these way stations . Using compromised systems reduces the communication between those who stole the software and those who want it and it reduces the risk that the hackers will be caught.

Federal law enforcement agents conducted raids at several U.S. universities and software companies in an apparently successful attempt to break up a software piracy ring. According to the Boston Globe , a systems analyst at the Massachusetts Institute of Technology, one of the schools raided, is alleged to have been operating near the top level of the piracy ring, dubbed DrinkOrDie. As a result of his involvement, several MIT computers were seized, including at least one server.

Think about that for a minute. Imagine federal law enforcement agents one day burst into your data center, disconnect a server or two, no telling which ones, and walk away with them. Then think about having the name of your organization splashed all over the headlines of your local metropolitan newspaper in connection with such a scandal, not to mention national news vehicles. That's exactly what happened to not only MIT, but Duke University, the University of California at Los Angeles, and the Rochester Institute of Technology.

In this particular case, authorities allege the culprit was using MIT computers to conduct at least some of his illegal activies. What was he supposed to be doing? Maintaining the security systems for MIT's Economics Department. [67]

[67] Desmond, Paul, "The Threat From Within," Copyright 2001 INT Media Group, Inc. All Rights Reserved. Republished with permission from http://www.internet.com.

There is another situation where a company may find the tables turned when it comes to theft of software. A company may find itself under the point of the law if it is unable to produce licenses for every copy of every piece of software it is using. These licenses can be a piece of paper or the original installation media.

Policies and procedures and a good software inventory system can go a long way to protect a company from a lengthy inventory process under detailed scrutiny.

Compromising Information

The hacker may want to plant false information to damage the company or an individual. If the hacker has intimate knowledge of the data, as is the case with many inside hackers, he can make subtle changes that could go undetected for a long time and have disastrous effects.

Once a system has been compromised, all the information that flows through that system can also be compromised. This could be as simple as making copies of the information for the hacker, or it could be as sinister as changing the information as it flows through the system.

Hackers broke into USA Today's Web site and replaced legitimate news stories with phony articles, lampooning newsmakers and religions but also claiming Israel was under missile attack. The bogus pages were viewable to USAToday.com readers for about 15 minutes before being discovered and taken offline, said company spokesman Steve Anderson. The entire site was shut down for three hours to upgrade security, he said, adding that the intruders appeared to have penetrated the Web server computers from outside company firewalls. There was no overt claim of responsibility, but at the end of one fake story the intruder indicated he or she planned to attend the H2K2 hacker convention in New York City . [68]

[68] Krane, Jim, "Hackers Put Phony News Items on USA Today's Website," Associated Press , 13 July 2002, Reprinted with permission of The Associated Press.

Destroying Information

The destruction of information denies everyone the use of the information. Usually, destroying information makes it unavailable only temporarily, until it can be restored. The impact of this type of attack is measured in downtime and man-hours to recover the information. A well-designed backup and recovery program can minimize the impact.

Some attacks which destroy information are more thorough than others. Information exists online, off-line and near-line. Attackers have been able to access near-line storage devices, such as automated tape silos , and delete the information which was stored on them. There have even been cases where off-line media has been successfully requested to be mounted by the attacker and then destroyed .

Some attackers destroy information and then attempt to extort the company to hire them to recover the information. However, most companies are unwilling to pay for information that is acquired through illegal methods. Blackmailing the company from which the information was stolen is rarely successful, even when the blackmail is in the form of returning to the company as a consultant.

Other attacks are just malicious destruction.

Washington Leung, a former employee in the Human Resources department at Marsh Inc., an insurance company located in Manhattan, was sentenced to 18 months in prison for illegally accessing a protected computer without authorization and deleting approximately 950 files relating to employee compensation.

His sentence was based on his abuse of the trust that Marsh Inc. placed in him by "giving him access to passwords other employees were not privy to." He used a password belonging to another employee at Marsh to obtain unauthorized access to Marsh's computer database and deleted approximately 800 files relating to the compensation of managing directors at Marsh and approximately 150 files relating to compensation of other Marsh employees .

Leung was also ordered to pay $91,814.68 in restitution to Marsh Inc. [69]

[69] "U.S. Sentences Computer Operator for Breaking into Ex-Employer's Database," U.S. Department of Justice Press Release , 27 March 2002.

I l @ ve RuBoard

Previous page
Table of content
Next page
Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210
Authors: Donald L. Pipkin
BUY ON AMAZON
Building Web Applications with UML (2nd Edition)
C & Data Structures (Charles River Media Computer Engineering)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Mapping Hacks: Tips & Tools for Electronic Cartography
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy