Slashdot Mirror
Phishers Face Jail Time Under New U.S. Bill
An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
Anyone else find that a bit scary? People with parody sites should be probably be worried a little.
I hope I don't get arrested for phishing in the wardrobe after a night out.
liqbase
Assuming it works and is enforceable, of course. I think phishing is a pretty low way to live your life - preying on the gullible. Been done for thousands of years, true, but taking advantage of people is no way to live your life IMO.
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
The Phish stocks in all oceans around the world have reached dangerously low levels
Timo's Audio Software http://www.esseraudio.com
Congress is all over it. Now the problem is sure to be solved. :-/
I'm afraid that this lip service will once again make the general public think this will solve the problem. Nope. It may slow down folks within the US borders, but we all know the true result of bills like this. It just won't work.
There are no loopholes. It's either legal or it's not.
This one will join CANSPAM in the Legislative Hall of Fame under the necessary but useless category.
Uh oh! Does this mean they are going to jail Prince Ombutu Nagala of Nigeria? He was going to split $28M with me!!!!!!!!1
Allow us to create online mobs.
some of us white hats and come grey hats are pissed at these scumbags, give us the ability to go after them with our skillz.
let me take down that server, swipe their domain name, dig in and find who they are and utterly destroy their credit, or better yet have fun listing them as convicted child pornographers and other things.
Let me use my 'Uber Skillz' and my phat beyotchin' and fly laptop to bring them to my own flava of justice.
WORD!
I'm glad to see that phishing is being taken seriously! Just because it happens on the internet, doesn't mean it's not as serious as any other type of scam.
Not a bad thing, but I think actual fraud or clear intent should have to be proven. Opportunity and unproven intent should not be weigh beyond a reasonable doubt.
"Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
Please explain why. New laws suck. 99% of the time the old existing laws are completely capable of handling the problem... just enforce the laws we have.
From exisitng conspiracy to commit fraud crimes?
Why do we need a new law when an existing one will do?
Senator Leahy is engaged in a legislative battle against online scammers, and he needs your support. If you would like to help, click on this link. To ensure that you are a registered voter, you will be asked to verify your name, address, and social security number. You may then make a donation online, right from your checking account!
Evil is the money of root.
I already start up an app to poison their databases every time I get one ofthose paypal,ebay or lately, the yahoo greeting card phishing scams.
point a particular java app at the url and let her fly filling in all the form fields over and over and over again with what looks like real but is generated from files crap.
if the asshats have to sift through 300 bad records to find something useable, at least I slowed them down a bit.
If more people in the know did this to them instead of the worthless action of reporting them it would make a bigger impact. the last one I reported to ebay was still up days later. My second alert to ebay was responded with "we cant deal with them all, go away" but in nicer words.
Do not look at laser with remaining good eye.
Aren't these penalties similar to the CAN-SPAM Act?
Umm.... isn't phishing far more malicious than spamming?
Doesn't seem right to me...
just so long as they leave my free ipod scam alone...
I've not read the bill (only this article), but I wonder if this could be used to prosecute other internet low-life that try to gather personal data for purposes not sanctioned by the submitter of the information. And taking over someone's computer without their knowledge would certainly seem to be a type of fraud under this bill.
Two wrongs don't make a right, but three lefts do.
As a new federal law called "The Anti-Phishing Act of 2005" is being pushed by the U.S. legislative, hackers everywhere celebrate their victory over the English language.
."0ur n3x7 74rg47z 4r3 "h4x0r", "l337" 4nd "pwn3d". 0ur l0bbj gr0up iz z7r0ng, 4nd w3 b3li3v3 d4j will 4lz0 b3 in7r0duc3d bj d4 3nd 0ph d4 j34r."
"W3 pl4n 2 in7r0duc3 z00n 0d4r l337 w0rdz in d4 c0n73mp0r4n v0c4bul4rj", said the appointed speaker for the "H4x0rz" community, who prefers to remain anonymous
Just
This is a first shot across the bow. The bill will probably undgergo substantial debate and amendment as it moves through Congress, but I expect this has a chance to become law.
I've met Sen. Leahy. He's an old-school Vermont Democrat who's held pretty much every state-level elected office except governor and lieutenant governor. I've had a couple of e-mail exchanges with him on CAN-SPAM. When that law first passed, he was cautiously backing it as a reasonable first step. He's realized lately, however, that it's been largely ineffective. The anti-phishing bill is his first real leading charge at cyber-scamming and it reflects some of his earlier frustration with Congress's inability to deal effectively with Internet issues.
(Or much else, in many people's opinion.)
Leahy ruffled some feathers in the online community by supporting RIAA-sponsored legislation on copyrights. It's possible this is a canny political attempt to balance the books a bit. Then again, he's a decent guy with 80% support in a state that's 33% Republican. Even in the minority, he's got a lot of clout. On this issue he'll probably get bi-partisan support, so it's likely this bill will, in some form, eventualy become law.
Besides, anyone high on Dick Cheney's hate list can't be all bad.
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
Are most if not nearly all perps of this this non US based? Last time I looked, the scammers were mostly from Nigeria right?
Of course, whether they will become involved or not is subject to debate.
That kind of response to law enforcement pisses me off. No, the crime is not "creating a website," any more than lying to people on the phone to get bank details and then emptying their bank account is the crime of "talking to people on the phone."
Evil is the money of root.
Apparently Patrick Leahy is ignoring just how easy it is to move phishing opperations off shore. This looks more like a means to keep Leahy in the news rather than an effective crime-fighting law. In the horse and buggy days people learned not to walk right behind a horse unless willing to get kicked. When automobiles came out everyone learned to look both ways before crossing the street. As any new technology appears, a new set of safety rules comes with it, and each individual needs to learn the new rules. Many institutions are busy educating their users and now law is needed to force them to do this as it is already in their best interest.
How many of you have actually traced down an IP address to find its origin? I know I'm not the only one. The first thing you find out is that the IP address is registered in Latin America or some other part of the world where we have no jurisdiction. The second thing you find out is that there is no way to do anything about their perceived illegal activities. I say perceived, because it may be un-legislated activity where they come from.
I say all of this because I don't think there's a single thing we can do to prevent those outside our country from doing this over and over and over again.
Practically useless, if you ask me.
Now accepting PayPal donations!
Phishers should have a protected right to steal information from people.
If you're dumb enough to give it up, you're dumb enough to learn a harsh lesson.
That's what I say.
Exactly. I'd give this an insightful mod, but I've already posted in this topic. Somebody pat wingspan on the back for me, please. :)
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
Considering the unqualified success the CAN-SPAM Act has been, successfully vanquishing 100% of all unsolicited commercial email since its passage, I cannot wait for Congress to completely eliminate phishing as well.
Now I understand why they wanted to railroad the controversial Computer Implemented Inventions directive during the Council of Agriculture and Fisheries!.
Hey, if somebody patents phishing as a business method, we'll be able to SLAPP all phishers for patent infringment!
Isn't there already a law that can be applied? Doesn't this basically amount to fraud or something? I think the biggest problem with Phishing is that it's a little hard to track down who is doing it. If you know who's doing it, you can easily arrest them. The problem is, is that mostly these phishers try to remain anonymous, and probably don't have their operations set up in the US.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I say, leave the phishers alone. Maybe if the stupid people who give up their personal information, account IDs and passwords at the slightest provocation get fleeced often enough, they'll stop using the internet entirely-- thus increasing the collective IQ of the remaining internet users by a few points.
AOL dropping Usenet and finally bringing September of 1993 to an end was just the first step in returning the internet to the clueful.
Let's get the naive idiots off the net and back in front of the Three Card Monte tables where they belong, thus freeing up more bandwidth for us to discuss who was the better captain, Picard or Kirk.
What's the catch?
"Life has improved immeasurably since I have been forced to stop taking it seriously." - Hunter S. Thompson
The sooner people accept responsibility for their own lives and their own personal information, the sooner people realise that with every Bill or Law that gets passed, the more they hand over the controls of their lives to the nanny state.
If the stupid people can't be bothered to protect their private information, if they can't simply delete emails they don't 100% trust the source of, if they can't invest in a paper shredder, if they believe all those glossy adverts about the security of their chosen operating system, then more fool them.
But please don't let us smart people also lose our personal liberties as a result of their stupidity.
No phishing scam has ever got me and they never will.
Gentoo Linux - another day, another USE flag.
Mandate standardized intelligence testing, and prohibit anyone who scores below a certain level from using the net.
Make sure there are some questions on there about how to properly maintain a Windows box so it doesn't get pwn3d, too.
I don't get some of these phishing guys. Just got this in my inbox. Sure, there are some phishes that look believable but are the phishers really as stupid as the people that click on them? Would anyone who'd create a brain-dead phish like this one actually be afraid of jail time and/or a fine?
--
Subject: E-gold secutity patchHBhdGNo
Dear E-gold user, we receive many complaints concerning unsunctioned taking the money
off the balance of our users recently, thus we earnestly ask you to install the
following service-pack onto your Personal Computer.
- This innovation blocks all known Trojans which let take the money off your account
without your consent. We earnestly ask you to install this service-pack in order
to keep your money safe and sound.
- In case of the lost of your money, E-gold *DOES NOT* bear any responsibility if the
service-pack had not been installed on your computer before.
- The installation archivated file of the service-pack is attached to this letter.
Is it just me or is doing something illegal in the cyber-world more dangerous than the real world? How is it possible that I get more jail time for cracking into and defacing a web page than I'd get for shooting someone?
For our 'cyber-laws' we should be taking precidence from our existing laws. Instead of levying new fines for phishing, add this definition onto our current fraud and identity theft laws. Instead of creating crazy fines for spammers (although I want to see them pay just like everyone else) and model the punishments similarly to the do-no-call lists?
Law-makers don't see the internet as an extension of the physical world, and in term of law it should be seen in this light. Extend Current laws, don't make them up in a flight of fancy.
"Engineers do the work of man, Physicists do the work of God"
Surely we will be safe with all these new laws to protect us.
(sarcasm)
My other first post is car post.
The Nigerian scam is based in Nigeria. [Strangely enough]
But a lot of the fake websites for bank logins are only hosted outside the US.
The domain names and holders are located in the US. Just like most spammers are based in the US but use servers hosted in other countries.
I do not think that it matters if a person commiting a crime in the US is based in another country.
IANAL, but what if I hired a hit man to kill someone in the US while living in Germany?
Could I get away with it?
I think that you just have to have enough proof of a crime being commited in the US and then issue an international warrant for arrest and extradition.
The nature of the internet being borderless, at least for now, makes it interesting how the law will be applied in such cases.
But I am far more concerned that laws like this could be abused to restrict free speach online.
I hope EFF and others are picking over this to make sure that it is not be the case.
watashi wa bengoshi dewa arimasen!
Small theives have laws against them. Big theives have laws that regulate them. Really big theives have laws for them.
Give a man a phish, and he'll not starve that
day. But teach a man to phish, and he'll never
starve again (in prison).
Pardon my ignorance...but I took a look at that link. While I wouldn't use it myself, it does seem plausible. Is it real?
Evil is the money of root.
Nuclear disaster fine: $60,000
Phishing fine: $250,000
It's cheaper to poison people with radiation and then take their credit card #'s then it is to trick them into giving you their credit card #'s.
stuff |
I'm having a crappy day, so I'm being very cynical. Things like this are getting on my nerves. This bill in introduced. How many bills are introduced each day - about 50? How many get passed on average - about 0? How many phishers are going "Oh my God! There's a bill introduced to Congress that could punish me if it were ever passed but it won't be so it won't ever have any effect on me, therefore I should stop phishing!"
Call me when Congress actually passes a law that isn't immediately overturned by the Supreme Court.
The previous comment is purposely vague and generalized, but all of the facts are completely true.
Does this mean phishing is perfectly legal in the U.S. until specific legislation is passed against it?
http://erichsieht.wordpress.com/category/english/
Not that many people watched the Bassmaster's Cup anyway.
The Peanut Gallery, Ubergeek, Biblically Sober
NCAAbbs.com: Thousands of fans, Hundreds of teams, Just one place
I think it's fasctinating how "hacker" terminology has entered the mainstream, making it all the way up to the highest levels of government. Granted, the bill in question is dealing with a highly technical topic, but still I'm amazed that the acronym junkies in the Capitol basement didn't come up with a more governmentesque term for phishing.
So far, we've got Spam, Phishing, anybody recall other techno-terms that have made it into the government lexicon?
Presumably, therefore, credit card fraud in the future will not only require the obtaining of a credit card by fraudulent means but also some kind of hardware hack to use a cloned card.
Does that mean there could be a new crime of "phish and chipping"?
I'll get my coat...
Gentoo Linux - another day, another USE flag.
How is the US Goverment going to press charges when its occuring out of its jurisdiction?
Just my 2c...
- Think for yourself, question authority.-
I'm not sure if the bigger trial has finished for those other news people who are refusing to give up their sources names.. if not then it's up to that higher court to decide.
Interesting how a technological twist/addendum on an old crime, The Con, requires a new set of laws in order to deal with it... One wonders just how much Justice depends on one's choice of impliment.
"Your honour, my client was simply excerising his right to patch a smartbridge with a parabolic mirror backended to a duct-tape cooled web server. Until the law specifies THAT as a criminal, we'll be on our way."
If it looks like a Con, smells like a Con, but uses some new technology, is it not still a Con? Or do we need new laws to tell it, in fact, really IS a Con? Meh.
So I express an opinion within several minutes of other people who express a similar opinion, and that's "redundant." Twice. Got it.
Evil is the money of root.
a democrat created this bill. So how long will it be before the current administration appoints the worst of the phishers to the department of homeland security?
Anti-phishing Act of 2005 (Introduced in Senate)
.
.
S 472 IS
109th CONGRESS
1st Session
S. 472
To criminalize Internet scams involving fraudulently obtaining personal information, commonly known as phishing
IN THE SENATE OF THE UNITED STATES
February 28, 2005
Mr. LEAHY introduced the following bill; which was read twice and referred to the Committee on the Judiciary
A BILL
To criminalize Internet scams involving fraudulently obtaining personal information, commonly known as phishing
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the `Anti-phishing Act of 2005'.
SEC. 2. FINDINGS.
Congress finds the following:
(1) American society is increasingly dependent on the Internet for communications, entertainment, commerce, and banking.
(2) For the Internet to reach its full potential in these and other respects, it must continue to be a trustworthy medium. This means, for example, that Internet users should be able to trust the stated origin of Internet communications and the stated destination of Internet hyperlinks.
(3) Internet users are increasingly subjected to scams based on misleading or false communications that trick the user into sending money, or trick the user into revealing enough information to enable various forms of identify theft that result in financial loss.
(4) One class of such scams, called `phishing' , uses false e-mail return addresses, stolen graphics, stylistic imitation, misleading or disguised hyperlinks, so-called `social engineering', and other artifices to trick users into revealing personally identifiable information. After obtaining this information, the `phisher' then uses the information to create unlawful identification documents and/or to unlawfully obtain money or property.
(5) These crimes victimize not only the individuals whose information is stolen, but the entire online community, including millions of people who rely on the integrity of the Internet's system of addresses and hyperlinks.
SEC. 3. CRIMINAL OFFENSE.
(a) In General- Chapter 63 of title 18, United States Code, is amended by adding at the end the following:
`Sec. 1351. Internet fraud
`(a) Website- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft--
`(1) creates or procures the creation of a website or domain name that represents itself as a legitimate online business, without the authority or approval of the registered owner of the actual website or domain name of the legitimate online business; and
`(2) uses that website or domain name to induce, request, ask, or solicit any person to transmit, submit, or provide any means of identification to another;
shall be fined under this title or imprisoned up to 5 years, or both.
`(b) Messenger- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft sends any electronic mail message that--
`(1) falsely represents itself as being sent by a legitimate online business;
`(2) includes an Internet information location tool that refers or links users to an online location on the World Wide Web that falsely purports to belong to or be associated with such legitimate online business; and
`(3) induces, requests, asks, or solicits a recipient of the electronic mail message directly or indirectly to provide, submit, or relate any means of identification to another;
shall be fined under this title or imprisoned up to 5 years, or both.
`(c) Definitions- In
Don't blame me; I'm never given mod points.
I thought that fraud was already a criminal offense...
perhaps i'm mistaken, but tricking someone by impersonating something has been going on for years, just because it happens online the law can't touch them?
Is there anything the Internet cannot do?
Join the Digital TV discussion @ http://forums.dvbowners.com
If it doesn't help businesses, it will never pass.
And businesses like to fish in some form.
After all how can they market anything to the consumer w/o knowing they bank ballance to the last penny.
Brian
Been said already here I know but if people are stupid enough to fall for phishing attacks then they deserve what they get.
And who sets up these fake web sites in America ? NO ONE. They are all in China, Russian, Thailand etc. Pointless stupid nanny-state law to look 'tough' on cyber criminals. What a joke.
There is an occasional phishing-like variation where the boys from Lagos want your bank details to try and clean out the account, but the normal MO is to ask you to send money to them.
When I am king, you will be first against the wall.
Is Slashdot planning on ever fixing the flag? It's been missing a red stripe forever.
Gamingmuseum.com: Give your 3D accelerator a rest.
great now do something about those 419 scammers and maybe you'll put a small dent in online fraud. support 419eaters.com if you haven't already stopped by. These guys are doing a great job reversing the scam on these nigerian fraudsters. Some funny stories in the forum as well
I ran across a phishing site on a client's system while cleaning it up. The HOSTS file had 6 entries in it, redirecting any requests for 5 British banks and one Brazilan banco, to a IP at EV1.net. I busted my ass in a effort to get EV1.net's support team and administrative suits to pull the IP, but all I got was canned replies: "Forward the information to the abuse department". So I did so.
Two weeks passed, and EV1.net did not take any action whatsoever. So, I sent the report to the big Brit banks, which included The Bank of England, Barclays, and the legendary Lloyds. I got immediate replies, personal ones, NOT canned, that they would immediately take legal action agianst the offending CSP.
I checked the IP shortly after receiving the replies and got a DNS error.
It seems to me that EV1.net, which is based in Houston, has merc tendencies when it comes to site hosting.
First rule of holes; When in one, stop digging.
Funding training for law enforcement so that they know how to pursue and prosecute these people under the laws they're already breaking instead? Or possibly establishing a single federal agency that would serve as a single point of contact for all Internet crime?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is low-life criminal behavior with clear malicious intent. 5 years and $250,000 is not enough for this kind of scum.
A community-oriented lyrics site
Similarly, law enforcement get confessions sometimes on the basis of misrepresenting what they know or what they can do. And, of course, when they go undercover.
Seems to me these are all variations on a similar theme. If it is to be made illegal for certain forms (on the internet) and for certain people (phishers), it should be illegal for all other forms and people as well. Since undercover police and fbi work will never be outlawed, I think this bill should not be allowed either.
I have an idea - lets protect the data. Give people privacy rights in their own data under certain circumstances. Let us start with the SSN, for example, let's rename it the PTIN (Personal Tax Identification Number), since that is what it is, and pass a federal statute that limits it's use for tax purposes (which the social security tax is), and disallow any business, school, or other party to ask for it unless they have a valid reason (as in they need to report taxable income on a person).
This will do wonders at shutting down all the filipino and chinese phishing sites I've seen.
One thing to watch out for though is that this law might be abused by those claiming against parody sites. A parody site would have a similar look+feel (or heck, perhaps just a similar URL), but obviously a different focus/content. Now if there were a login option on the parody site, the primary site might be able to claim they were phishing for usernames/passwords...
Just this past week I received the same phishing email (fake Key Bank login) 5 days in a row. I was surprised the site was able to stay up for so long. Who does one report this type of thing to? the FBI? the Secret Service? the FCC?? There needs to be some sort of clear statement on this from the government.
when you mock legislation saying it is useless, consider what people said when the republicans passed the XIII, XIV and XV amendments. They didnt have teeth at the time but how often do you hear about black citizens, blacks right to vote or even equal protection these days?
The war with islam is a war on the beast
The war on terror is a war for peace
This is bullshit. If police see a phishing site, then they can monitor it. Sure, it may be legal to put up such a site and collect credit card numbers as long as you don't use that data, but the odds are that someone with such a site is going to use the data they collect to commit a crime.
The cops may not be able to make an arrest based only on the existance of a phishing site, but they can be on that person like white on rice.
It also may be legal to walk the streets in summertime wearing a black ski-mask and carrying a large duffel bag, but it would be reasonable to expect the cops to be watching such a suspicious individual.
Interesting article about a growing anti-phishing industry. They note strange temporal patterns, IPs that read official sites, but dont log in. They use "honeypot" accounts to capture phishers.
Isn't this just fraud? Don't existing laws cover this?
I'm all for prosecuting these types of folks, but creating more laws equates to spending more taxpayer $$.
> The nature of the internet being borderless, at least for now, makes it interesting how the law will be applied in such cases.
:)
The law, at least as far as I understand what was described in the article, has to do with this sequence of events:
- Phisher builds website purporting to be US bank / US company, but is obviously not
- Phisher site captures sensitive customer information purported to be from that US bank / US company
- Since the victims of that crime are alleged to be customers of US bank / US company, that means the US bank / company can sue whoever it was, wherever they live in the world, since that is against the law of the land where that company is located. (the US.)
I think it's a good first step, but surely there must be international law dealing with international fraud that doesn't need to be tampered with to take these unscrupulous idiots to court over it. I have a feeling that international law may have much higher thresholds (ie: theft over $10,000 or something like that) which might make the international law route less appealing to the likes of CitiBank / Washington Mutual.
The faster they shut these idiots down the better, though, so law / bills are not really what I would go for. But hey: whatever works.
ad
Because I can! [Brainrub.com]
Too many phishers out there these days. Introducing laws like will make phishers think twice before they do anything.
drunk driving
I have no problem adding to a sentence if the driver is drunk. But if they haven't harmed anyone or damaged any property, I find it hard to justify a punishment.
So you're saying, that if someone is driving five times over the limit, and doesn't crash or kill anyone, then it should be completely legal? Are you some kind of idiot? Do you realise what sort of carnage it would cause, how many people would be killed, if drink-driving was legalised? Are you saying we should let countless people be killed just so people have the right to drive drunk?
As for the new phishing law, if someone puts up a fake-website to collect people's details for the purpose of defrauding them, stealing their life-savings or getting them into untold debt, how can any sane person have any objection to it being an imprisonable offence? I've heard some crap on slashdot. I can put up with people justifying copyright-infringement, I can put up with people complaining about the same laws that apply to non-Internet services being applied to the Internet, but this takes the fucking biscuit. Your argument makes absolutely no sense. You're a fucking idiot. Jesus Christ. Please tell me this is a troll?
Most of the time, the perps are organized crime from all over the planet. That some of the scams actually reside in Nigeria is both a coincidence and part of the plan -- the perps lure you there to make the transaction, and then up the "buy-in" price in person. Of course, by that time, you've already spent thousands to get there, you're in a strange land far from home with no protections -- might as well follow through with the deal and get out as fast as possible, eh?
See Wikipedia's Advance Fee Fraud webpage for more info.
Rule #1 -- Politics always trumps technology.
> Assuming it works and is enforceable, of course.
I second that notion. Right now, I can count four unsecured wireless access points available in my domestic complex, with the manufacturer's default password still intact. Some of them have a Static IPs. All of them let me set a DMZ of my choice. What is to prevent me from telling the wireless AP that my computer should be DMZ by default? What is to prevent me from running a faux Ebay/PayPal/WaMu site from my neighbour's now-hijacked connection? Law Enforcement personnel would be hard pressed to get search warrants covering *every* resident in the complex, not to mention that the presence of vast sub-basements for our gym, racquetball court, and maintenance tunnels leave plenty of nooks and crannies to physically place the server without fear of accidental discovery.
Solomon Chang
"Twice half-assed makes an ass whole." --Solomon K. Chang
"Maaaaan, this music sucks!"
... just like the CAN-SPAM act got rid of anonymous and deceptive spam.
Legislation is one thing, enforcement is another. It's good when new legislation doesn't attempt to duplicate existing legislation.
But when dealing with criminals (and there's pretty much no other use for phishing), the sheer number of extra laws broken doesn't matter once that number is at least 1.
For example, I'm not aware of any attempted assault statutes. If I attempt to punch you in the face, trip, fall, hurt myself, and leave, I'm not on the hook for a crime. If I actually do hit you, it's assault.
So to me it sounds like that's what theya re doing here, making phishing, which is the attempt to do a number of crimes, a crime.
- Phisher builds website purporting to be US bank / US company, but is obviously not
This was illegally before the bill. It's has a name. It's called "fraud," as in felony, as in prison, extra large anus time.
The issue is in enforcement, not law.
C//
But here in Arizona murder 2 carries a minimum sentence of 10 years to life (maximum of 22 to life). Murder 1 is life no parole, or the needle depending on the circumstances. That would be quite a bit more than this statute proposes.
Also realise they say "up to" 5 years. What that means is that 5 years is the statutory maximum. So you cannot be sentenced to more than 5 years for a single offence. Now realisticly, most peopel will get less. Laws are delibratly designed with leeway. For a given class of offence there is a range of sentences a person can be given. That allows the judge to consider the circumstances of a case. Also, part of a sentence can be served on probation (ie instead of being sentenced to three years in prison someone could be sentenced to a year in prison and 2 of probation) .
(3) Internet users are increasingly subjected to scams based on misleading or false communications that trick the user into sending money, or trick the user into revealing enough information to enable various forms of identify theft that result in financial loss.
That can easily be re-written as:
American citizens are increasingly subjected to scams based on misleading or false communications and advertising that trick the consumer into buying ("hype"), or revealing personal information that gives corporations an unfair advantage to manipulate them in the future ("membership cards"), resulting in financial loss.
Why doesn't Senator Leahy do something about that?
Americans are defrauded every day, in broad daylight and even in national media, by corporate profiteers and even their own government which can't come clean about their motives. In 2003, for instance, the Clorox Company had a national TV campaign intended to mislead consumers into thinking that ONLY their brand of 5% sodium hypochlorite solution is capable of killing germs.
Where was Senator Leahy's heroic legislative effort then, to pre-emptively prevent the Clorox Company from defrauding consumers in advance of the actual fraudulent act?
Unfortunately this will do little...
Phishing even works (still) via snail mail-- a couple around here were just taken by the Nigerian Scam letter for $1700.00
I couldn't imagine that there were people actually taken by that nonsense-- until it was on the front page of the local paper.