The Long Arm of Microsoft

eldavojohn writes "Software giant Microsoft is helping the law track down and find phishers and political borders are no boundary for them. From the article, 'One court case in Turkey has already led to a 2.5-year prison sentence for a so-called "phisher" in Turkey, and another four cases against teenagers have been settled out of court, Microsoft said on Wednesday, eight months after it announced the launch of a Global Phishing Enforcement Initiative in March.' This initiative started back in March and has resulted in 129 lawsuits in Europe & the Middle East. Perhaps their legions of lawyers will come to some use for the rest of us but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."

Torn

[eldavojohn]

I'm really personally torn on this. I mean, on one hand, I hate spam and I hate all kinds of computer related scams. I feel that a lot of good ideas (like e-mail) risk death at the hands of these attacks. That said, I welcome all efforts to take care of this.

However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters. But what I fear is that local police just don't have the time and resources to track these guys down. And, on top of that, law enforcement here in the states might find an illegal or rogue server in another country and have no way within their jurisdiction to follow the case across the boarders. That and in some locations, cops are crooked or they don't see the problem of phishing to have any tangible victims.

So while there's a lot of good reasons for Microsoft to do this, I still feel a tiny bit afraid that an already very powerful company is becoming a lot more powerful by gaining international recognition as a crime buster.

So, if you'll entertain me and let my tin-foil hat imagination run wild for a second, say that BitTorrent becomes illegal to use under some country X's laws. Now, I live in country Y (across the world) and I use BitTorrent to retrieve Linux DVD distro images. Microsoft somehow monitors this through my operating system and brings a trial against me in country X. I don't even live there but now I have to go there and defend a lawsuit in that country? That would be a horrible outcome.

Another fear of mine has already occurred ... that Microsoft offers out of court settlements from these individuals & personally profits from them. I would assume that amount is trivial to Microsoft & I would want Microsoft to punish these people to the extent of the law where they live. It would also be nice to see Microsoft turn around and donate any money earned towards anti-phishing and anti-spam initiatives.

In the end, I really don't think this is the answer to the problem of spam & phishing. I submitted this story in hopes that there'd be some good debate about where the responsibilities of stopping phishing attacks should lie.

Re:Torn

[Tod+DeBie]

Microsoft somehow monitors this through my operating system and brings a trial against me in country X. I don't even live there but now I have to go there and defend a lawsuit in that country?

These are criminal trials we are talking about here. Microsoft is simply providing evidence of fraud to the police, and I can't see any way that this is a bad thing.

If Microsoft wanted to bring a civil case against you in any country, they could do it whether or not they are helping the police gather evidence for criminal cases.

Re:Torn

[WhatAmIDoingHere]

You say you're worried about a large company getting more power, yet you want to give more spying tools to the GOVERNMENT?

You claim to wear a tin-foil hat...

Re:Torn

[flyingsquid]

I think what people are really torn about is that (1) people really, really loathe spammers and phishers, and want to see them lose(2) people really, really loathe Microsoft, and don't want to see them win... so who do we root for? It's like the tagline for Alien vs. Predator: "No matter who wins, we all lose". Is there an option 3, where both Microsoft and phishers lose?

Re:Torn

[SkunkPussy]

No if you RTFA you will see that microsoft assists law enforcement with what it deems to be criminal cases, whereas what it deems to be "teenage hackers" it brings civil cases, and it seems from the article that many of these settle out of court.

As far as I am concerned this is vigilante justice. Just as citizens have no business enforcing the law, neither do coporations.

Microsoft's actions are the equivalent of citizens beating up paedophiles. Whether or not its for a good cause it is completely unacceptable behaviour.

Re:Torn

[endeavour31]

Vigilante justice refers to private citizens making up and enforcing their own law. Microsoft is working within the legal system of each country to bring this about. You are off base here.

If you object to MS getting involved at all, fine. I think for once MS is showing some decent behaviour in criminally targetting large scammers and just slapping down dumb teenagers.

Isn't this the company which everyone derides for NOT playing by legal rules? Now you are unhappy when they do and even show some restraint? /. does not need to invent the devil - - it has already found one.

Political boarders?

I'm GLAD Microsoft is going after phishers. What these people are doing is fraud. This is nothing at all like the MPAA/RIAA using extortionary tactics to go after low level copyright infringement.

Re:Political boarders?

[eldavojohn]

What these people are doing is fraud.

Well, that's what we hope they're guilty of doing. How many teenagers do you know that set up and run phishing sites by themselves? Sounds like these are kids taking the fall for other people.

This is nothing at all like the MPAA/RIAA using extortionary tactics to go after low level copyright infringement.

It's the phrase "teenagers settling out of court" that worries me. It's not necessarily that their motives are impure just that their tactics are kind of dirty. As in, we-probably-can't-pin-this-on-you-so-we'll-force-y ou-to-settle-out-of-court. I really don't like that, if you bring a suit against someone in the name of the public, I'd like it to be seen through to the end even if the person doesn't have the money for the lawyers (another possible problem with this prosecution).

Re:Political boarders?

[geekoid]

You don't have a problem with corporation acting as law enforcement?

I sure as hell do.

Re:Political boarders?

[russotto]

Exactly. By bringing a civil suit for EU2000, MS can essentially act as accusor and judge. There's no way the teenager (guilty or otherwise) can afford to fight it, and even if they can, it'll cost them more than EU2000 for a defense. So they're punished just because Microsoft makes them a target, and no objective examination of the evidence is ever made.

It's also hard to see how one could be a phisher _without_ criminal intent, so I question what Microsoft is really up to here.

One Microsoft Way

[Doc+Ruby]

When Microsoft has made itself "indispensible" to the world's (mostly underfunded) police the way it's made itself "indispensible" to the world's businesses, Microsoft will have more power to get the world's police "see things it's way". That means prioritizing, say, software piracy over, say, security holes. The cops in the street won't have much to say about the priorities, but their bosses at the top of their national law enforcement will "rebalance" their priorities to accommodate Microsoft's roles in their budgets and operations.

It's like bottom-up lobbying. Where our rights meet the people who protect them. Brought to you by Microsoft.

Re:One Microsoft Way

[foobsr]

Microsoft will have more power to get the world's police "see things it's way".

In my days, this was called legislative power.

CC.

Re:One Microsoft Way

[Doc+Ruby]

Suing people is one thing. Direct operational work with the police, like the RIAA/MPAA raids to which the summary referred, is quite another thing. A bad thing. It starts to put some of the government's power to arrest into the hands of corporations. Which governments have already done with the RIAA/MPAA.

It's not Microsoft's job to "fight crime", not in person. It can fight crime by suing, by offering technical support to police investigations, expert witnesses. Most importantly, by closing security holes (before widespread releases), which Microsoft is not doing enough.

That's not "sci-fi". Those are the facts. The facts about fascism. I shouldn't have to warn a Spaniard about fascism, as your country was officially fascist until only 30 years ago. But this is the warning. I'm just the messenger.

Re:One Microsoft Way

[Doc+Ruby]

In my days, we call corporate operations of goverment offices "fascism".

Phishers a parallel with P2P? Give me a break.

[ergo98]

Most of the cases were Microsoft simply providing evidence to local authorities, who themselves prosecute the scumbags. In the small number of cases where Microsoft is directly taking action (on behalf of little-guy victims everywhere), I'm actually surprised it isn't Citibank and other colossals pummeling these dirtbags into the ground.

Comparing this to the RIAA cases? Give me a break. That's like comparing a rapist with someone taking a second glance at someone they find attractive.

Re:Phishers a parallel with P2P? Give me a break.

[charlesbakerharris]

I apologize for not blindly accepting this story as complete 100% truth. Forgive my skepticism.

Maybe next time you want someone to take you seriously, you shouldn't compare downloading music to phishing, because that's the sort of thing that makes people think you're either too stupid to realize the difference, or simply resorting to grandstanding in order to try to make people think you're far more clever than you actually are.

Just a thought.

Re:Phishers a parallel with P2P? Give me a break.

[ergo98]

To expand upon my prior response a bit:

How many teenagers are capable of setting up phishing scams?

Are you kidding? Teenagers are capable of quite a lot you know, and teenagers are absolutely capable of criminal actions, especially when it's nothing more than sending out some emails against a template site: This really isn't the pinnacle of criminal enterprises.

if you can provide some first party accounts of every case, I'll gladly consider myself a dumbass for using that comparison in the submission

Your comparison was cheap and utterly clichéd: You were hoping to slingshot off the negative vibes towards Microsoft, using the booster-pack of the RIAA hate, so you're surprised that there's not a chorus singing with you about how these people just must be innocent because the tactic is superficially like the RIAA (though in any way that matters they're entirely unlike it, such as the fact that Microsoft is most certainly spending more money on phone calls for each case than they're asking in "damages"), and Microsoft is involved.

Sorry if we don't play along.

No..

[LilWolf]

teenagers settling out of court? That reeks of RIAA/MPAA tactics to me.

No, it only shows that teenagers do all sorts of things online, including copyright infringement and phishing. Or are you saying that teenagers shouldn't be tried under the laws of the country?

Throw the book at them

[Tod+DeBie]

...but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me.

These teenagers are phishing; they are attemtping to defraud others of their money. This is not low level copyright violation. IMO they should have to do some time for it.

Re:Throw the book at them

[geekoid]

FIrst off, how do you know they were phishing? I think his point was that they may ahve been accused of it and it was just cheaper to settle out of court then to defend themselves.

They are not guilty until a court says so.

Also, Jail is a bad place to put a teenager, and it is counter productive for society. It si better to give them a on jail sentence, and then remove it from there record after it has been served. Too many kids do stupid things just because they are kids. It does society no good to let a stupid act ruin someones future.

I did something stupid with computers in the 80's. If I ahd gone to fail I can't imagine I wuld be able to get a job today that pays well, and it turn puts more taxes into the system.

And please do not rebut with "so if they killed someone..." argument. We are talking about a non violent crime here. Keep it in proportion.

Finally, most 'evidence' of this nature points to an ip address, not a person. Something that must be dealt with carefully.

The war on tactics

[Sloppy]

That reeks of RIAA/MPAA tactics to me.

Uh oh, we certainly wouldn't want people working for good (in this case), to learn tactics from bad guys!

This isn't the RIAA

[spiritraveller]

While criminal complaints are aimed at what Microsoft believes to be real criminals, the civil lawsuits are aimed mainly at young people without criminal intent. For them, settlements of 1,000 to 2,000 euros ($1,290-$2,570) are deemed to be enough of a deterrent, Microsoft said.

Those are much smaller settlements than the RIAA is asking for, and I dare say that they either don't cover, or barely cover the legal fees that Microsoft incurs from these actions.

This doesn't look at all like the kind of profit-making enterprise the RIAA is engaging in. Rather, it looks like MS is trying to deter criminals and criminals-in-training from ripping people off.

Of course, they are doing it for their own business reasons. It makes them look bad when people get scammed because of security vulnerabilities in IE. But I don't see how you can draw an evil motivation out of it.

You must be kidding ??

[AftanGustur]

However, I would be a lot happier if the law took care of this. You know, if Microsoft would give every police district across the world free software, tools and maybe even hardware to catch these guys, that would be the safest route--leave it to the law to take care of these matters.

The issue at hand is identity theft, the police won't prosecute for crimes like this any more than if someone searched through your garbage looking for personal information. The victim has to bring the case himself.

I have absolutely zero problem with Microsoft filing suit against those phishers.

Not To Me

[Nom+du+Keyboard]

That reeks of RIAA/MPAA tactics to me.

Not to me. Filesharing doesn't impact me personally, nor likely the poor starving recording artists who aren't going to get their money whether or not the RIAA and the record companies actually collect it.

Pishing crimes are far worse on my personal scale of the sewer that the Internet has become, and anything that makes those criminals suffer is a Good Thing.

Much as I dislike M$.....

[8127972]

.... I have to admit that when it comes to crime, they done a few good things for the universe. The best thing I can think of is besides the topics covered in this article CETS which is a Microsoft designed product to fight child pron/exploitation.

http://www.rcmp-grc.gc.ca/news/2005/n_0510_e.htm

Before we go bashing M$, maybe we should at least give an "attaboy" as they occasionally do good.

Re:Your PD uses a lot more than just MS products.

[Doc+Ruby]

US cops aren't underfunded - not their operating budgets, anyway. Their salary budget varies, but I don't know of any that are anything but overfunded. That's not including pensions, the real benefits for cops who survive (practically all) to collect them. To be clear, I'm not comparing the salaries to the value of cops putting their wellbeing on the line when facing violent criminals every day to protect us. I'm comparing their budgets to the costs of their operations.

I'm talking about cops outside the US, the subject of this story. Those cops are usually underfunded. Especially places where MS can fill various political vacuums, including augmenting police budgets. I can't vote to fund those cops. And MS knows how to get the political leverage not justified by their execs' mere voting power.

And I'm not talking about just selling cops SW. We're talking about joint operations with cops, along the model to which the summary refers where the RIAA/MPAA jointly raid with the cops, even "helping" confiscate computers and other evidence. That's the problem. And where fascism really gets rooted, as corporations operate government interdiction directly, rather than merely petition the government through a justice system. That's where voting and other government reform of democracy has power. In the US, we should get the FBI to use all its intelligence and investigation power to support local police in specific jurisdictions.