The connection between the harvester and the spammer will be key (assuming they are separate entities - if they are the same entity - then the buck stops there).
Here's some math. There are 15K harvesters identified by Honeypot. About 20% are US-based. This makes more than 3K harvesters that are US-based and subject to jurisdiction by US courts. With the power of legal process it won't be that hard to unmask the identities of a large portion of these 3K harvesters. With some pressure and threat of damages and expenses of defending a large lawsuit, many harvesters would happily disclose any relationships they have with a spammer - no more John Does - the plaintiffs can now be named. The rest is easy. Slightly more analysis here.
Several ways which suggest that FBI and Nextel were able to actually activate the built-in cell phone microphone remotely, or least use the cellular network to obtain some remote surveillance.
The affidavit seeking the court order lists the target's phone number his 15-digit International Mobile Subscriber Identifier, and lists Nextel as the service provider. Why would they have to disclose this information to the court if they were just planting an ordinary bug which requires none of the above information? Maybe the affiant wanted to create a diversion for the thousands of slashdoters who would read it and wonder how they did it, or maybe there was a legitimate reason to put all of this information in the affidavit and actually use Nextel's network and the phone capabilities to listen on the target.
Problem w/ cybercrime is that it is unreported. People are either 1) afraid to report, or 2) don't know how to report. Concern #1 is legitimate - some businesses don't want to have everybody know that their security is weak. Concern #2 is awareness problem - users should know what to do in case something bad happens to them.
So, to play my part in user education and awareness - some ways to report cybercrime.
Whether FCC has jurisdiction over this or not was argued today in front of the Court of Appeals for the District of Columbia. Sounds like a ruling is expected before September.
Here's an AP article about this morning's argument.
And how ISPs are experimenting with notifying infected subscribers and blocking their traffic! Nothing like an opportunity to test a controversial measure in times of FUD.
Slashdot Mirror
The connection between the harvester and the spammer will be key (assuming they are separate entities - if they are the same entity - then the buck stops there).
Here's some math. There are 15K harvesters identified by Honeypot. About 20% are US-based. This makes more than 3K harvesters that are US-based and subject to jurisdiction by US courts. With the power of legal process it won't be that hard to unmask the identities of a large portion of these 3K harvesters. With some pressure and threat of damages and expenses of defending a large lawsuit, many harvesters would happily disclose any relationships they have with a spammer - no more John Does - the plaintiffs can now be named. The rest is easy. Slightly more analysis here.
Several ways which suggest that FBI and Nextel were able to actually activate the built-in cell phone microphone remotely, or least use the cellular network to obtain some remote surveillance.
The affidavit seeking the court order lists the target's phone number his 15-digit International Mobile Subscriber Identifier, and lists Nextel as the service provider. Why would they have to disclose this information to the court if they were just planting an ordinary bug which requires none of the above information? Maybe the affiant wanted to create a diversion for the thousands of slashdoters who would read it and wonder how they did it, or maybe there was a legitimate reason to put all of this information in the affidavit and actually use Nextel's network and the phone capabilities to listen on the target.
Problem w/ cybercrime is that it is unreported. People are either 1) afraid to report, or 2) don't know how to report. Concern #1 is legitimate - some businesses don't want to have everybody know that their security is weak. Concern #2 is awareness problem - users should know what to do in case something bad happens to them. So, to play my part in user education and awareness - some ways to report cybercrime.
Whether FCC has jurisdiction over this or not was argued today in front of the Court of Appeals for the District of Columbia. Sounds like a ruling is expected before September. Here's an AP article about this morning's argument.
And how ISPs are experimenting with notifying infected subscribers and blocking their traffic! Nothing like an opportunity to test a controversial measure in times of FUD.