[ISN] Best Buy suing over e-mail porn scam

From: InfoSec News (isnat_private)
Date: Wed Jun 26 2002 - 00:57:41 PDT

  • Next message: InfoSec News: "[ISN] Ex-Del Mar man guilty of spamming"

    Andrew Tellijohn   
    Staff Reporter 
    June 21, 2002 
    The Twin Cities' largest electronics retailer believes it has fallen
    victim to computer hackers. While it doesn't yet know the identity of
    the perpetrators, the company is still taking them to court.
    Best Buy Concepts Inc., an affiliate of Eden Prairie-based Best Buy
    Co. Inc., has filed suit in U.S. District Court against unknown
    defendants -- John and Jane Doe, to be precise -- who acquired a
    BestBuy.com e-mail address and used it to send electronic pornography
    messages to customers, potential customers and others.
    Those messages, coded to indicate they were coming from Best Buy,
    linked to pornographic "or otherwise offensive messages, text, or
    materials," none of which were connected to Best Buy's goods and
    services, the complaint said.
    The company is suing for damages exceeding $75,000 and seeks a court
    order prohibiting the defendants from further use of the Best Buy
    Best Buy declined further comment, citing a policy against discussing
    ongoing litigation.
    Observers of cybercrime say Best Buy is one of hundreds of companies
    victimized by hackers.
    Best Buy probably doesn't stand to lose much goodwill from the
    messages because most consumers understand computer spam -- especially
    hijacking of e-mail addresses -- is a frequent problem, said Mike
    O'Connor, co-founder of St. Paul Internet service provider gofast.net.
    "I get spammed with my own e-mail address on the average of once or
    twice a day, as does almost anybody who is on the Internet for any
    length of time," O'Connor said.
    Best Buy could be harmed, however, if word got out to technology
    neophytes who start worrying that, if the company can't protect its
    e-mail addresses, it might not be able to protect credit-card numbers
    as well.
    "They want to be known as a sturdy, stable place," he said. "They want
    to be trusted."
    Still, getting anything out of the alleged hackers will be tough. It's
    surprising Best Buy filed suit because it's likely the perpetrators
    are from outside the country and won't ever be found, he said. "I
    don't think Jane and John Doe are going to respond to the lawsuit."
    Others disagree. While Internet service providers generally are
    helpful in providing information when it comes to criminal fraud by
    their clients, filing a lawsuit will assist Best Buy in gaining
    additional information that might help them find the perpetrators,
    said Eric Jorstad, a partner and Internet law specialist with Faegre &
    Benson, Minneapolis.
    Others commended Best Buy for at least reporting the crime. Most
    victims don't, according to a recent national survey. Of 503
    respondents to the Computer Security Institute's annual "Computer
    Crime and Security Survey," 90 percent had detected computer security
    breaches in the past year, and 80 percent suffered financial losses
    from them. A total of more than $455 million was lost by 223
    Companies don't report to avoid negative publicity or they see it as a
    business rather than a legal problem, said Paul Luehr, assistant U.S.  
    Attorney and computer crimes coordinator for the U.S. Attorney's
    Office in Minneapolis.
    Luehr declined to comment on the Best Buy case, but said lack of
    reporting makes it harder to bring perpetrators to justice.
    Losses from computer crimes can be aggregated, and if a hacker creates
    more than $5,000 worth of damage, that person can face federal felony
    charges. "If there is some real dollar loss associated with [a
    hacker's crimes], we'd like to hear about it," Luehr said.
    He urged companies to promote prevention by updating program patches
    and making computer security a companywide issue.
    "Too often people tend to think of computers and computer security as
    just being for freaks and geeks," he said. "We know it affects
    everybody within a community or a corporation."
    Best Buy has at least one observer rooting for it to pull off some
    sort of win in the courts.
    "There really is just hardly a lower life form than a porn spammer,"  
    O'Connor said. "Anybody who can inflict pain on them -- I'm in their
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 04:09:25 PDT