http://www.bizjournals.com/twincities/stories/2002/06/24/story7.html Andrew Tellijohn Staff Reporter June 21, 2002 The Twin Cities' largest electronics retailer believes it has fallen victim to computer hackers. While it doesn't yet know the identity of the perpetrators, the company is still taking them to court. Best Buy Concepts Inc., an affiliate of Eden Prairie-based Best Buy Co. Inc., has filed suit in U.S. District Court against unknown defendants -- John and Jane Doe, to be precise -- who acquired a BestBuy.com e-mail address and used it to send electronic pornography messages to customers, potential customers and others. Those messages, coded to indicate they were coming from Best Buy, linked to pornographic "or otherwise offensive messages, text, or materials," none of which were connected to Best Buy's goods and services, the complaint said. The company is suing for damages exceeding $75,000 and seeks a court order prohibiting the defendants from further use of the Best Buy name. Best Buy declined further comment, citing a policy against discussing ongoing litigation. Observers of cybercrime say Best Buy is one of hundreds of companies victimized by hackers. Best Buy probably doesn't stand to lose much goodwill from the messages because most consumers understand computer spam -- especially hijacking of e-mail addresses -- is a frequent problem, said Mike O'Connor, co-founder of St. Paul Internet service provider gofast.net. "I get spammed with my own e-mail address on the average of once or twice a day, as does almost anybody who is on the Internet for any length of time," O'Connor said. Best Buy could be harmed, however, if word got out to technology neophytes who start worrying that, if the company can't protect its e-mail addresses, it might not be able to protect credit-card numbers as well. "They want to be known as a sturdy, stable place," he said. "They want to be trusted." Still, getting anything out of the alleged hackers will be tough. It's surprising Best Buy filed suit because it's likely the perpetrators are from outside the country and won't ever be found, he said. "I don't think Jane and John Doe are going to respond to the lawsuit." Others disagree. While Internet service providers generally are helpful in providing information when it comes to criminal fraud by their clients, filing a lawsuit will assist Best Buy in gaining additional information that might help them find the perpetrators, said Eric Jorstad, a partner and Internet law specialist with Faegre & Benson, Minneapolis. Others commended Best Buy for at least reporting the crime. Most victims don't, according to a recent national survey. Of 503 respondents to the Computer Security Institute's annual "Computer Crime and Security Survey," 90 percent had detected computer security breaches in the past year, and 80 percent suffered financial losses from them. A total of more than $455 million was lost by 223 respondents. Companies don't report to avoid negative publicity or they see it as a business rather than a legal problem, said Paul Luehr, assistant U.S. Attorney and computer crimes coordinator for the U.S. Attorney's Office in Minneapolis. Luehr declined to comment on the Best Buy case, but said lack of reporting makes it harder to bring perpetrators to justice. Losses from computer crimes can be aggregated, and if a hacker creates more than $5,000 worth of damage, that person can face federal felony charges. "If there is some real dollar loss associated with [a hacker's crimes], we'd like to hear about it," Luehr said. He urged companies to promote prevention by updating program patches and making computer security a companywide issue. "Too often people tend to think of computers and computer security as just being for freaks and geeks," he said. "We know it affects everybody within a community or a corporation." Best Buy has at least one observer rooting for it to pull off some sort of win in the courts. "There really is just hardly a lower life form than a porn spammer," O'Connor said. "Anybody who can inflict pain on them -- I'm in their corner." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 04:09:25 PDT