In the never-ending war against shadowy Internet criminals, gangs based in Eastern Europe that electronically break into business computers, steal banking passwords, and transfer the money are a particularly dangerous and mysterious group. With their methods, they are hard enough to defeat as is, but they are also being accidentally aided in their actions through an unlikely source.
A lawsuit was filed on Wednesday in the United States District Court for the Eastern District of Virginia against this group of hackers by Unspam Technologies, an organization that gathers volunteers to discover information about spammers and other online rogues. In a refreshing bit of honesty, the lawyer for Unspam, Jon L. Praed, admits it is very unlikely the company will ever discover the name of these hackers. He claims instead that the purpose of the suit is to obtain the details of the thefts, the names of victims and other information from the compromised computers in an attempt to increase security. The banks that have been affected by hackers are usually very reclusive in cases like these, therefore inadvertently aiding the hackers. By forcing the banks to give up information, Praed believes that security can be improved and the hackers can possibly be discovered.
Mr. Praed, who is head of the Internet Law Group in Arlington Virginia, has successfully used these “John Doe” suits (so called because the unnamed defendant is identified only as John Doe), to get information from third parties that can be passed to law enforcement and then used on civil suits to go after the main party. Back in 2007, Praed helped Unspam file a suit for the purpose of gathering info on illegal Internet pharmacies and their supporters, though its results are unknown.
“This lawsuit is intended to provide all those being victimized by this massive criminal enterprise the opportunity to come together to gather the data we need to fix the problem at a systems level,” Mr. Praed said.
While it seems that Praed believes he is fighting the good fight, banks may fight back against his subpoenas, even if they’re getting hurt by these hackers.
Banks do not want to get involved in these lawsuits and cases for a number of reasons. They argue that it’s a poor idea to publicize the techniques used by criminals in fraud cases or those meant to thwart them. Wit more information out in the open, it may only lead to more fraud attempts. Banks also want to keep these cases quiet to preserve the confidence and confidentiality of their customers.
“Banks are not the perpetrators of these crimes, and banks are spending tens or hundreds of millions of dollars of industry dollars trying to prevent those acts from taking place,” said Scott H. Frewing, a partner at the Baker & McKenzie law firm, which represents major banks. “The use of John Doe lawsuits to draw them into a civil litigation fight just raises the cost on the banks in a way that the courts may not sanction.”
Mr. Praed said that he hoped his John Doe lawsuit would encourage banks to improve their electronic defenses. “Unless we want to go back to putting our money in a mattress, more needs to be done.”
(Via New York Times)