IBLS Speaker's Corner : e-evidence

Europe Fights Mobile Malware

Maricelle Ruiz — Wed, 27 Jun 2007 12:10:00 GMT

Just when we thought our computer antivirus would protect us from anything out there…the mobile virus made its grand entrance into Europe. Police started to investigate and recently detained a prolific, mobile-virus creator. Information on the modus operandi of mobile hackers and tips to avoid their traps has been released to nip this challenge in the bud. Although they concur that this criminal activity is still not widespread, experts also agree that it shouldn’t be underestimated.

“Viruses are not harmless pranks; they cause real harm disrupting business and personal communications as well as destroying and stealing sensitive data,” says Graham Cluley, senior technology consultant for Sophos, an IT security firm. “The computer crime authorities around the globe are becoming more experienced at tracking down hackers and virus writers, and malware authors should be asking themselves whether it’s really worth taking the risk.”

After an investigation spanning half a year, Spanish police have detained a 28-year-old man accused of creating more than twenty “Leslie” viruses, reportedly affecting the high-end devices of more than 100,000 people. Millions of dollars could have been lost as a result of the viruses, reportedly named after the suspect’s fiancée. Police have seized computers, mobiles and other high-tech devices to build up their case.

The “Leslie” viruses resembled malware affecting the mobiles of hundreds of people attending the 2005 IAAF World Championships in Athletics in Helsinki, Finland, and devices in Northern Spain. The ‘Leslies’ spread through Bluetooth, manipulating infected devices to send multimedia messages to contacts in the phone agenda as well as in the call and incoming messages lists.

This particular malware came with pornography, ring tones, sports news, chat applications and even antiviruses, and manipulated devices to transmit costly phone messages or caused phones to run out of battery. However, experts report that malware may also come with pictures and video clips; replace system applications; and make screen text unreadable, among other criminal activity.

To protect mobiles, telecom and technology companies recommend that users equip mobiles with antivirus protection and firewalls; or run applications to revamp already affected devices. These programs are available online or at an operator. Companies also advise users to accept ONLY content from a known source, through Bluetooth or Beam infrared technology. Users should deactivate the technology when it is not in use to keep phones from receiving messages containing malware.

Internet security firms also report a fight against multilingual mobile spam within the continent.

The wild hunt for e-evidence in high-profile cases

Maricelle Ruiz — Fri, 04 May 2007 15:39:00 GMT

Even if you’re really mad…it may not be such a good idea to hack, that is, to illegally access another’s computer. The pursuit of electronic evidence to reach beneficial divorce settlements and close lucrative business deals was reportedly out of control in some United Kingdom circles…until law enforcement officers decided to look into the activities of a well-known heir. After being questioned by the police, the heir and his detectives recently ended in a London Court.

US banking heir Matthew Mellon is charged with conspiring to cause unauthorized modification of computer material. He allegedly hired a UK detective agency, which reportedly used a computer virus to hack into his wife’s computer in search of financial information during divorce proceedings. Mellon’s now ex-wife – Tamara Mellon – is the head of fashion company Jimmy Choo. Matthew Mellon denies any wrongdoing.

“The agency carried out the usual things like tracking people down, looking for information for solicitors. They also had a lucrative sideline involving hacking into people’s computers and tapping into their phones, which is illegal in this country,” prosecutor Miranda Moore told the Court, according to The Guardian, during the case against Mellon and the UK firm involved in the alleged plot. The company is accused of using viruses, among other methods, to obtain data to enable clients to reach beneficial divorce settlements and close lucrative business deals. It also denied wrongdoing.

The use or attempted use of e-evidence in divorce proceedings is not a new occurrence. In the US state of Florida, a wife reportedly installed spyware on her husband’s computer and later tried to use information obtained in divorce proceedings. She was not allowed because Florida bans the interception of these communications. However, in New Jersey, a wife was granted $7,500 during divorce proceedings after her husband wiretapped her computer to keep track of her transactions and emails.

E-mail Wiretap is Permissible…For now

IBLS Editor — Wed, 02 May 2007 12:22:00 GMT

IBLS Contributor: Odia Kagan, Partner, Shavit Bar-On Gal-On Tzin Nov Yagur Law Offices – Tel Aviv, Israel, okagan@sbilaw.com, writes:

An amendment to the Australian Telecommunications (Interception) Act makes it easier for the police and state authorities to read citizens’ e-mails and text messages.

On December 8, 2004, the Australian House of Representatives passed the Telecommunications (Interception) Amendment (Stored Communications) Act 2004 which amends the Australian Telecommunications (Interception) Act of 1979, with regard to electronic messages (e-mail) and text messages (SMS).

Telephone conversations – Yes; Recorded Messages – No

This law, the Australian government’s third attempt to amend the said Telecommunications (Interception) Act, enables the police, several Federal and State authorities, private investigators, Internet service providers and other business owners – to access e-mail messages, SMS messages, and voice messages which are temporarily stored during transfer – without a telecommunications interception warrant, even in cases the suspected offence is not grave in nature.

The amendment to the act classifies the interception of these messages, which are found in temporary storage, as an exception to the general prohibition of the interception of telecommunications which is set forth in the Telecommunications (Interception) Act. Under the amendment to the act, unlike the legal situation which preceded it, access to such information would be granted to any entity with legal access to the equipment in which the information is stored. It would no longer be necessary to acquire a warrant for the interception of the messages. Rather a simple search warrant would suffice.

Despite the current legislative trend, this amendment is not “technologically neutral” as it awards different treatment to the interception of telephone conversations and other “live” conversations, including a facsimile transmission, with regard to which a separate telecommunications interception warrant would still be required.

Thus, the interception of a telephone conversation, data communications (such as: GPRS) and e-mail messages in the course of being transferred – requires a separate telecommunications interception warrant. However, the interception of recorded voice messages, and SMS or MMS (video/picture) messages which are saved in the memory of the cellular telephone, as well as stored e-mail messages – does not require a separate warrant.

National Security v. the Privacy of the Citizens – National Security Prevails

Those who oppose the Amendment argue that it disrupts the appropriate balance between the right of citizens to privacy and the needs of the law enforcement authorities. The objection is mainly to the permission granted to the authorities to read e-mail messages which had not yet reached their intended recipient and had not yet been read by them. The argument is that the usage of a regular search warrant is not fitting for this purpose because a search warrant was intended to enable the receipt of physical evidence, not to grant access to personal communications.

Irene Graham, executive director of Electronic Frontiers Australia, an organization which promotes civil liberties in the electronic age, does not understand the need for this amendment. Her view, as quoted in Sam Varghese’s article published in the Sydney Morning Herald on December 10, 2004 is that “if a warrant was needed it would take just 20 minutes over the phone to obtain one, then why are these additional powers needed?”

The supporters of the amendment justify the need for it with the state of national security which changed after September 11. In the discussions of the bill, the representatives of the police emphasized the need which exists, in the electronic age, to acquire fast access to stored electronic information, in order to prevent its deletion. An additional advantage of this law, stated Attorney General Phillip Ruddock, in an interview for a Findlaw Australia article published on December 7, 2004, is that it will enable network administrators to review stored communications for viruses and other inappropriate content.

An e-mail during transmission – is not “stored communications”

In a previous article, I discussed the controversial Councilman case which was handed by a US Federal Court. In this case, a business owner, who was also an Internet Service Provider, intercepted his customers’ e-mail message in order to make a commercial gain from the information found in the message. The US Court of Appeals for the First Circuit decided that this case did not constitute a violation of the Federal Wiretap Act because an e-mail message in “temporary storage”, conducted in the process of its transfer to its destination is “stored communication” and thus a separate interception warrant is not necessary in order to intercept it. This decision was widely criticized and it was vacated by the Court pending a re-hearing of the case.

The Australian law treats the temporary storage of an e-mail message during transmission as “live communication” for which a separate telecommunications interception warrant is required. In the explanation for the bill it was stated that storage of an e-mail message during transmission, which is highly transitory in nature and constitutes an integral part of the technology used for the transmission of the message – is not sufficient for making the message “stored communications” which are not protected by the act.

We shall meet again in a year

In the discussions which preceded the legislation of the amendment, different opinions were voiced and true concerns were expressed with regard to the amendment’s possible effect. Therefore, and especially as this is an innovative field which had not been regulated previously, the Australian Parliament decided that after one year from the date the amendment goes into affect (upon the receipt of the Royal Assent) an inquiry and review of the Act’s provisions will be conducted and the need to amend them will be examined based on the experience which had accumulated during the first year since the legislation of the Act

**Reprinted with permission from the Israel Bar Association Website (www.israelbar.org.il) where it was published on February 13, 2005. This article was originally published in Hebrew in NFC (www.nfc.co.il) on January 4, 2005 (http://www.nfc.co.il/archive/003-D-8550-00.html?tag=14-59-59 )

Ms. Kagan specializes in Internet and IT law. Her articles on these subjects are published regularly in professional publications of the American Bar Association and the New York State Bar Association as well as in national Israeli websites. Ms. Kagan authored the Israeli Chapter in the book “Cybercrime and Security” published worldwide by Oceana Publications, a division of Oxford University Press. A graduate of the Law Faculty of Tel Aviv University, Ms. Kagan is a member of the Israel and New York Bars, is qualified as a Solicitor in England & Wales and is also admitted as legal practitioner in New South Wales, Australia.