Latest

This briefing note is only intended as a general statement of the law and no action should be taken in reliance on it without specific legal advice.

Mishcon Cyber Watch - October 2014
 Briefing 
Date
31 October 2014

Mishcon Cyber Watch - October 2014

Welcome to the October edition of Mishcon Cyber Watch. Its aim is to provide businesses and their advisors with a snapshot of what has been happening in the world of cyber fraud in the last month.

UNITED KINGDOM

Police forces around the UK are exploiting a loophole in surveillance laws which allow them to view stored messages without obtaining a warrant from the Home Secretary. The Times has discovered that forces are routinely accessing stored messages by requiring telecoms and computer companies to hand over messages using just a production order obtained from a judge.
Dominic Kennedy
The Times, 20 October 2014

The National Cyber-Crime Unit has been asked to investigate claims that the Bahrain government and Gamma International, a UK-German Technology company, spied on over 70 British-based Bahrain nationals by using spyware software. The offences fall under the Regulation of Investigatory Powers Act and the Computer Misuse Act. It was unclear whether the NCCU had agreed to investigate.
Ian Burrell
The Independent, 14 October 2014

Mark Boleat, Policy Chairman at City of London Corporation, has warned that cyber-criminals are likely to trigger the next global financial crisis by destroying bank records and effectively making a major bank 'disappear'.
Katherine Rushton,
The Telegraph, 11 October 2014


NORTH AMERICA

Massachusetts-based retailer Staples had its computer systems compromised. They are currently liaising with law enforcement to work out how the attack happened and what was stolen.
Nicole Perlroth
New York Times, 22 October 2014

Bernard Ogie Oretekor and Chantale Petit-Frere have been indicted by the US Attorney's Office for their role in a $500,000 scam which involved hacking victim's email accounts in order to send messages to the victim's banks authorising large transfer of cash.
Karina Ioffee
Contra Costa Times, 18 October 2014

Lamar Taylor of Massachusetts has been sentenced to 2½ years in jail and ordered to pay restitution of $338,649 for his role in an international cybercrime scam that hacked into the computers of financial institutions and the US military payroll system.
Associated Press, 17 October 2014

US retailer K-Mart has fallen victim to a hacking attack which is presumed to have started in September, and has lost credit and debit card data.
Hannah Kuchler
Financial Times, 11 October 2014

Research by the Ponemon Institute claims that 43% of American companies have experienced a data breach within the past year, an increase of 10% of last year. The average cost of cybercrime to large US companies is estimated at $12.7m.
Elizabeth Weiss
USA Today, 25 September 2014

The Department of Justice announced that Arthur Budovsky, the founder of a virtual currency used by cybercriminals to launder their money around the world, was extradited from Spain to face federal charges in the U.S.  Mr. Budovsky operated his currency, known as Liberty Reserve, from Costa Rica.  According to the Department of Justice, after being convicted of operating an unlicensed money transmitting system in New York State called Gold Age Inc., Mr. Budovsky set out to create a digital currency that would be able to elude law enforcement authorities.
Department of Justice Press Release, 10 October. 2014

On October 9, the Department of Justice announced that a federal grand jury in Washington State returned a second superseding indictment against Roman Valerevich Seleznev a/k/a Track2, of Vladivostok, Russia, for his involvement in a scheme to hack into businesses and steal credit card numbers which he later sold online.  According to the Department of Justice, Mr. Seleznev not only sold the credit card numbers but also operated a website that provided instructions on how to use stolen credit card numbers to commit crime.
Department of Justice Press Release, 9 October 2014

JP Morgan Chase announced that the cyber-attack it sustained over the summer was much larger than originally reported, impacting 76 million households and 7 million small businesses.  The bank reported in securities filings that over-seas hackers gained access to names, e-mails, addresses, and phone numbers of account holders, but not passwords or social security numbers.  JP Morgan now plans to spend $250 million per year on digital security.
New York Times, 2 October. 2014

The Department of Justice announced the indictment of Hammad Akbar of Lahore, Pakistan, with the advertisement and sale of a surreptitious interception device for marketing a mobile device spyware app called StealthGenie.  According to the Department of Justice, the StealthGenie app allowed a third-party to intercept communications to and from mobile phones, record voice calls, monitor e-mails and text messages, and access address books, calendars, photographs, and videos, all without the phone owner’s knowledge.  This indictment is the first time a case has been brought over the advertisement and sale of a mobile device spyware app.
Department of Justice Press Release, 29 September 2014


ASIA

Recent research by the Ponemon Institute has revealed that in January 2014 nearly 27 million South Koreans – more than 70% of the population between 15-67 – had credit cards compromised and personal data stolen following a breach at the Korean Credit Burea
Elizabeth Weiss
USA Today, 25 September 2014

30,000 cyber-crime suspects have been arrested in Beijing since 2011, according to figures released by the public security bureau. Crimes covered include cyber-crime, hacking, 'online rumour-mongering', terrorism and violent content.
Xinhua General News Service,
9 October 2014

The first cyber crime conviction in Pakistan was handed down when Noorul Haq was found guilty of selling mobile SIMs that had been activated using fraudulent national identity card numbers. The ruling has been described as 'landmark'. Mr Haq was sentenced to 6 years in prison and a fine of 200,000 Rs.
Salman Khan
Flare, 31 October 2014

 

AUSTRALASIA

Australian magazine New Matilda has denied that emails published in one of its articles were obtained through hacking. The publication of alleged racist and sexist emails sent by Sydney University professor Barry Spurr led to his suspension by the university last week. Spurr claims the emails could only have been obtained by hacking, but New Matilda claim that the emails were given to them by a source.
Andrew Fraser and Sharri Markson
The Australian, 20 October 2014

 

EASTERN EUROPE

Europol has narrowed down its focus of investigations into recent high profile bugs such as Heartbleed and Shellshock to a small number of very skilled programmers predominantly operating from Russia. However their efforts to investigate have been hampered by poor relations between countries.
Pat McGrath
ABC Premium News, 13 October 2014