Tag Archive for: Charge

DOJ Announces It Will Not Charge CFAA Violations for Good-Faith Security Research | Seyfarth Shaw LLP

/in


The Department of Justice recently announced a revision of its policy concerning charging violations of the Computer Fraud and Abuse Act (the “CFAA”). Following recent decision from the Supreme Court and appellate courts that seemingly narrow the scope of civil liability under the CFAA, the DOJ’s new policy may likewise limit criminal prosecutions under the law.

As regular readers of this blog are well aware, the CFAA provides that “[w]hoever … intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer … shall be punished” by fine or imprisonment.” The DOJ’s announced policy, however, now directs that “good-faith security research” should not be charged. “Good faith security research” means “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The new policy highlights the DOJ’s goal to promote privacy and cybersecurity by upholding the legal rights of individuals and network owners to ensure confidentiality and availability of information stored in their information systems. Thus, the DOJ will consider several factors in determining whether CFAA prosecution should be pursued, including

  1. the sensitivity of the affected computer system and harm associated with unauthorized access;
  2. concerns pertaining to national security, critical infrastructure, public self and safety, market integrity, international relations, or other considerations having broad impact on national economic interests;
  3. if the activity was in furtherance of a larger criminal endeavor or posed risk of bodily harm or a threat to national security;
  4. the impact of the crime and prosecution on third parties;
  5. the deterrent value of an investigation or…

Source…

Apple hit with EU antitrust charge over mobile payments technology

/in


An Apple logo hangs above the entrance to the Apple store on 5th Avenue in the Manhattan borough of New York City, July 21, 2015. REUTERS/Mike Segar//File Photo

Register now for FREE unlimited access to Reuters.com

BRUSSELS, May 2 (Reuters) – Apple faces a possible hefty fine and may have to open its mobile payment system to competitors after EU antitrust regulators charged the iPhone maker with restricting rivals’ access to its technology used for mobile wallets.

This marks the second EU charge against Apple after EU regulators last year accused the company of distorting competition in the music streaming market following a complaint from Spotify (SPOT.N). read more

The European Commission said on Monday it had sent a charge sheet known as a statement of objections to Apple, detailing how the company had abused its dominant position in markets for mobile wallets on iOS devices.

Register now for FREE unlimited access to Reuters.com

The Commission said Apple’s anti-competitive practices dated back to 2015 when Apple Pay was launched.

“We have indications that Apple restricted third-party access to key technology necessary to develop rival mobile wallet solutions on Apple’s devices,” EU antitrust chief Margrethe Vestager said in a statement.

“In our statement of objections, we preliminarily found that Apple may have restricted competition, to the benefit of its own solution Apple Pay,” she said.

Apple, which could face a fine up to 10% of its global turnover or $36.6 billion based on its revenue last year, though EU penalties rarely reach the cap, said it would continue to engage with the Commission.

“Apple Pay is only one of many options available to European consumers for making payments, and has ensured equal access to NFC while setting industry-leading standards for privacy and security,” the company said in a statement.

Apple’s Frankfurt-listed shares fell on the news and were down 0.7% at 1216 GMT.

Apple Pay is used by more than 2,500 banks in Europe and over 250 fintechs and challenger banks. The NFC chip enables tap-and-go payments on iPhones and iPads.

Vestager rejected the company’s security argument.

“Our investigation to date did not reveal any evidence that would…

Source…

UK police charge two teens in connection with Lapsus$ hacking group case

/in


After arresting seven alleged members of the hacking group Lapsus$ last week, London police have charged two of them with multiple computer crimes. The teenagers, aged 16 and 17, remain in police custody in connection with the investigation.

“Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data,” the City of London Police said in a news release. “The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorized access to a program. They will both appear at Highbury Corner Magistrates Court this morning (April 1st).”

Lapsus$ claimed to have downloaded 37GB of Microsoft source code for key products like Bing and Cortana, along with mobile apps. They also reportedly compromised the security system of MFA company Okta, forcing the company to admit that it made a mistake in the way it handled the attack.

One of the teens arrested was reportedly a 16-year-old Oxford resident known as “Breachbase” or “White,” who has supposedly made the equivalent of $14 million in Bitcoin. London police have not released any names, however, nothing that the people charged are juveniles and that reporting any identifying information about them is prohibited.

Source…

Prosecutor won’t charge reporter who uncovered database flaw

/in


Posted:

Prosecutor Wont Charge Reporter Who Uncovered Database Flaw
KOAM Image

ST. LOUIS, Mo. – A Missouri prosecutor will not charge a journalist who exposed a state database flaw. That flaw he discovered allowed public access to thousands of teachers’ Social Security numbers. The Governor had ordered a criminal investigation into the journalist.

(Previous Article: Missouri Governor accuses reporter of hacking DESE website)

The Database Flaw

In October of 2021, the State shut down the Missouri Department of Elementary and Secondary Education webpage. It happened after St. Louis Post-Dispatch reporter uncovered a security flaw that could have potentially exposed teachers’ sensitive information.

State officials say someone took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security numbers of those specific educators.

The St. Louis Post-Dispatch reported it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

The newspaper held off publishing a story about the flaw until the state fixed it.

The Investigation into the Database Flaw

Governor Parson announced a criminal investigation in October of 2021. He alleged the newspaper journalist was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished.”

Democratic state Rep. Ashley Aune, of Kansas City, accused Parson of a “smear campaign” against the Post-Dispatch journalist when it was Parson’s administration that stored the private information and left it unprotected.

“This fiasco perfectly illustrates why Missouri needs to get serious about confronting 21st century cyberthreats,” Aune said.

Aune helped write a section of Senate Bill 49 that created the Missouri Cybersecurity Commission.

The Post-Dispatch released a statement in which it said the reporter in question did the right thing by reporting the issue.

“A hacker is someone who…

Source…