Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Critical Briefing: Cyber Threats, Crimes, and Security

advertisement 
Critical Briefing: Cyber
Threats, Crimes, and Security
Panelists:
Kara Altenbaumer – Price, Kibble & Prentice, a USI Company
Theodore Angelis – K&L Gates LLP
Daimon Geopfert – McGladrey LLP
Ryan Harkins – Microsoft Corporation
Pablos Holman – Intellectual Ventures Laboratory
June 11, 2013
© Copyright 2013 by K&L Gates LLP. All rights reserved.
Threat Assessment: Today’s big threats, and
how hackers and criminals are succeeding
klgates.com
Pablos Holman
Futurist. Inventor. Hacker
klgates.com
Hacking and Data Breach
Case Studies
klgates.com
klgates.com
The Spectrum of Cyber Attacks
 Advanced Persistent Threats (“APT”)
 Data Breach and Malware
 Denial of Service attacks (“DDoS”)
 Domain name hijacking
 Corporate impersonation and Phishing
 Employee mobility and disgruntled
employees
 Lost or stolen laptops and mobile
devices
 Inadequate security and systems: first
party and third-party vendors
klgates.com
Advanced Persistent Threats
 targeted, persistent, evasive and advanced
 nation state sponsored
P.L.A. Unit 61398
“Comment Crew”
klgates.com
Advanced Persistent Threats
 United States Cyber Command and director of the
National Security Agency, Gen. Keith B. Alexander,
has said the attacks have resulted in the “greatest
transfer of wealth in history.”
Source: New York Times, June 1, 2013.
klgates.com
Advanced Persistent Threats
 Penetration: Spear Phishing
 67 percent of organizations admit that their current
security activities are insufficient to stop a targeted
attack.*
 Duration:
 average = 356 days**
 Discovery: External Alerts
 55 percent are not even aware of intrusions*
*Source: Trend Micro, USA.
http://www.trendmicro.com/us/enterprise/challeng
es/advance-targeted-attacks/index.html
**Source: Mandiant, “APT1, Exposing One of
China’s Cyber Espionage Units”
klgates.com
Case Study 1 – Industrial Company in Midwest
klgates.com
Case Study 1 – Industrial Company in Midwest
klgates.com
Case Study 2 – Technology/Electronics Co.
Began With Unauthorized Wire Transfer
 CFO returned from vacation and sees
outgoing $250k wire transfer she did not
.
initiate
 Bank explained it received wire authorization
and follow-up email authorization
 Phone confirmation protocol not followed because
hackers cleverly timed transfer during planned phone
outage at CFO’s company
 Thankfully, client able to cancel wire in time
klgates.com
Case Study 2 – Technology/Electronics Co.
Investigation Ensued
 Access via compromised machine, but
perpetrator forwarded wire confirmation to
.
mikeuser101@yahoo.com
 Same account identified in public source
phishing site impersonating Re-Max
klgates.com
Case Study 2 – Technology/Electronics Co.
Investigation Ensued
 CFO confirmed she previously searched on
Re-Max websites and browser cache confirms
likely infection vector .
 Testing in sandbox environment indicated no
apparent malware or malicious code installed
klgates.com
Prevention and Protection: Defense and
protection methods, and what insurance to
maintain
Data Breach: A Big
Problem
Header
Header
Text
Text
Header
Header
Text
Text
Header
Header
Text
Text
15
So what to do?
Pressures
How you respond matters
17
Form a Team and a Plan
Misconceptions
•
Compliance ≠ Security
• Don’t ask the security team to build the walls and roof until you’ve laid the foundation
• Security is not bought • Tools are tools, not solutions
• Security threats do not only come from “out there”
• Attacks by rogue employees, mistakes, and fraud are not common, but result in immense damage when they occur
• Remember, once the bad guys breach your external boundary they are now a version of insider threat
19
Misconceptions
•
Risk is introduced when basic controls are viewed as “the”
solution rather than the start of a solution
• Creates blind spots and false sense of security
• Creates “islands” rather than defense in depth
• Controls not focused on current threats and tactics
•
The examples in this presentation are “real world” and attempt to demonstrate the effectiveness of basic controls versus modern adversaries
•
After we talk about what is broken we’ll do our best to describe some possible solutions
20
Case Study #1: Signature Bypass
•
Control Example – PCI:
• 11.4.b Confirm IDS and/or IPS are configured to alert personnel of suspected compromises.
• 11.4.c Examine IDS/IPS configurations and confirm IDS/IPS
devices are configured, maintained, and updated per vendor instructions to ensure optimal protection.
•
Control Example – ISO:
•
•
10.4.1 Detection, prevention, and recovery controls to protect against malicious code and appropriate user awareness procedures should be implemented.
10.4.1d Installation and regular update of malicious code detection and repair software to scan computers and media as a precautionary control, or on a routine basis; 21
Case Study #1: Signature Bypass
• In English…
• Is AV deployed?
• Is it on users systems, servers, mail, etc.?
• Are scans run regularly?
• Is IDS/IPS deployed?
• Is it where it should be?
• Are the signatures updated regularly? 22
Case Study #1: Signature Bypass
•
Reality
• Fully automated IDS/IPS can be noisy and dangerous
•
•
•
•
IDS/IPS/AV main functionality is signature based
These same signatures are available to the attackers
•
•
Alerts turned off or thresholds raised to do the same
After that first critical transaction is blocked by mistake this
typically goes away temporarily on a permanent basis
Attackers purchase the same subscriptions and appliances you have to perform QA of their malware products
So what do attackers do with available signatures?
•
•
•
•
Mutation
Encoding and Packing
Encryption •
Network and File
Avoid AV detection by never touching the disk
23
Case Study #1: Signature Bypass
• Demo #1: Antivirus bypass
Attacker: 192.168.10.10
Target: 192.168.10.202
AV: Avast
• Food for thought…
24
Case Study #1: Signature Bypass
•
Malware Generation Rates
25
Case Study #2: Social Engineering
• So, now I know malware is dangerous. But how do they get it into the environment?
• Fun with Social Engineering
• Fancy name for traditional “con games”
• Attacking an environment via (technical) manipulation of people • Focused on user habits, mannerisms, human nature, entrenched organizational procedures and activities
• The attack vector of choice for many advanced attackers
• Effectiveness of typical countermeasures such as firewalls, anti‐virus, and intrusion detection systems are greatly reduced
26
Case Study #2: Social Engineering
• Cyber criminals are increasingly turning to social networks, as opposed to email services, to attack users as it is much more difficult to monitor and control and users are more likely to fall for scams because of inherent trust relationships
• Attacks are happening “inside the castle” with mainly local anti‐
virus as the last line of defense which is a scary thought
• Pharming
• Phishing
• Spear Phishing
• Whaling
27
Case Study #2: Social Engineering
• Demo #2: Social Engineering Demo
Google Mail
Target: 192.168.10.202
OS: Patched WinXP
Linkedin.com
Attacker:
192.168.10.10
LinkedIn Clone
28
Case Study #3:
Good Example of a Bad Example
•
The Phone Call…
•
•
•
•
•
“Uh, buddy, we can really use some help. Can you be here
tomorrow?”
“I’ll do my best. What’s wrong?”
“We think we’ve had a breach. We need some help figuring out what
is going on.”
“Ok, I’ll start making plans. What makes you think you’ve been
breached?”
“Somebody just moved $1,500,000 out of our corporate bank accounts
to China.”
•
•
•
•
As an investigator, we call this a clue
“That is suspicious. What do you have for us to work with?”
“Are you trying to be funny? You were just here. We haven’t changed
much.”
“Ok, let’s see what we can do…”
Case Study #3:
Good Example of a Bad Example
•
This is called a bad day
Unaffected
Users
1
5
Known Event
Start
Bank
2
4
Affected User
3
Recommendations
•
•
Bring security into Risk Management process
Necessary to create APPROPRIATE controls
•
•
•
•
Horses and fences…
It is not meant to bring risk to zero
It is only meant to create a rational, non‐emotional approach to managing risk External Drivers
Notice the loop…
Industry
Regulatory
Threats
Risk Management
Oversight
Internal Drivers
Business Processes
Policies and Procedures
Metrics
Resources
Deploy and Educate
Analyze and Design
Implement
31
Recommendations
• Understand that modern threats are built to bypass preventative controls
• Adjust your focus to robust detective and corrective controls
32
Recommendations
• Move from point solutions to consolidated monitoring
• Correlate disparate systems logs (patterns in timing, traffic, behavior, etc.)
• Understand attacker tendencies and battle plans
• Modern attackers are after profit
• Understand what they want, how they’d get to it, and how they’d get it out
• “87% percent of victims had evidence of the breach in their log files, yet missed it.“ Verizon 2010 Data Breach Report
33
Recommendations
• Understand that AV is becoming less and less effective
• It is still a foundational element of your security posture, but don’t place sole reliance on these solutions • Utilize different AV solutions at different points in the network
• Robust patching including more than just the Operating System
• Browsers, office apps, third‐party apps (Java, Flash, Quicktime, etc.)
• User awareness training
•
•
•
•
•
What is Social Engineering? How does it work? What are popular tactics? Hint: Make it about THEIR risk…
If you can afford it, conduct a social engineering test at least once a year
Do NOT punish failure, identify areas that need additional training
Don’t forget your customers and business partners…
• When was the last time you did a CIRT exercise?
34
Summary
• Don’t Panic
• Plan to fail, but plan to fail gracefully
• Ability to know when a control has failed
• Ability to recover quickly and with minimal damage
• We’ve pointed out methods to bypass individual types of controls on a case by case basis
• Consolidated, robust controls in a defense‐in‐depth manner are effective
• Do not become a “hacker snack”
• Hard and crunchy on the outside, soft and gooey in the middle
• Every hoop you force the attacker to jump through is a chance for you to detect them… if you are watching
• You don’t need to out run the bear…
35
3rd Party Cyber Liability Coverage –
Losses Suffered by Your Clients or Patients
Other 3rd Party Cyber Liability Coverages
1st Party Cyber Liability Coverage –
Loss Suffered Directly By An Insured
The Insurance Gap – Cyber and Privacy
are NOT typically covered under…
The Importance of a Knowledgeable Broker
 The Application/Underwriting Submission Process:



An involved process as an Application is typically required prior to release of a formal quote
Supplemental information (internal control details such as encryption techniques used, experience of IT
department, etc) may be required
Finally, a call between an underwriters/carrier tech experts and client IT department may be
necessary/beneficial
 Negotiating the marketplace – Coverage is not standardized



Modular format of Privacy and Liability coverage – what clauses fit a particular risk, which need to be
amended and which can be excluded
Internal contract language varies from carrier to carrier (and current market supports over 30 carriers
offering coverage)
Example: Per record lost breach notification limit or sublimited coverage by dollar amount (i.e., a Limit of
User Records breached ala 2 million users, vs. a set dollar sub limit for notification costs
 The Importance of a sophisticated Broker – The USI advantage:




USI has a dedicated team of Cyber and Privacy Liability experts to advise clients
USI has access to the leading markets in Cyber and Privacy Liability
USI has negotiated complex cyber and privacy coverages across industries
USI stands ready to assist clients and prospects navigate this new landscape
Corrections and Remedies: Going after the bad
guys and implementing workable fixes
klgates.com
klgates.com
42
Example 1
klgates.com
klgates.com
klgates.com
klgates.com
klgates.com
klgates.com






























Microsoft Mail Internet Headers Version 2.0
Received: from smtp1.klgates.com (192.168.50.12) by uspexhub01.kldomain.com
(10.50.51.20) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May 2010
12:17:07 -0400
Received: from mail193-tx2-R.bigfish.com (65.55.88.114) by smtp2.klgates.com
(192.168.50.12) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May
2010 12:17:09 -0400
Received: from mail193-tx2 (localhost.localdomain [127.0.0.1]) by
mail193-tx2-R.bigfish.com (Postfix) with ESMTP id D9FBA160826D
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from TX2EHSMHS031.bigfish.com (unknown [10.9.14.239])
by
mail193-tx2.bigfish.com (Postfix) with ESMTP id B2436D7004B
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from snt0-omc4-s16.snt0.hotmail.com (65.55.90.219) by
TX2EHSMHS031.bigfish.com (10.9.99.131) with Microsoft SMTP Server id
14.0.482.44; Tue, 11 May 2010 16:17:05 +0000
Received: from SNT119-W20 ([65.55.90.200]) by snt0-omc4-s16.snt0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 11 May 2010 09:17:05 -0700
Message-ID: <SNT119-W207333051C3972D0BCDFBDC7FA0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_5ed71e7b-bb19-4fdf-86fd-8318a8696e4b_"
X-Originating-IP: [76.121.52.87]
From: Bill Clinton <seattlestalker@hotmail.com>
To: <david.bateman@klgates.com>
Subject: Can You Find Me?
Date: Tue, 11 May 2010 16:17:05 +0000
Importance: Normal
FILETIME=[65BF99E0:01CAF125]
X-Reverse-DNS: snt0-omc4-s16.snt0.hotmail.com
klgates.com
Return-Path: seattlestalker@hotmail.com






























Microsoft Mail Internet Headers Version 2.0
Received: from smtp1.klgates.com (192.168.50.12) by uspexhub01.kldomain.com
(10.50.51.20) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May 2010
12:17:07 -0400
Received: from mail193-tx2-R.bigfish.com (65.55.88.114) by smtp2.klgates.com
(192.168.50.12) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May
2010 12:17:09 -0400
Received: from mail193-tx2 (localhost.localdomain [127.0.0.1]) by
mail193-tx2-R.bigfish.com (Postfix) with ESMTP id D9FBA160826D
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from TX2EHSMHS031.bigfish.com (unknown [10.9.14.239])
by
mail193-tx2.bigfish.com (Postfix) with ESMTP id B2436D7004B
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from snt0-omc4-s16.snt0.hotmail.com (65.55.90.219) by
TX2EHSMHS031.bigfish.com (10.9.99.131) with Microsoft SMTP Server id
14.0.482.44; Tue, 11 May 2010 16:17:05 +0000
Received: from SNT119-W20 ([65.55.90.200]) by snt0-omc4-s16.snt0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 11 May 2010 09:17:05 -0700
Message-ID: <SNT119-W207333051C3972D0BCDFBDC7FA0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_5ed71e7b-bb19-4fdf-86fd-8318a8696e4b_"
X-Originating-IP: [76.121.52.87]
From: Bill Clinton <seattlestalker@hotmail.com>
To: <david.bateman@klgates.com>
Subject: Can You Find Me?
Date: Tue, 11 May 2010 16:17:05 +0000
Importance: Normal
FILETIME=[65BF99E0:01CAF125]
X-Reverse-DNS: snt0-omc4-s16.snt0.hotmail.com
klgates.com
Return-Path: seattlestalker@hotmail.com
192.168.50.12
65.55.90.200
76.121.52.87
65.55.90.200
KLGATES.COM
192.168.50.12
76.121.52.87
klgates.com






























Microsoft Mail Internet Headers Version 2.0
Received: from smtp1.klgates.com (192.168.50.12) by uspexhub01.kldomain.com
(10.50.51.20) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May 2010
12:17:07 -0400
Received: from mail193-tx2-R.bigfish.com (65.55.88.114) by smtp2.klgates.com
(192.168.50.12) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 11 May
2010 12:17:09 -0400
Received: from mail193-tx2 (localhost.localdomain [127.0.0.1]) by
mail193-tx2-R.bigfish.com (Postfix) with ESMTP id D9FBA160826D
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from TX2EHSMHS031.bigfish.com (unknown [10.9.14.239])
by
mail193-tx2.bigfish.com (Postfix) with ESMTP id B2436D7004B
for
<david.bateman@klgates.com>; Tue, 11 May 2010 16:17:06 +0000 (UTC)
Received: from snt0-omc4-s16.snt0.hotmail.com (65.55.90.219) by
TX2EHSMHS031.bigfish.com (10.9.99.131) with Microsoft SMTP Server id
14.0.482.44; Tue, 11 May 2010 16:17:05 +0000
Received: from SNT119-W20 ([65.55.90.200]) by snt0-omc4-s16.snt0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 11 May 2010 09:17:05 -0700
Message-ID: <SNT119-W207333051C3972D0BCDFBDC7FA0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_5ed71e7b-bb19-4fdf-86fd-8318a8696e4b_"
X-Originating-IP: [76.121.52.87]
From: Bill Clinton <seattlestalker@hotmail.com>
To: <david.bateman@klgates.com>
Subject: Can You Find Me?
Date: Tue, 11 May 2010 16:17:05 +0000
Importance: Normal
FILETIME=[65BF99E0:01CAF125]
X-Reverse-DNS: snt0-omc4-s16.snt0.hotmail.com
klgates.com
Return-Path: seattlestalker@hotmail.com
192.168.50.12
65.55.90.200
76.121.52.87
Comcast Cable
Washington
76.121.52.87
klgates.com
76.121.52.87
klgates.com
Forensics + Subpoena Power = Success
 “John Doe” lawsuits
 Extensive use in Internet cases due to anonymity and
fake identities
 Allow discovery into identity, location and activities of
online users
 Governed by local rules and procedures
klgates.com
klgates.com
TEN BENEFITS OF CIVIL LITIGATION
1. Speed
2. Independent filing decision
3. Simplicity of process
4. Scalable resources
5. Lower burden of proof
6. No 4th Amendment limitations
7. Lower ECPA standards
8. No consumer loss required
9. Modest costs
10. Publicity
• Brand protection
• Restore customer confidence
• Deterrent to bad actors
klgates.com
Example 2
klgates.com
Phishing, Hacking and Customer Fraud

Visible link:
https://www.citibank.com/signin/citifi/scripts/login2/update_pin.jsp
Actual link:
http://61.128.198.62/Verify/
klgates.com
Phishing, Hacking and Customer Fraud
klgates.com
Phishing, Hacking and Customer Fraud
klgates.com
Phishing, Hacking and Customer Fraud
klgates.com
Cooperation with Law Enforcement
From: billing@msn.com
To: [recipients]
Sent: Tuesday, September 30, 2011 5:43 PM
Subject: MSN Billing Update
Dear MSN Customer,
SPOOFED E-MAIL ADDRESS
We regret to inform you that technical difficulties arose with the installation of new software upgrades
Unfortunately part of our customer database, and backup system became inactive. In order to enjoy your
MSN experience and keep your account active, we will require you to enter your information in our online
billing center at your convenience or calling our customer support team (1-877-676-3678). The average
hold time is 45 minutes.
As an added incentive to using the web based account center we offer 50% credit to your next bill. Please
take a moment and re-enter your account information at our secure online account center by visiting:
http://billing.msn.com@msn6.dr.ag/5CFGs46hdWrQJ_4643fJdBDbmS5gd66JF4fFFhf540EGDdTjj20BBEyr556yS3/secure.asp
Sincerely,
Sandy Page
MSN Billing Department
klgates.com
Cooperation with Law Enforcement
1. K&L Gates files Doe lawsuit in Seattle
9. Handoff to FBI for box seizure
8. Investigation reveals
phisher resident at address
2. Subpoena to SF hosting for
<dr.ag> -- identifies sub-assignee
of IP address
3. Subpoena to sub-assignee
identifies name and Yahoo! email address for domain owner
7. Subpoena to Qwest identifies
DSL subscriber in Iowa
4. Yahoo! provides Austrian
contact information for domain
owner
6. Some log-in IPs resolve to
Qwest
5. Austrian domain owner explains
that he runs re-direct site, and
provides log-in IPs
klgates.com
Cooperation with Law Enforcement
klgates.com
Example 3
klgates.com
Cybersquatting and Domain Protection
aberceombie.com
klgates.com
klgates.com
“Brandit” domain name portfolio excerpts
1-800FLOWERSCOM.com
FOX-SPORTS.ORG
NY-TIMES.ORG
AMERICAEXPRESS.ORG
1800FLOWERCOM.com
FOX-SPORTS.net
NY-TIMES.net
AMERICAEXPRESSCARD.ORG
FOXAPORTS.net
NYTIME.net
AMERICAEXPRESSCARD.net
BARNEANDNOBLES.net
FOXDPORTS.net
NYTIMESCOM.ORG
AMERICANEXPRESCARD.ORG
BARNESNNOBLE.net
FOXNEWSCOM.ORG
NYTIMESCOM.net
BARNESNOBLE.ORG
FOXNEWSCOM.net
NYTIMESE.ORG
FOXPORTS.ORG
NYTIMESE.net
HOMEDEPOTCENTER.net
FOXPORTS.net
NYTIMESEE.ORG
HOMEDEPOTCOM.net
FOXPSORTS.ORG
NYTIMESEE.net
HOMEDEPOTS.ORG
HOMESDEPOT.net
HOMESDEPOTS.ORG
HOMESDEPOTS.net
NYTIMEZ.ORG
ASJKEEVES.net
NYTIMEZ.net
ASK-JEEVE.net
BOSTONHERALDS.ORG
BOSTONHERALDS.com
AMERICANEXPRESSCAD.com
AMERICANEXPRESSCARD.ORG
AMERICANEXPRESSCARDCOM.ORG
AMERICANEXPRESSCARDCOM.com
WWWALMART.ORG
WWWALMART.net
WWWASHINGTONTIMES.com
WWWASHINGTONTIMES.net
BOSTON-HERALD.net
BOSTONHERALD.ORG
AMERICANEXPRESCARD.net
AMERICANEXPRESSCARDCOM.net
ASK-JEEVE.ORG
ASK-JEEVE.com
AMERICANEXPRESCARD.com
ASKEJEVES.ORG
AAMAZON.ORG
ASKEJEVES.net
ASKHEEVE.com
AAMZON.ORG
AAMZON.net
klgates.com
CNNCOM.net
CNNNEWS.net
Cybersquatting and Domain Protection
klgates.com
Cybersquatting and Domain Protection
klgates.com
klgates.com
Example 4
klgates.com
Affiliate Misbehavior and Tracking
klgates.com
Affiliate Misbehavior and Tracking
From: CostcoClub@bestjobsbargains.com
To: kylierobinson69@hotmail.com
Subject: RE: Your Costco Gift Card is Expiring kylierobinson69
Date: Mon, 7 Dec 2009 22:56:30 -0500
klgates.com
Affiliate Misbehavior and Tracking
klgates.com
Affiliate Misbehavior and Tracking
From: CostcoClub@bestjobsbargains.com
To: kylierobinson69@hotmail.com
Subject: RE: Your Costco Gift Card is Expiring kylierobinson69
Date: Mon, 7 Dec 2009 22:56:30 -0500
klgates.com
Affiliate Misbehavior and Tracking
klgates.com
Affiliate Misbehavior and Tracking
bestjobsbargains.com
clickbooth.com
offerawards.com
Offerawards.com/G/int?campaignID=445&subcid=CD43878
klgates.com
Cooperation with Law Enforcement
klgates.com
Approaches to Obtaining Discovery
klgates.com
Identifying Sources of Discovery
 Emails
 Email Provider
 Tracing email header information
 Websites
 Hosting
 Registrar / Privacy Protection
 URL links, source code and images





Payment Processor Records
IP addresses
Phone numbers (VOIP)
Internal Server logs
Test Purchases
klgates.com
Preservation
 Consider requesting preservation of data
 Some providers have a limited window of retention
 Chance of sketchier entities purging data after
request.
 Nonparties are not required to preserve documents
 Many will voluntarily preserve if requested
 Pre-discovery preservation order may be obtained,
Fed. R. Civ. P. 26(d)(1).
klgates.com
Subpoena Considerations
 How long is data preserved?
 Urgency and timeline




Time to get subpoena issued
Time to get subpoena served
Time for subscriber notice
Time for recipient response
klgates.com
Subpoena Considerations
 Where to serve subpoenas
 www.search.org/programs/hightech/isp/
klgates.com
Subpoena Considerations
 Account holder may get
notice and opportunity
to object
 Service provider policy
 Statute, e.g., cable
company
 Court imposed
obligation
 Account holder has
standing to contest
disclosure
klgates.com
Cable Companies
 Regular ISP vs Cable Company ISP
 Cable Communications Policy Act of 1984
(CCPA), 47 U.S.C. § 551
 Advance consent obtained or
advance notice of compliance with
an order compelling disclosure of
personally identifiable customer
information, 551(c)(1), 551(c)(2)(B)
 Cable companies providing
Internet follow CCPA. Require a
court order
 However, several circuits have
ruled Internet service is not “Cable
service” under CCPA
klgates.com
Publicity
 Streisand Effect
 “An attempt to censor
or remove a piece of
information backfires,
causing the
information to be
widely publicized”
klgates.com
Limits on Subpoenas -First Amendment Right to
Anonymous Speech
 First Amendment protection
recognized for truth, opinion,
commentary – even if unpleasant
 Hurdle for discovery:
 Cahill v. Doe (Delaware)
 Dendrite International v. Does
(NJ)
 CyberSLAPP
 Are postings the defendant’s right
to free speech in connection with a
public issue?
 Bloggers as Journalists
 News Gatherers’ Privilege under
the First Amendment
 State Constitutional Rights
 Reporters’ Shield Laws
klgates.com
Limits on Subpoenas -No Content
Stored Communications Act (SCA),18 U.S.C. § 2702
Electronic Communications Service (“ECS”)

provides the ability to send and receive communications

may not divulge contents “while in electronic storage”

electronic storage:


(a) temporary, intermediate storage incidental to transmission
(b) storage for backup protection
Remote Computing Service (“RCS”)


provides computer storage or processing services
may not divulge contents of any communication which is carried or maintained on the
service solely for the purpose of providing storage or computer processing services
klgates.com
Limits on Subpoenas -No Content
Stored Communications Act (SCA),18 U.S.C. § 2702
Some exceptions
 Lawful consent of sender or intended recipient
 Protection of the rights or property of the provider
Legal controversy regarding forced “consent”
 California previously ordered juror who posted evidence, during trial, to give content to
access his Facebook page. Juror No. 1 v. Superior Court of Sacramento County
 Scope of mandatory “consent” being litigated in Cal. Ct. of Appeals in Facebook v.
Superior Court of Los Angeles County
klgates.com
DDOS ATTACKS
ADWARE
BOTNETS
CONTEXTUAL ADS
ANONYMOUS POSTS
SEARCH ENGINE OPTIMIZATION
CLICK FRAUD
SPIM
PARASITE SITES
CHILD PROTECTION UNAUTHORIZED ACCESS
SCRAPING
PIRACY
SPOOFING
EMAIL THREATS
HACKING
SOCIAL NETWORKS
PHISHING
SCAREWARE
MALVERTISING
TRAFFIC HIJACKING
DEEP PACKET INSPECTION
SPAM
ONLINE DEFAMATION
DOMAIN DEFENSE
CYBERSQUATTING
klgates.com
DRM
SPYWARE
9
Data Breaches: questions
Where and
what law?
Who?
•
•
•
•
End users
Business
Regulators
Others
How else can
you protect
yourself?
94
Related documents
PUBLIC POLICY AND LAW PRACTICE: ENERGY
PUBLIC POLICY AND LAW PRACTICE: ENERGY
E-commerce Companies Face EU Competition Scrutiny
E-commerce Companies Face EU Competition Scrutiny
European Commission Launches Reform of EU Policy-Making Process
European Commission Launches Reform of EU Policy-Making Process
2015: A New Agenda for Europe
2015: A New Agenda for Europe
UK Employment Law Update – January 2016 Webinar
UK Employment Law Update – January 2016 Webinar
K&L Gates Global Government Solutions 2011: Mid-Year Outlook An Excerpt From:
K&L Gates Global Government Solutions 2011: Mid-Year Outlook An Excerpt From:
Preparing for a Rising Interest Rate Environment
Preparing for a Rising Interest Rate Environment
UK Employment Law Update – April 2016 Webinar
UK Employment Law Update – April 2016 Webinar
Download
advertisement