Posted on 11/19/2004 6:57:12 PM PST by misterrob
Okay folks, need some thoughts on cyber crime. My struggling start-up company was the victim of some soul-less person who decided to use a stolen credit card and then download copyrighted information from our server. They have since contacted us with some extortion demands which we won't pay, based both on principle and poverty. Come up with $40K or they distribute the two reports out to the world. They sent it to 10 people tonight and copied the addressed to us.
I've already filled out an on-line complaint with the FBI and I'm sure holding my breath waiting for them to do anything about it. Anyone else have any thoughts that they could share besides bend over and take it?
We are CoRE. We have obtained copies of your NanoMemory and NanoElectronics research reports. We believe in democatization of information. We will be emailing copies of the report to approximately 4,000 individuals involved in nanotechnology. The list is exhaustive. We will post the report on USENET.
We will seed the report into the major peer to peer networks. We will post messages on a number of industry forums indicating the release of the report into the public domain.
The reports retail at $3,995 each. If we receive an ex gratia payment equivalent to 10 copies of the report we will destroy the reports and abandon our plan. We have been paid significantly higher amounts by other larger organizations, including market research firms and investment banks, to prevent public domain release of expensive proprietary information products. We understand that you are a new business and you have put a lot of work into these reports, so we are being fair and requesting a lower amount. It is nearly Christmas. We want you to feel the love.
We hope that you have learned a valuable lesson. If you agree to our terms, we will advise you on additional security measures that you can take to protect your proprietary information. We are the best. We are CoRE.
You have EXACTLY 24 hours to reply. We do not compromise or negotiate. Law enforcement will not be able to assist you in any way. We are invisible. We are CoRE.
If you do not respond, we will email the reports to you on 11/22, copying 10 individuals from the mailing list on the email. That loss will be equivalent to our ex gratia payment. If we receive no further response, we will submit the report to our anonymous listserver. 4,000 * 3,995 = ?
Your friends at CoRE
Second one:
You will have received a separate email message with the Emerging NanoElectronics Markets report, which was addressed to 10 individuals picked at random from the mailing list.
10 * $3,995 = $39,995
If we do not hear from you by 5pm EST on Monday, the Emerging NanoElectronics Markets report will be sent to everybody on our nanotechnology mailing list. We will also send out the NanoMemory report to the same mailing list one week later.
Do not ignore us. This problem will not go away as you have now learned. Only you can make it go away.
With seasonal love from your friends at CoRE
Bastards......probably think that DU is too right wing for them.
CALL the FBI and do not give up until you get the proper department.
I believe CoRE is a hacking group that pirates software...
What a drag! I have no suggestions but I hope you get some help!!
Call local law enforcement immediately.
So let me get this streight... You sell an electronic file for about 4 grand, and are supprised when someone threatens to duplicate it?
For 4 grand you can print it on photo-copy/scanner proof paper, and send it by registered courier after the payment clears. At least they would have to re-type the whole thing manually.
For a tech company you seem to have taken some rather unwarranted risks.
BTW watch for 'about.blank'......it's a system killer.
No, they actually sent it people at Merrill Lynch, General Electric, a few start-ups and some VC firms. I sent notes to all of them and told them the story. I also lied a bit but told them these people steal reports, infect them with viruses and then send them out posing as someone inside the original company's organization. They shouldn't spread the reports around and not should they post them on the server lest they spread the plague.
The next mailing goes out to 4,000 people and it's up on usenet. I take solace in knowing that at least a lot of people out there will see my company's reports and become more familiar with our work. Still, the $100K plus hit is going to be a bit sh*t sandwhich to eat.
Interesting. I had thought that most of these were coming from Russians, but the language in this note sounds very American. Please keep us informed of what happens.
As an aside, this sort of thing points out fundamental weaknesses in the way we buy and sell information. It will continue to be possible until we face up to the implications of this question:
"how can I be fairly compensated for my creativity, in a world where my work can be duplicated and distributed almost instantly, at nearly zero cost?"
Well... I work in the software industry. Unfortunately, FBI is your best bet, unless you're a serious computer security expert that could potentially set a trap for them. Personally, I'd offer to pay - they have to receive the money somehow - and that's where the internet is no longer (as good of) a shield. Then you pass that info to the FBI. I would think the regular (non-information crime division) would be pretty darn good at tracking financial accounts, if not internet extortionists.
We publish reports, not software code. What they did is steal a credit card, use it to buy my reports and then try and extort money. They also sent out the reports to people using a bogus address with our domain name.
If you work for Intel and are found with photcopied documents you get fired. If you pass electronic copyright around and the IT department finds out you can get screwed for it. We can't stop someone from running it on a printer and sending it out to people but no one is going to buy bootlegged stuff if they work for a company. College kids and lowlifes were never going to pay so I don't really lose anything.
In the end, if someone wants to rip you they will.
Can I assume you reported this to local authorities since you found out the credit card was stolen or did the creditor contact you? Just curious.
I actually happened to be at the same conference with him this week and since the order looked fishy given that the hacker used, get this, a spoofed version of a competitor's domain, I brought it up to him.
Silly question .... The phone book has the Blue pages for reporting extortion and espionage; why did you simply web-file a complaint?
If you call someone, and talk to a real-live person; they can trace the account, and they may even have you pay the amount just so they can then convict the recipients as they 'cash in'.
I'd be all over this with the FBI, local police and your ISP.
1. Paying Core $40K would not seem to buy you anything. The horse is out of the barn.
2. Anyone could do this, whether with a stolen credit card or a legitimate purchase. It seems you have discovered a flaw in your business model.
3. If they send it to 4000 addresses, you probably could track them down -- question is at what cost.
4. Copyright infringement carries with it substantial criminal penalties. If you can get a prosecutor interested in this, and if there are some US actors involved, you might get them heavily fined or jailed for a short time.
Sick! Sick! Sick!
Hire a computer genius to track them? Too bad you can't just go to the yellow pages under Ruthless Internet Tracker.
You are correct. They are an international hacking crew. They usually only "crack" software for release to the general public. I am surprised and disappointed to hear that they are doing this.
Mister, the FBI is slow in responding because they know that logs on kept on servers, etc. These people can be traced. Just be patient.
As to what you have to do to not have them release the copyrighted info.....I don't know about that. I would say that you are out of luck.
However, I hope you have learned a good lesson about computer security.
Get encryption software.
Get a firewall, both hardware and software and a hotshot tech who knows how to configure both.
Have levels of security on those computers that have internet access.
Have a "server" so that only the server has access to the internet and other computers in the system have to go through the server to get to the internet.
Restrict internet access to only those computers which require it.
Restrict internet access to only those employees who require it. ( Marginal employees/lower echelon employees will usually use real-time chat programs, go to chat sites, do personal email, shop, etc. They alone can make your system more vulnerable. ) Run a tighter ship.
Good luck!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.