• Categories

  • Archives

  • Pages

  • Who. What.

    For the trial law and legal community from a private investigator's perspective. The Beacon Bulletin is the weekly newsletter authored and published by our parent company, Beacon Network Investigations, LLC (BNI). We're a private investigation company. We DON'T dispense legal advice, respond to anonymous queries or black hat your enemies for you. (Internally, however, points are alloted for perfectly wordsmithed compliments.) We DO hope to inform. That's our business.
  • August 2019
    M T W T F S S
    « Jul    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Recent Posts

What The Law Can and Can Not Do About Cyber Stalking, Part I

cyberstalker

 

(In Part I of the two-part series, What The Law Can and Can Not Do About Cyber Stalking, we define cyber-stalking; its meaning and statistics.  Part II will be a very specific checklist of what to do if you believe you are a victim of cyber stalking.)

If you’ve been online in a social media context, whether in a chat room, FB, Twitter, etc., for longer than several months, you’ve probably felt, to some degree,  that your privacy has been compromised.  For example and factually, in a general conversation on FB, I’ve been asked where I live, where I work, what type of car I drive and which schools do my kids attend.  In a face to face chat at a block party with your new neighbors, those questions are simply part of making conversation.  Online, however, these very same questions are creepy. And they should be!  You can vet your new neighbors through other neighbors, the postal carrier and by yourself visually by observing their comings and goings.  Obviously, you do not have access to that sort of information with strangers online.  However, we are all online trying to form, strengthen or preserve social connections and to do so, candid conversation is required.

The primary rule of online communication is “Use common sense”.  When my sister, Carmela, asks me what time I will be getting home from work today, I will respond factually.  “Bob from Oklahoma” (with whom I have three mutual friends, twice-removed) asking the same exact question receives no response.  But, in answering Mel,  I’ve already told Creepy Bob my schedule and he didn’t have to lift a finger to get the information.  Cyberstalkers often work through others, engaging in what appears to be casual conversation with the rest of the people on the same thread but the difference is that they are compiling information on their subject and believe that they are engaged in a one-on-one relationship with the subject.  In the past year alone, think of the hundreds or thousands of interactions you’ve had on Facebook with family members, real time friends and online connections.  Now try to remember all of the information contained within those conversations. Finally, imagine a cyberstalker having all of this information and s/he believes he is in a relationship (romantic, friendship, mentor/student, etc.) with you. Invariably, something will go “wrong” and in your stalker’s mind, you have turned against him so begins to harass you.  What can you do?  What are the rules with cyberstalking?  Who do you turn to to report what you believe  is harassing, or worse, threatening behavior?

What Is Cyberstalking?
At its most basic legal definition, “cyber-stalking is a repeated course of conduct that’s aimed at a person designed to cause emotional distress and fear of physical harm,” said Danielle Citron, a professor at the University of Maryland’s Francis King Carey School of Law. Citron is an expert in the area of cyber-stalking, and recently published the book called Hate Crimes in Cyberspace. Citron states that cyber-stalking can include threats of violence (often sexual), spreading lies asserted as facts (like a person has herpes, a criminal record, or is a sexual predator), posting sensitive information online (whether that’s nude or compromising photos or social security numbers), and technological attacks (falsely shutting down a person’s social-media account).

According to the United States Bureau of Justice Statistics’ Supplemental Victimization Survey (SVS), individuals are classified as stalking victims if they experienced at least one of these behaviors on at least two separate occasions. In addition, the individuals must have feared for their safety or that of a family member as a result of the course of conduct, or have experienced additional threatening behaviors that would cause a reasonable person to feel fear.

The SVS measured stalking behaviors as:

  • making unwanted phone calls
  • sending unsolicited or unwanted letters or e-mails
  • following or spying on the victim
  • showing up at places without a legitimate reason
  • waiting at places for the victim
  • leaving unwanted items, presents, or flowers
  • posting information or spreading rumors about the victim on the internet, in a public place, or by word of mouth.

Who Is Most Likely To Be CyberStalked?

Summary Findings by the USBJS:

  • During a 12-month period an estimated 14 in every 1,000 persons age 18 or older were victims of stalking
  • About half (46%) of stalking victims experienced at least one unwanted contact per week, and 11% of victims said they had been stalked for 5 years or more.
  • The risk of stalking victimization was highest for individuals who were divorced or separated—34 per 1,000 individuals.
  • Women were at greater risk than men for stalking victimization; however, women and men were equally likely to experience harassment.
  • Male (37%) and female (41%) stalking victimizations were equally likely to be reported to the police.
  • Approximately 1 in 4 stalking victims reported some form of cyberstalking such as e-mail (83%) or instant messaging (35%).
  • 46% of stalking victims felt fear of not knowing what would happen next.
  • Nearly 3 in 4 stalking victims knew their offender in some capacity.
  • More than half of stalking victims lost 5 or more days from work.

What Are the Anti-Stalking Laws?

All states have anti-harassment laws on the books but the law is still trying to catch up with technology in cases of cyber-stalking due to the new means of information transmission and the very public nature of social media postings. (For example, it is now generally accepted by all states prosecutors that, even with the subject’s initial agreement to pose naked, unauthorized distribution of nude photos are a form of harassment.)

WHO@ provides links to state-by-state current and pending cyberstalking-related laws.  WHO@, Working To Halt Abuse Online,  is an online organization who states its mission is, “to provide a variety of information and perspectives on the issue of online harassment, abuse and cyberstalking.  Education, information and communication are the keys to solving the complex problems of harassment and abuse online.”

By way of example. the below information on harassment, to include cyber-stalking, is available via click-through on their site.  NEW YORK: 

§240.30 Aggravated harassment in the second degree.
A person is guilty of aggravated harassment in the second degree when, with intent to harass, annoy, threaten or alarm another person, he or she:
1. Either
(a) communicates with a person, anonymously or otherwise, by telephone, by telegraph, or by mail, or by transmitting or delivering any other form of written communication, in a manner likely to cause annoyance or alarm; or
(b) causes a communication to be initiated by mechanical or electronic means or otherwise with a person, anonymously or otherwise, by telephone, by telegraph, or by mail, or by transmitting or delivering any other form of written communication, in a manner likely to cause annoyance or alarm; or
2. Makes a telephone call, whether or not a conversation ensues, with no purpose of legitimate communication; or
3. Strikes, shoves, kicks, or otherwise subjects another person to physical contact, or attempts or threatens to do the same because of a belief or perception regarding such person’s race, color, national origin, ancestry, gender, religion, religious practice, age, disability or sexual orientation, regardless of whether the belief or perception is correct; or
4. Commits the crime of harassment in the first degree and has previously been convicted of the crime of harassment in the first degree as defined by section 240.25 of this article within the preceding ten years.
5. For the purposes of subdivision one of this section, “form of written communication” shall include, but not be limited to, a recording as defined in subdivision six of section 275.00 of this part.
Aggravated harassment in the second degree is a class A misdemeanor.

Next week, we will publish Part II of this series, bringing to you a checklist, complied by seasoned law enforcement detectives, on what to do if you are the victim of a cyber-stalker.  However, if you feel you are in any danger, call 911 ASAP.   An ounce of being overly-cautious is a much better value than a lifetime of regret.

Bottom line: Trust your instincts – especially online.  These people are virtual and virtually, strangers!

BNI Operatives: Situationally aware.

As always, stay safe.

The Three Biggest Security Threats We Face In 2016

hacker

 

Welcome, 2016 and here come the security threats!

Extortion Hacks

2014 brought us the Sony hack wherein millions of confidential records, including internal emails between corporate executives – that revealed the still-thriving prejudices that exist in Hollywood  – were illegal, electronically obtained and released to the public.  Because they (the hackers) could.

2015 progressed to extortion hacks; nimble-fingered computer criminals accessed private client information from Ashley Madison hack, taking down a CEO and exposed possibly millions of would-be cheaters to public ridicule and worse; and then the hack of InvestBank in the United Arab Emirates, which resulted in the exposure of customer account information.

Extortion hacks play to the deepest fears of companies and top executives everywhere.  If mishandled, company secrets run the risk of exposure, clients can file lawsuits and these very executives stand to lose their jobs. 2016 will see a massive rise in extortion hacks with astronomical demands.

 

Data Change/Manipulation Attacks

From Wired:

In testimony this year, James Clapper, the director of national intelligence, told Congress that cyber operations that change or manipulate digital data in order to compromise its integrity—instead of deleting or releasing stolen data—is our next nightmare. Mike Rogers, head of the NSA and US Cyber Command said the same thing. “At the moment, most [of the serious hacks] has been theft,” Rogers said. “But what if someone gets in the system and starts manipulating and changing data, to the point where now as an operator, you no longer believe what you’re seeing in your system?”

Data sabotage can be much more difficult to detect than the kind of physical destruction caused by Stuxnet. That’s because data alterations can be so slight yet have enormous consequences and implications. Anyone remember the Lotus 1-2-3 bug back in the 90s that would produce accounting miscalculations in spreadsheets under certain conditions? That was an unintentional error. But attackers could get into financial and stock-trading systems to alter data and force stock prices to rise or fall, depending on their aim.

Certain types of data manipulation could even result in deaths. In 1991 a Patriot missile in Saudi Arabia during the first Gulf War failed to intercept an incoming Scud missile due to a software glitch in the weapon’s control computer, allowing the Scud to hit an Army barracks and kill 28 soldiers. Again, this was an unintentional bug. But Chinese spies have invaded numerous US defense contractor networks in the last decade, raising concern among US military officials that they’re not just stealing blueprints to copy weapons, but might also alter or insert code to sabotage the integrity of weapons systems and change how they operate.

 

Chip and Pin Credit Card Hacks

From Tripwire:

Over the course of the last decade, major credit card companies have begun to implement EMV or “chip and pin” technology. This system requires that a card reader retrieve the customer’s information off of their card’s magnetized chip, which is followed by the cardholder entering in their PIN number.

As a result, chip and pin essentially constitutes a method of two-factor authentication (2FA) for payment card purchases. It is an added security measure that is designed to prevent credit card fraud if a card is physically stolen, so it is natural that VISA, Mastercard and others would switch to EMV technology – even despite the fact that many companies were just recently unprepared for the transition.

I just received my credit and bank EMV-embedded cards.  As the Tripwire article mentions, many merchants are still unprepared to process these cards but that’s the least of worries.  Given that 69% of most purchases utilizing these cards now occur online, the one-time code per transaction is irrelevant as neither the card or a PIN is required for online purchases.  So we are back to cyber criminals simply stealing the card numbers.

The good news is that law enforcement agencies are hiring in record numbers those with anti-hacking experience!

Be smart:  buy via trusted online vendors or use secure purchase transaction portals such as PayPal.

BNI Operatives: Situationally aware.

As always, stay safe.

 

%d bloggers like this: