After the investigation started by the Milan Public Prosecutor Office, another case of alleged rogue corporate security and law enforcement officer case hits mainstream media. Former Corporate security head of the Internationally known luxury firm Gucci, together with private investigators and law enforcement officers have been involved into a criminal investigation ran by Florence Public Prosecutor, with charges of computer illegal trespass.
On Nov. 14, 2008 I give a talk at DeepSec. The topic is the end of computer forensics, after the enforcement of the Cybercrime Convention.
On Oct. 10,02008 the Criminal Court of Milan issued an Order related to the criminal trial Docket Number 24919/05 RGNR stating that a bank whose customers were “affected” by successful phishing attacks, can seek for damages only against the phisher itself, while no civil action can be started against those who laundered the monies coming from the theft.
The people accused of money launderers, said the Court, had no part into the phishing attack, since they play their role only after the monies are stolen.
On Oct. 10 the Justice for preemptive investigation of the Court of Milan issued a decree of preemptive seizure against a couple of websites charged of trading cigarettes. [ 1. That in Italy is a State monopoly activity, thus forbidden to everybody but those that applied for a special license]
This decree is a replica – but a smarter one – of the decree issued (and ovverruled) by the Justice of preemptive investigation of the Court of Bergamo, in the notorious Piratebay case. No clear order of DNS hijacking has been issued, but fact is that ISP’s have to “obscure” a network resource that is far too away from their reach. Thus, if they cannot remove the “charged” files, the only alternative is… yes, you’re right: DNS hijacking.
N.B. Background information for this post are available here.
The Bergamo Court has overruled the preemptive seizure order with a decision that, instead of solving the problems arising from the first decision, creates worst issues. The Bergamo Court, in fact, has overruled the seizure, but only on the legal basis that “seizure” cannot be interpreted as “traffic hijacking”.
But the court did not, as it should have done, evaluate first of all the lack of Italian jurisdiction. By not doing so, the Bergamo tribunal has created a dangerous case law that, by reciprocity, allows any foreign magistrate to investigate and take to court an Italian citizen, with the additional absurdity that even in the absence of any evidence that a crime has been committed, a legal prosecution can be based on hypothetical “statistic calculation”.
Furthermore, by asserting the validity of the public prosecutor investigation, the Court has de facto established the automatic liability not only of internet providers, but also of search engines, and the possibility of using, as an investigative tool, data and information with no solid ground.
And also, by saying that even if preemptive seizure has been wrongly enforced , it is in theory compatible with sect.14 D.LGV 70/20003 (EU E-commerce directive implementation, dealing with ISP liability), the Court of Bergamo on the one hand allows “owners of ideas” to push for an additional and barbaric copyright law amendment while, on the other hand, it reaffirms an obvious error of interpretation of law by affirming the role of ISPs as “sheriffs of the net”.