SIM hijacking, security measures and bank’s liability

Threats change, but security measures to protect account holders do not. Can banks still blame users in case of frauds? by Andrea Monti – Originally published in Italian by Infosec News

One of the many recent cases reported by the press in Italy accounts for the umpteenth fraud committed against a bank account holder exploiting a SIM hijacking attack. Not even a week ago, I had to deal with a similar case, where through a social engineering attack, the scammers mislead the customer into giving them by telephone the OTP to finalise the fraudulent transaction.

In many cases, the victim manages to obtain a refund of the stolen amount, but in others the bank refuses, claiming the client’s negligence for not recognising the fraudulent nature of the criminal behaviour. In other words and rough terms: the bank does not pay for the outcomes of the stupidity or ignorance of the victim.

However, is that so? Continue reading “SIM hijacking, security measures and bank’s liability”

Facebook and Telegram seizures reveal the problems that plague the online criminal investigations

by Andrea Monti – Originally published in Italian by Infosec.News

An article published on page 30 of IlSole24Ore of 11 November 2020 reports on the seizure-by-access-blocking of Facebook and Telegram by the Public Prosecutor’s Office of Naples. According to the newspaper, the Public Prosecutor’s Office ordered a “seizure-by-obscuration” of several domain names and a significant number of IPs.

The Guardia di Finanza (Italian tax police force) notified the magistrate’s decision to the operators and internet service providers. While the latter are executing the magistrate’s order, a further note from the Guardia di Finanza arrives asking them not to follow up the inhibition or in any case unblock sixty-six domain names, among which the first two are Facebook (it-it.facebook.com) and Telegram (t.me). Continue reading “Facebook and Telegram seizures reveal the problems that plague the online criminal investigations”

Defending Computer Criminals

Andrea Monti – Adjunct Professor of Public Order and Security
University Gabriele d’Annunzio – Chieti-Pescara, IT – amonti@unich.it

Paper presented at the Tokyo CodeBlue Conference 2020

Abstract

This paper is about defending a person accused of computer crime and computer-related crime in Court. It is intended as a primer for those defence counsel who have no experience in the specific field of criminal trials involving computer, digital assets and the Internet. At the same time, it provides insights to computer experts wanting to enter into the digital forensics sector, because it offers a way to understand how a lawyer thinks, and what are his needs when designing a defence strategy.

The focus is on the practical issues, as emerged from the direct trial experience of the author and of other criminal trial lawyers, therefore the legal theory and the ICT technical aspects are not discussed in detail. Both the legal and the IT professional, though, can find in the discussion enough hints to widen their understanding of the matter and improve the effectiveness of their strategies.

The paper is structured in three part: a criminological profile’s taxonomy of the defendants, the analysis of the digital investigation carried on by the prosecution to build the case, and the trial strategies of the defence counsel.

Finally, a note on the cases discussed in this paper: where possible, references to court decisions are available, but in some cases, for confidentiality reasons, the paper analyses the relevant elements without providing further information. Continue reading “Defending Computer Criminals”

Italian Prime Minister Decree 131/20 on the cyber perimeter increases confusion and does not protect national security

By Andrea Monti – Originally published in Italian by Infosec.News

Italian Prime Minister Decree 131/2020 is one of the acts resulting from the enactment of Law Decree 105/19, later converted into Law 133/09 establishing the national cyber perimeter, a concept also relevant for the application of Legislative Decree 65/18, transposing EU Directive 1148/16 (NIS Directive). While this sentence appears to be illegible and incomprehensible, the choices and content of the Prime Ministerial Decree are even more so because they increase the level of the contradiction of a body of legislation which, by regulating national security, should instead be easy to understand and agile to apply.

However, first things first. Continue reading “Italian Prime Minister Decree 131/20 on the cyber perimeter increases confusion and does not protect national security”