SIM hijacking, security measures and bank’s liability

Threats change, but security measures to protect account holders do not. Can banks still blame users in case of frauds? by Andrea Monti – Originally published in Italian by Infosec News

One of the many recent cases reported by the press in Italy accounts for the umpteenth fraud committed against a bank account holder exploiting a SIM hijacking attack. Not even a week ago, I had to deal with a similar case, where through a social engineering attack, the scammers mislead the customer into giving them by telephone the OTP to finalise the fraudulent transaction.

In many cases, the victim manages to obtain a refund of the stolen amount, but in others the bank refuses, claiming the client’s negligence for not recognising the fraudulent nature of the criminal behaviour. In other words and rough terms: the bank does not pay for the outcomes of the stupidity or ignorance of the victim.

However, is that so? Continue reading “SIM hijacking, security measures and bank’s liability”

Facebook and Telegram seizures reveal the problems that plague the online criminal investigations

by Andrea Monti – Originally published in Italian by Infosec.News

An article published on page 30 of IlSole24Ore of 11 November 2020 reports on the seizure-by-access-blocking of Facebook and Telegram by the Public Prosecutor’s Office of Naples. According to the newspaper, the Public Prosecutor’s Office ordered a “seizure-by-obscuration” of several domain names and a significant number of IPs.

The Guardia di Finanza (Italian tax police force) notified the magistrate’s decision to the operators and internet service providers. While the latter are executing the magistrate’s order, a further note from the Guardia di Finanza arrives asking them not to follow up the inhibition or in any case unblock sixty-six domain names, among which the first two are Facebook (it-it.facebook.com) and Telegram (t.me). Continue reading “Facebook and Telegram seizures reveal the problems that plague the online criminal investigations”

Defending Computer Criminals

Andrea Monti – Adjunct Professor of Public Order and Security
University Gabriele d’Annunzio – Chieti-Pescara, IT – amonti@unich.it

Paper presented at the Tokyo CodeBlue Conference 2020

Abstract

This paper is about defending a person accused of computer crime and computer-related crime in Court. It is intended as a primer for those defence counsel who have no experience in the specific field of criminal trials involving computer, digital assets and the Internet. At the same time, it provides insights to computer experts wanting to enter into the digital forensics sector, because it offers a way to understand how a lawyer thinks, and what are his needs when designing a defence strategy.

The focus is on the practical issues, as emerged from the direct trial experience of the author and of other criminal trial lawyers, therefore the legal theory and the ICT technical aspects are not discussed in detail. Both the legal and the IT professional, though, can find in the discussion enough hints to widen their understanding of the matter and improve the effectiveness of their strategies.

The paper is structured in three part: a criminological profile’s taxonomy of the defendants, the analysis of the digital investigation carried on by the prosecution to build the case, and the trial strategies of the defence counsel.

Finally, a note on the cases discussed in this paper: where possible, references to court decisions are available, but in some cases, for confidentiality reasons, the paper analyses the relevant elements without providing further information. Continue reading “Defending Computer Criminals”

GDPR compliance needs more incidents than fines

By Andrea Monti – originally published in Italian by Infosec News

I write this article in one of those rare moments when I indulge in the belief that computer security is something that should be taken seriously. I do not want to disrespect the many professionals who try to work by seriously helping customers and employers to “keep the ship going”. Nor, however, can I pretend to ignore what the cybersecurity market was and has become. Without many hackers, there would not even be the slightest improvement in security caused by these stunts.

Crime’s apology? Incitement to commit a crime? No, merely stating an objective fact: in the field of computer security, it is not the fines that induce legal compliance.

Project Gutenberg and the Crusader of Copyright

In the name of the new crusade against the “pirates of copyright” the public prosecutor of Rome seizes gutenberg.org, the site of the cultural project that digitizes and puts online copyright-free books. But neither the court nor the Guardia di Finanza has noticed. Is it a justifiable mistake? by Andrea Monti – originally published in Italian by Infosec.News
Continue reading “Project Gutenberg and the Crusader of Copyright”