Forgot your password?
typodupeerror
The Almighty Buck The Courts United Kingdom

UK Anti-Piracy Firm E-mails Reveal Cavalier Attitude Toward Legal Threats 200

Posted by timothy
from the who-would-have-thought dept.
Khyber writes "A recent DDoS attack against a UK-based anti-pirating firm, ACS:Law, has resulted in a large backup archive of the server contents being made available for download, [and this archive] is now being hosted by the Pirate Bay. Within this archive are e-mails from Andrew Crossley basically admitting that he is running a scam job, sending out thousands of frivolous legal threats on the premise that a percentage pay up immediately to avoid legal hassles."
This discussion has been archived. No new comments can be posted.

UK Anti-Piracy Firm E-mails Reveal Cavalier Attitude Toward Legal Threats

Comments Filter:
  • by Anonymous Coward on Saturday September 25, 2010 @08:29AM (#33696066)
    It was a chain of events, which was triggered by the DOS. According to what I read, in the process of countering the DOS, the default home page was briefly moved. This exposed a listing of the root directory, which happened to contain a backup image, which was rapidly grabbed by the DOSers.
  • Re:has resulted? (Score:5, Informative)

    by Anonymous Coward on Saturday September 25, 2010 @08:34AM (#33696082)

    The DDoS brought their servers down. They went down in flames so ACS:Law had to reinstall everything and their idiot admin exposed their entire website (mostly tons of confidential information) to the public. I downloaded it myself, the file is called backup-8.24.2010_12-58-28_acslawor and the shit I found in it was very scarry. If it wasn't for the DDoS, we wouldn't have gotten our hands on this file. Go die somewhere and stop posting shit you don't know anything about.

  • Re:Wow. (Score:4, Informative)

    by timeOday (582209) on Saturday September 25, 2010 @08:37AM (#33696116)
    Is what surprising? After reading the linked articles, they don't support the blurb, particularly the claim Crossley is "admitting that he is running a scam job, sending out thousands of frivolous legal threats on the premise that a percentage pay up immediately to avoid legal hassles." He does come across as something of a jerk, but then, a lot of people probably say things about ex-wives.
  • Re:Wow. (Score:5, Informative)

    by tomhudson (43916) <barbara.hudson@ ... a - h u dson.com> on Saturday September 25, 2010 @08:41AM (#33696138) Journal
    No, actually, making false accusations in the hope of obtaining money is extortion. While the threat of legal action is specifically exempt, the threat of public embarrassment (accusing old people of downloading a gay porn video called "Army Fuckers") is not.

    Also, given that they claim to have "forensic computer evidence" when they do not (sorry, a date and time from a server log, without the hard disk in the server being removed to preserve the "evidence", and a proper chain of custody, is not "forensic evidence").

    This is why BritGov is investigating them.

  • by DevConcepts (1194347) on Saturday September 25, 2010 @09:02AM (#33696206)

    There is a difference!

    http://en.wikipedia.org/wiki/Extortion [wikipedia.org]
    Extortion, outwresting, and/or exaction is a criminal offense which occurs when a person unlawfully obtains either money, property or services from a person(s), entity, or institution, through coercion.

    http://en.wikipedia.org/wiki/Coercion [wikipedia.org]
    Coercion (pronounced /korn/) is the practice of forcing another party to behave in an involuntary manner (whether through action or inaction) by use of threats, intimidation, trickery, or some other form of pressure or force. Such actions are used as leverage, to force the victim to act in the desired way.

  • by drunkenoafoffofb3ta (1262668) on Saturday September 25, 2010 @09:02AM (#33696208) Journal
    No, you're being confused by the Virgin name. Virgin Media (the broadband provider) was sold to NTL. Although Branson owns shares in the company, it's not the same company as the record label -- indeed Virgin Media pay Branson a yearly fee just to use the Virgin brand. Further, the Virgin record label was sold off to EMI years ago.
  • by MichaelSmith (789609) on Saturday September 25, 2010 @09:06AM (#33696232) Homepage Journal

    Its been a scam for longer than the internet has been around.

  • by commodore64_love (1445365) on Saturday September 25, 2010 @09:07AM (#33696236) Journal

    Perhaps there's a difference legally, but I don't see any difference for the common man.

    "Pay us $5000 or else be prosecuted," is extortion in my mind, especially since it involves money. The law firms are acting like members of The Family. "Pay us money or else we'll rough you up."

  • by tomhudson (43916) <barbara.hudson@ ... a - h u dson.com> on Saturday September 25, 2010 @09:37AM (#33696362) Journal
    Legally, any attempt to get someone to do something by means of threats, etc except the threat of legal action is extortion. That's why you can threaten to sue someone, and it's not extortion. However, the way these were done crossed over the line, in that they also included false claims of having "forensic evidence", as well as the implied threat of public humiliation for being accused of downloading gay porn, and for asking for an arbitrary amount, rather than saying "these are the damages we've suffered." That last one is a killer - you cannot just ask for money - it has to be in relation to damages.

    Stores had a policy of catching teen-age shoplifters, then sending their parents a demand letter saying they wanted $300 for some nebulous "costs". The judges rightfully threw it out. When someone does you harm, you're entitled to be compensated. You may even be entitled to exemplary damages. However, unless there's an amount that is set by statute (which is why they're known as "statutory damages"), you can't just "pull a number out of the air."

    Trying to get what you, as a lawyer, should know the law does not allow, is extortion because your threat of legal action is being used to commit a crime. You no longer enjoy the "except threat of legal action" exemption.

  • Re:Pointless. (Score:2, Informative)

    by equex (747231) on Saturday September 25, 2010 @10:36AM (#33696624) Homepage
    Anyone could have gotten the file by going there at the right moment, regardless of whether he was part of the DDoS or not. If you put a bunch of files in the web server root while its still online, you can't argue that it wasn't meant to be published, because that is where you put files when you want to publish something. It would have been different if the files where obtained from another computer. (let's say you got into a command line on the web server and found out about samba shares and whatnot, to another office machine). It is a security blunder, but you can't blame anyone else for the results. IANAL.
  • by Roger W Moore (538166) on Saturday September 25, 2010 @10:39AM (#33696638) Journal

    I'd probably send a "fuck off" reply

    Please, if you are replying to a legal letter the correct response is "I refer you to the reply given in the case of Arkell v. Pressdram [wikipedia.org]".

  • Re:Pointless. (Score:3, Informative)

    by kurokame (1764228) on Saturday September 25, 2010 @10:51AM (#33696716)

    And probably all rendered inadmissible in court because they were obtained illegally.

    Bullpocky. They posted it to a public server, even if it was through incompetence. They're being presented in courts as technical experts, so that little detail should be absolutely no defense.

  • by MattBD (1157291) on Saturday September 25, 2010 @10:56AM (#33696734) Homepage
    TalkTalk definitely haven't - they were quite vocally opposed to the Digital Economy Act, and have publicly stated that they will never surrender customer's details unless presented with a court order.
  • by MattBD (1157291) on Saturday September 25, 2010 @11:22AM (#33696874) Homepage
    Sued - probably not. But they might well be at risk of prosecution. This is covered by the Data Protection Act 1998, one of the principles of which states that appropriate technical and training measures need to be taken against granting unauthorised access to data. If they are in breach of this they could well be prosecuted by the Information Commissioner's Office. DPA also requires that the data subject has consented to the processing, which makes me wonder whether by passing user data on to ACS:Law without a court order, ISP's are breaching the Data Protection Act.
  • Re:Wow. (Score:3, Informative)

    by tomhudson (43916) <barbara.hudson@ ... a - h u dson.com> on Saturday September 25, 2010 @01:11PM (#33697474) Journal
    Why don't you look it up yourself instead of demonstrating to the world that you're a moron?

    http://www.businessdictionary.com/definition/forensic-evidence.html [businessdictionary.com]

    Evidence usable in a court, specially the one obtained by scientific methods such as ballistics, blood test, and DNA test.

    A letter from BT is NOT "forensic evidence". http://legal-dictionary.thefreedictionary.com/Forensic+analysis [thefreedictionary.com]

    The application of scientific knowledge and methodology to legal problems and criminal investigations.

    Sometimes called simply forensics, forensic science encompasses many different fields of science, including anthropology, biology, chemistry, engineering, genetics, medicine, pathology, phonetics, psychiatry, and toxicology.

    The related term criminalistics refers more specifically to the scientific collection and analysis of physical evidence in criminal cases. This includes the analysis of many kinds of materials, including blood, fibers, bullets, and fingerprints. Many law enforcement agencies operate crime labs that perform scientific studies of evidence. The largest of these labs is run by the Federal Bureau of Investigation.

    Forensic scientists often present Expert Testimony to courts, as in the case of pathologists who testify on causes of death and engineers who testify on causes of damage from equipment failure, fires, or explosions.

    Modern forensic science originated in the late nineteenth century, when European criminal investigators began to use fingerprinting and other identification techniques to solve crimes. As the field of science expanded in scope throughout the twentieth century, its application to legal issues became more and more common. Because nearly every area of science has a potential bearing on the law, the list of areas within forensic science is long.

    Again, a letter from BT is not "forensic evidence", any more than a letter from YOU would be. By itself, it proves nothing, and can't even be used as evidence.

  • by tomhudson (43916) <barbara.hudson@ ... a - h u dson.com> on Saturday September 25, 2010 @01:22PM (#33697536) Journal
    You don't get it, do you? Whether they follow through with the threat is irrelevant, same as whether you walk out of a bank with the money is irrelevant after you say "This is a hold-up" and stick a gun in the teller's face and keep it there, or then put the gun away and say "Please fill up this sack with money."

    Heck, you don't even need to have a real gun.

    You don't even have to have a fake gun.

    Just the act of saying "I have a gun" is sufficient to be charged with armed robbery once they give you the money.

  • by tomhudson (43916) <barbara.hudson@ ... a - h u dson.com> on Saturday September 25, 2010 @01:30PM (#33697590) Journal
    Threats of legal action ae an exemption to extortion. (Nice little racket, isn't it?)

    However, when they step beyond the bounds of the law - for example, threatening to sue for monetary damages without actually being able to show any monetary damages OR statutory damages, and falsely claim to have forensic evidence, when the server logs in question were not yet properly analysed (sorry, but saying that a log shows that ip 11.22.33.44 was used at such-and-such a date, without any analysis having been performed to see if the date and time are correct, that the traffic transmitted was actually the content in question, and that the ip matched that person's computer (not their account), and falsely claiming that it is illegal to have an open wifi connection, they are now into extortion.

    It's why they're being investigated.

  • by Mashiki (184564) <[mashiki] [at] [gmail.com]> on Saturday September 25, 2010 @03:09PM (#33698170) Homepage

    Well let me point this out from Canada. In Canada coercion is illegal(unless it falls under a very limited set of exclusionary rules), and extortion is illegal. Don't do it, don't do it at all here. We will come down on you hard.

  • Re:has resulted? (Score:3, Informative)

    by Khyber (864651) <techkitsune@gmail.com> on Saturday September 25, 2010 @05:06PM (#33698966) Homepage Journal

    The fact they left it wholly unencrypted is one of the purest violations of the UK DPA.

    Disbarment, plus jail time, is likely.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (8) I'm on the committee and I *still* don't know what the hell #pragma is for.

Working...