Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Spam The Courts Technology

Security Researcher and Alleged Spam Operator To Square Off In Court In Ugly Lawsuit (bleepingcomputer.com) 56

An anonymous reader writes: River City Media, the company accused of running a huge spam operation, has filed a lawsuit against the security researcher and the journalist who exposed their activities. In a ludicrous lawsuit complaint, the company claims the security researcher didn't just stumble upon its unprotected Rsync server, but "perpetrated a coordinated, months-long cyberattack," during which it skirted firewall rules to access its server, used a VPN to disguise his identity, deleted critical files, and published his findings to make a name for himself as an elite security researcher. The company claims the researcher accessed Dropbox and HipChat logs, and even its PayPal account, from where it used funds to purchase various domains. The only evidence the company has is that the person who purchased the domains used a ProtonMail email, just like the researcher, who also uses a ProtonMail email. Remind you, this is the same security researcher, Chris Vickery, who discovered a Reuters database of supposed terrorism suspects, national voter databases for various U.S. states and Mexico, and various other companies.
This discussion has been archived. No new comments can be posted.

Security Researcher and Alleged Spam Operator To Square Off In Court In Ugly Lawsuit

Comments Filter:
  • Defender's lawyers send over 1 billion boxes of documents after prosecution requested related materials.
    • Re: I can see it now (Score:5, Interesting)

      by saloomy ( 2817221 ) on Tuesday May 02, 2017 @02:26AM (#54339229)

      This happened to a client, they received a truckload of documents. We paid an outsourcing company a couple grand to scan them into an OCR program and used text search to find the proverbial nails for their coffin. With the newest bad-ass document solutions from big printer manufacturers. This isn't really that much of an issue anymore. Just drop a thousand sheets into the loader and press the button. A few days with a few temps, and you have your digital versions.

      • This happened to a client, they received a truckload of documents. We paid an outsourcing company a couple grand to scan them into an OCR program and used text search to find the proverbial nails for their coffin. With the newest bad-ass document solutions from big printer manufacturers. This isn't really that much of an issue anymore. Just drop a thousand sheets into the loader and press the button. A few days with a few temps, and you have your digital versions.

        I never understood why companies save everything; especially emails, working papers, etc. I worked for a company that had a strong document retention policy. We destroyed everything but our final inspection report once the final report was approved. Notes, electronic media, drafts, etc. were collected and shredded and HD were securely erased as well. Email was not used to discuss our inspections. This way, the only material available was our final report so nothing could be taken out of context in a suit ag

        • by gmack ( 197796 )

          Without those emails who gets blamed? Recently, I had someone tell me they didn't ask for what I did, what saved me? A months old email from them telling me to do exactly what I did. In another case, a judge sent a demand for a bunch of 3 year old emails(old sysadmin, old mail server), and we could not provide them the lawsuit with the customer did not go well after that.

          And then there are government retention laws, For example, we are required to keep call records for some countries for 10 years and we h

          • Yep, that goes both ways. If you have the documents, you can see and prove what was said. When you're right, that's a win.

            The big bonus of having documents is that when you have them, most conflicts can be resolved at the "minor misunderstanding" stage, well before it becomes a law suit. Somebody says "I told you X". You reply "oh, I'm sorry, I thought you said 'not X' in your email on January 3rd. Did I misunderstand? Let's discuss changing that. I guess I misunderstood your email, copied below."

          • That is why you have a document retention policy. Because if you do not. You have no reason NOT to produce old documents. If you have missing "old" documents needed in a court case. It looks like you destroyed evidence. But if all the records are gone so are your liabilities.

          • Without those emails who gets blamed? Recently, I had someone tell me they didn't ask for what I did, what saved me? A months old email from them telling me to do exactly what I did. In another case, a judge sent a demand for a bunch of 3 year old emails(old sysadmin, old mail server), and we could not provide them the lawsuit with the customer did not go well after that.

            And then there are government retention laws, For example, we are required to keep call records for some countries for 10 years and we have had demands for 7 year old information in the past.

            Not to mention it's sometimes just nice to go back and see how you did something a couple of years ago when a similar project happens again

            While you raise valid points, the documents I was referring to involved specific inspections for clients. The final report contained all the information needed and thus we destroyed all the working papers, inspectors notes etc. so that they couldn't be used in court and misinterpreted or otherwise used to paint a false picture of what we saw. For example, I might write in my notes while observing operations "The operator did not (do some critical step) ..." only to discover in the reconstruction later that

        • by Anonymous Coward

          The company I used to work for were so "afraid" of IT that EVERYTHING was copied and printed out. Even the receptionist had to write down thousands of callers telephone numbers everyday. They spent $100,000 on building a new archive building to put all these paper records in and in 2 years later they had to build an even bigger one and so on and so on.
          The biggest joke was that no one ever went to the archive to retrieve anything.

          Then 1 year ago the archive burnt down but the CEO then set about rebuilding un

  • by freeze128 ( 544774 ) on Monday May 01, 2017 @11:29PM (#54338903)
    Well, some firewall rules cannot be skirted. For instance, DENY ALL TRAFFIC TO PORT 22.
    • Confidentiality can be perfected by eliminating availability. That's by no means any news.

      And guess what, if you unplug the computer from power and hide the power cord, it cannot even be abused locally!

  • by Archfeld ( 6757 ) <treboreel@live.com> on Tuesday May 02, 2017 @12:21AM (#54339027) Journal

    We'd be up in arms if it was the FBI breaking into the systems to gather evidence of illegal activity with out a writ or warrant. Without the backing of the law the 'hacker' is and should be guilty of digital crimes, but that doesn't abrogate the guilt of the spammer, who should be relegated to a special hell for spammers and phishers. Private entities can get away with things law enforcement can't.

    • by Anonymous Coward

      Those that have a monopoly on force, special protections, and special privileges within society should be held to a higher standard.

    • the FBI would have just sent a goon squad over with guns to their offices and confiscated servers along with any other hardware and took them to a lab to analyse
    • by Muros ( 1167213 )

      We'd be up in arms if it was the FBI breaking into the systems to gather evidence of illegal activity with out a writ or warrant. Without the backing of the law the 'hacker' is and should be guilty of digital crimes

      I'm not sure that accessing a server exposed to the internet with no password on it really counts as "breaking in".

  • by StevenMaurer ( 115071 ) on Tuesday May 02, 2017 @01:41AM (#54339147) Homepage

    Then Chris Vickery not only will be able to defend himself, but may be able to countersue under New Jersey's anti-SLAPP laws (SLAPP = Strategic Lawsuits Against Public Participation - exactly what this suit seems to be). The penalties can be quite substantial, $280K in a recent case [scarincilawyer.com]. Not only that, but there is another New Jersey law that allows a judge to dismiss a case with prejudice within 45 days of the SLAPP filing. [law360.com] This is all cogent, because RCM is a New Jersey corporation.

    Furthermore, there is a shareholder group engaged in a proxy battle right now, saying that they see this as a desperate attempt to distract shareholders from corporate mismanagement [staffingindustry.com]. So this may not even get filed, depending on how the existing shareholders see this action>

    • by Picodon ( 4937267 ) on Tuesday May 02, 2017 @08:28AM (#54340245)

      This is all cogent, because RCM is a New Jersey corporation.

      You are probably thinking of another company, RCM Technologies [rcmt.com], located in Pennsauken (New Jersey). There are other unrelated companies with similar names, including a River City Media [rivcitymedia.com] located in Portland (Oregon).

      The spam operation operated by Matt Ferris and Alvin Slocombe seems run from Washington state, along with other companies that they have registered there under names like “Acetech USA”, “Cyber World Internet Services” and others, according to SpamHaus [spamhaus.org].

  • It looks like a beautiful lawsuit to me. It should be much more entertaining than most of 'em.
  • Judges love criticising people for their lack of common sense, now lets see how their common sense works out.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...