Nov 302009
 November 30, 2009  Posted by  Court, Featured News, Online, U.S.

At the request of the Federal Trade Commission, a federal judge has ordered the mastermind of a vast international spam network to pay $15.15 million in a default judgment for his role in what was identified by the anti-spam organization Spamhaus as the largest “spam gang” in the world. The spam gang deceptively marketed products such as male-enhancement pills, prescription drugs, and weight-loss pills. Ringleader Lance Atkinson, a New Zealand citizen and Australian resident, last December admitted his involvement in the spam network to New Zealand authorities and has already paid more than $80,000 (nearly $108,000 New Zealand dollars). Atkinson’s accomplice, U.S. resident Jody Smith, agreed to an order requiring him to turn over nearly all of his assets to the FTC, to settle FTC charges.

Atkinson and Smith recruited spammers from around the world, according to the FTC’s complaint filed last year. The spammers sent billions of e-mail messages directing consumers to Web sites operated by an affiliate program called “Affking,” according to the complaint. By using false header information to hide the origin of the messages, and by failing to provide an opt-out link or list a physical postal address, the defendants are alleged to have violated the CAN-SPAM Act of 2003.

The FTC charged that, using the “Canadian Healthcare” brand name and other labels, the defendants’ spam messages deceptively marketed a male-enhancement pill, prescription drugs, and a weight-loss pill in violation of federal law. They falsely claimed that the medications came from a U.S.-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex, and Zoloft. In fact, the defendants do not operate a U.S.-licensed pharmacy, and the drugs they sold were shipped from India, had not been approved by the FDA, and were potentially unsafe.

The FTC also alleged that Atkinson and Smith made false claims about the security of consumers’ credit card information and other personal data consumers provided when they bought goods. In operating the online pharmacy, which was called “Target Pharmacy” and later “Canadian Healthcare,” the defendants’ Web site assured potential consumers that “TARGET PHARMACY treats your personal information (including credit card data) with the highest level of security.” The Web site went on to describe its encryption process, which supposedly involved “Secure Socket Layer (SSL) technology.” However, there was no indication that consumers’ information was encrypted using SSL technology.

A U.S. district court last fall ordered an asset freeze and a halt to the spam gang’s operation, which was responsible for sending potentially billions of illegal spam messages, and has accounted for more than three million complaints.

The court has since issued a default judgment against Atkinson, his company, and three companies affiliated with Smith. In addition to the $15.15 million that Atkinson and his company have been ordered to pay, the three companies affiliated with Smith are liable for $3.77 million. All five defendants are prohibited from making unlawful claims about male enhancement products, hoodia products, and any dietary supplement, food, drug, or service purported to provide health-related benefits; from misrepresenting that they can lawfully sell prescription drugs or pharmacy services over the Internet; from misrepresenting the data security measures they provide on their Web sites; and from violating the CAN-SPAM Act.

To settle FTC charges that he helped illegally send spam e-mails to millions of consumers as part of a campaign to peddle prescription drugs and supplements that were phony and potentially dangerous, Smith will turn over nearly all his assets. Under the terms of the settlement, Smith will pay approximately $212,000. He also will assign any rights he has to $91,000 frozen in the name of one of his co-defendants, and $547,000 that may be held for his benefit in an Israeli bank.

The settlement order also prohibits Smith from violating the CAN-SPAM Act and from making deceptive claims related to either the sale of prescription drugs or pharmacy services over the Internet or the security of Web sites that sell any product or service. Smith is required to substantiate any claims about the benefits or safety of any dietary supplement, food, or health-related service.

Smith pled guilty in August 2009 to the criminal charge of conspiracy to traffic counterfeit goods, and faces up to five years in prison. He is scheduled to be sentenced in December in U.S. District Court for the Eastern District of Missouri.

In a related development, New Zealand authorities announced earlier this month that Atkinson’s brother, Shane Atkinson, and another New Zealander will pay nearly $112,000 ($150,000 New Zealand dollars) collectively for sending spam e-mails as part of the scam.

The Commission vote authorizing the filing of a stipulated permanent injunction settling the case against defendant Jody Smith was 4-0. A $15.15 default judgment against Atkinson and his company, Inet Ventures Pty Ltd.; a $3.77 million default judgment against the remaining three corporate defendants, Tango Pay, Click Fusion, and Two Bucks Trading; and the stipulated permanent injunction against Smith were entered by the U.S. District Court for the Northern District of Illinois on November 4, 2009.

Additional documents on the case can be found on the FTC’s site.

Source: Federal Trade Commission

Nov 302009
 November 30, 2009  Posted by  Breaches, Non-U.S.

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples.

Download the guide here (pdf). The full press release can be found here.

Nov 302009
 November 30, 2009  Posted by  Breaches, Online

Paul Hoynes reports:

MLB is requesting that risque pictures of Indians center fielder Grady Sizemore be removed from the Internet site that posted them Sunday.

As of early Monday afternoon the pictures were still posted along with MLB’s request from its Department of Investigation to remove them.

Sizemore told The Plain Dealer on Sunday night that the pictures were intended for his girlfriend, but were stolen from an e-mail. Sizemore is reportedly dating Brittany Binger, a former Playboy Playmate.

In part, MLB’s e-mail to the website said, “The photos posted in the article cited below are the property of Grady Sizemore. They were stolen from a personnel (sic) computer. We’ve begun an investigation and request that you immediately remove Mr. Sizemore’s property from the posting.”

Read more in The Plain Dealer. The Cleveland Leader provides a slightly different report, indicating that the photos were stolen from Binger’s e-mail, not Sizemore’s. The e-mail, supposedly from Neil Boland, Department of Investigations for MLB to deadspin:

The photos posted in the article cited below are the property of Grady Sizemore. They were stolen from a personal computer. We’ve begun an investigation and request that you immediately remove Mr. Sizemore’s property from the posting. We also ask that you preserve any records associated with its submission in anticipation of a criminal complaint to be filed with local law enforcement.


Of course, by now the photos have been mirrored on other sites.

Nov 302009
 November 30, 2009  Posted by  Breaches, Court

From staff at the Austin American-Statesman:

A Southwest Austin middle school teacher was arrested last week for breach of computer security, according to school district police.

School district police arrested Covington Middle School teacher Robert Brent Scott, 42, on Nov. 23, saying he accessed the computer of his ex-wife, also a school district employee, to obtain her personal information.

School district police said Scott had installed a program on his ex-wife’s computer that allowed him to monitor her usage.