Best Buy suing over e-mail porn scam

[InfoSec News <isn () c4i org>]

http://www.bizjournals.com/twincities/stories/2002/06/24/story7.html

Andrew Tellijohn   
Staff Reporter 
June 21, 2002 

The Twin Cities' largest electronics retailer believes it has fallen
victim to computer hackers. While it doesn't yet know the identity of
the perpetrators, the company is still taking them to court.

Best Buy Concepts Inc., an affiliate of Eden Prairie-based Best Buy
Co. Inc., has filed suit in U.S. District Court against unknown
defendants -- John and Jane Doe, to be precise -- who acquired a
BestBuy.com e-mail address and used it to send electronic pornography
messages to customers, potential customers and others.

Those messages, coded to indicate they were coming from Best Buy,
linked to pornographic "or otherwise offensive messages, text, or
materials," none of which were connected to Best Buy's goods and
services, the complaint said.

The company is suing for damages exceeding $75,000 and seeks a court
order prohibiting the defendants from further use of the Best Buy
name.

Best Buy declined further comment, citing a policy against discussing
ongoing litigation.

Observers of cybercrime say Best Buy is one of hundreds of companies
victimized by hackers.

Best Buy probably doesn't stand to lose much goodwill from the
messages because most consumers understand computer spam -- especially
hijacking of e-mail addresses -- is a frequent problem, said Mike
O'Connor, co-founder of St. Paul Internet service provider gofast.net.

"I get spammed with my own e-mail address on the average of once or
twice a day, as does almost anybody who is on the Internet for any
length of time," O'Connor said.

Best Buy could be harmed, however, if word got out to technology
neophytes who start worrying that, if the company can't protect its
e-mail addresses, it might not be able to protect credit-card numbers
as well.

"They want to be known as a sturdy, stable place," he said. "They want
to be trusted."

Still, getting anything out of the alleged hackers will be tough. It's
surprising Best Buy filed suit because it's likely the perpetrators
are from outside the country and won't ever be found, he said. "I
don't think Jane and John Doe are going to respond to the lawsuit."

Others disagree. While Internet service providers generally are
helpful in providing information when it comes to criminal fraud by
their clients, filing a lawsuit will assist Best Buy in gaining
additional information that might help them find the perpetrators,
said Eric Jorstad, a partner and Internet law specialist with Faegre &
Benson, Minneapolis.

Others commended Best Buy for at least reporting the crime. Most
victims don't, according to a recent national survey. Of 503
respondents to the Computer Security Institute's annual "Computer
Crime and Security Survey," 90 percent had detected computer security
breaches in the past year, and 80 percent suffered financial losses
from them. A total of more than $455 million was lost by 223
respondents.

Companies don't report to avoid negative publicity or they see it as a
business rather than a legal problem, said Paul Luehr, assistant U.S.  
Attorney and computer crimes coordinator for the U.S. Attorney's
Office in Minneapolis.

Luehr declined to comment on the Best Buy case, but said lack of
reporting makes it harder to bring perpetrators to justice.

Losses from computer crimes can be aggregated, and if a hacker creates
more than $5,000 worth of damage, that person can face federal felony
charges. "If there is some real dollar loss associated with [a
hacker's crimes], we'd like to hear about it," Luehr said.

He urged companies to promote prevention by updating program patches
and making computer security a companywide issue.

"Too often people tend to think of computers and computer security as
just being for freaks and geeks," he said. "We know it affects
everybody within a community or a corporation."

Best Buy has at least one observer rooting for it to pull off some
sort of win in the courts.

"There really is just hardly a lower life form than a porn spammer,"  
O'Connor said. "Anybody who can inflict pain on them -- I'm in their
corner."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.