Results 1 to 8 of 8
  1. #1

    Anti-fraud issues response

    Hello guys,
    I work for a company that is specialized in Cyber Inspection, being anti-fraud a big part of our job.

    One of the main problems we face, though, is with the long time it takes for the provider/domain owner to act and remove the content.
    As you must be aware, after detecting the phishing or whatever it is we contact the provider/domain owner and Cert of the country where the fraud is being hosted and ask for the removal of the content. The problem is that, more than taking too long, most of the times the providers do not provide a direct line or contact for us to follow up and it sometimes takes days before we get any information (if so)so we never know for sure if the problem has ben adressed and so.

    We understand that sometimes a provider receives lots of tickets per day and that they have to analyse that and so, but wouldn't it be the case to have a specific channel to deal with companies that deal with this kind of issues since, theoretically, the case has aleady been analysed?

    I know that trust and reliability are also crucial points for that, but do you believe that closer work and better relationship between companies like us and providers (and why not governments and police) would help a lot by stabilishing standards and procedures and mutual cooperation?

    I would really appreciate your thoughts on that and your view about how it should work.

    Thanks

  2. #2
    Well, legally a webhost shouldn't really be doing much followup with a third party private company.

    They should only reveal non-publicly available details about a website in response to a valid court order from a country with jurisdiction over the host. Or, in terms of extremely egregious content such as if they find child exploitation, they should voluntarily report private details to the government law enforcement agencies.

    Besides giving you an e-mail verifying that they received your complaint and are looking into it, there is not anything they should be able to tell you further, except possibly if they removed the content.

    As you can visit (or have someone code a script) that can visit all of the URLs that you report to check if the content is gone, that really is not actually even necessary for them to do.

    tl;dr webhosts should not reveal anything beyond publicly available information unless given a court order.

    As for a dedicated way to contact a provider, for most providers having one guy that sits around to listen to complaints is not feasible due to the cost. If you are not able to find a way to contact a provider, run a whois on the IP address the site is hosted on, and an abuse contact e-mail will be displayed which you can make your report on.

    Edit: You mentioned about governments and police needing help as well. I guarantee you someone from a Federal organization such as the FBI will be able to get a dedicated person they can contact about a certain issue. They may send in a ticket originally, but if they ask for a direct extension they will be given one. The difference between the FBI and you is that the FBI is a government organization with jurisdiction over the company. You are a private third party, with no jurisdiction.

  3. #3
    Hi Dr Carter, than ks for your reply.

    Our main problem today is exactly this "lack of responsibility" that we see when it comes to fraud.
    We do not actually ask for any further information... all we ask is that the phishing site, for example, is shut down or made unavailable. We do not ask for any further information, we actually give the exact location of where the fraud is with logs and everything. The problem is the uptime, as every hour that a phishing site is on, for example, can mean thousands of dollars being stolen, so, in this case, time is definitely money. Due to the huge amount of web based fraud nowadays, it's just not reasonable to expect that we get a court order for every fraud case we detect as that would lead to more delays and, again, it would be still profitable for the cyber criminals. And that's where "the gap" is and and that cybrecriminals take advantage of to act.
    Due to the nature of the web it's just not possible nowadays to detect all the crime that's made there and that's exactly why cibercrime has grown so much... it's a whole world with very few people fighting crime.

    Basically, there ate 3 steps when you have a fraud case:
    1st - you identify and detect a fraudulent site.
    2nd - you remove the fraudulent content
    3rd - you investigate who is doing the fraud.

    If you relate that to any other kind of regular crime, the police would be responsible for those 3 steps. But you could get the help of actually anyone.
    For example, if I see anyone breaking into a house, I don't have to wait until someone from the police passes by and sees what's going on to act. You can call the police yourself, which means, you are doing the 1st action. You can even shout or do whatever to try and make the guy leave or not finish breaking into, something to stop the act, that is the 2nd action. Now, once police arrives, it's their job to investigate who was breaking in and arrest the guy. That is something that we cannot (or should not) do.

    We, as any other anti-fraud company, can detect the crime, the 1st action, and that's how far our arms reach. ISP or anybody in control of the servers can make the ilegal content unavailable, 2nd action. For the 3rd action, we should send the info to the police for them to decide how to proceed with the investigation.

    The way I see is that we cannot wait for police and expect that they act for every case of phishing we have, especially because the criminals are all over the world, acting trhough differemt servers all over the world and we do not have enough legislation about how to react, simply because the web has no bounds and it's just like a paralel world where nobody has controll over, which is great for some reason, but terrible when it comes to cybercrime.

    I understand that there's a very delicate issue about removing or making content unavailable when it relates to Intellectual Propery misuse or any other kind of abuse because they are sometimes subjective and so, but for fraud cases it is very clear. Fraud is a crime and when it's detected there's no way you can argue if it is a fraud or not. It's very clear.

    From my point of view, I believe the main problem is that most ISP have only one channel to deal with all kinds of abuse and the fraud cases go together with all the others. While the others really need to be analysed and so, I think fraud should be much more simple and straight away.

    Also, I believe that since the police cannot inspect wthe whole web 24/7, they should take advantage of the security companies which do the first part of the job for them, and that the ISP could help doing the 2nd part of the job, at least untill somethings is set and we have global standard procedures.

    Actually, I am here to braistorm with you guys, to try and understand your way of thinking and how you think we could solve this issue.

  4. #4
    At minimum, the hosting provider only has to follow laws within their jurisdiction. Absent any applicable law for other issues, they'll decide how to handle the rest within their means.

    Thus, try to understand their policies or perspectives and work with those.

  5. #5
    Hi Dave, Thanks for your reply.

    I understand that the reality today, the only thing that the provider HAS TO do is to follow the law, but since the debate about legal aspects of cybercrime are just starting to be discussed, my question is more aabout what COULD or SHOULD be done other than what HAS TO be done, since the laws just seem not to be effective enough, to try and find procedures that could work for everyone.

  6. #6
    The best success you will have is to cite the section of the TOS of the host the person is breaking when you submit your complaint.

    Most all providers won't ignore something that you can directly equate to breaking their TOS.

    Basically, the cooperation and channels you talk of basically can only be met by providers having to follow a legal clause that either directly establishes or implies (and the length set through practiced law) that a provider must decide to remove a site that breaks a law in X amount of time such as 48 hours.

    Of course, under various acts alot of the responsibility has been moved from providers to enforce the law to courts to enforce it. For example, consider DMCA and the SPEECH act in the USA. Each require legal documentation to be sent to a host, the SPEECH act a court order.

    A host cannot place judge and jury; they are not qualified and that is what the courts are for. That is why I believe you will have your most success citing the hosts own TOS, as they wrote it themselves and know how to intrepret it.

  7. #7
    Quote Originally Posted by dr carter View Post
    The best success you will have is to cite the section of the TOS of the host the person is breaking when you submit your complaint.

    Most all providers won't ignore something that you can directly equate to breaking their TOS.

    Basically, the cooperation and channels you talk of basically can only be met by providers having to follow a legal clause that either directly establishes or implies (and the length set through practiced law) that a provider must decide to remove a site that breaks a law in X amount of time such as 48 hours.

    Of course, under various acts alot of the responsibility has been moved from providers to enforce the law to courts to enforce it. For example, consider DMCA and the SPEECH act in the USA. Each require legal documentation to be sent to a host, the SPEECH act a court order.

    A host cannot place judge and jury; they are not qualified and that is what the courts are for. That is why I believe you will have your most success citing the hosts own TOS, as they wrote it themselves and know how to intrepret it.
    I think that pretty much covers it.

  8. #8
    Hi guys,

    This is a valid point relate to their TOS, but we end up with the same problem as, when a ticket is sent, it will most probably end up at the same mailbox together with all the other abuse e-mails and more than that, sometimes even citing the TOS does not work.

    But, from what I could see, and I would appreciate to know if you see it the same way, is that, generally speaking, for legal and procedures matters, most cases of cybercrime are treated the same way as intellectual property/privacy related crimes. By the name of the DMCA (Digital Millenium COPYRIGHT Act, you can see that the main focus is to fight piracy and Copiright Issues and in most cases the procedures that might work for copyrights(I say might because, as you know, there's a lot of discussion out there), are not effective against fraud as the crimes are very different in it's essence.

    so, summarising, according to what we've been discussing, I gues I could raise the following points as crucial for the problem:
    - Lack of specific legislation for fraud
    - lack of specific prodecures for fraud

    Do you believe that the laws that were created to "protect" copyrights and privacy ended up protecting also cybercriminals?
    Do you agree that dissociating fraud from copyright crimes could lead to an improvement and have positive effects for everybody (despite the criminals )?

    Thanks again guys for giving me de opportunity of duscussing that with you.

Similar Threads

  1. Replies: 0
    Last Post: 10-17-2011, 04:42 AM
  2. NiX API - Total ANTI-FRAUD/ANTI-PROXY API solution for webmasters.
    By GameFrame in forum Other Hosting Offers
    Replies: 0
    Last Post: 06-06-2011, 01:41 PM
  3. Replies: 0
    Last Post: 12-03-2010, 12:18 PM
  4. Anti Fraud Steps
    By Shortcirk in forum Running a Web Hosting Business
    Replies: 3
    Last Post: 04-17-2005, 12:45 PM
  5. Challenge/Response Anti-spam Filter
    By davet in forum Hosting Security and Technology
    Replies: 6
    Last Post: 01-05-2005, 10:13 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •