company logo presented by rebecca henderson high-tech investigations related to consumer fraud ipma...
TRANSCRIPT
Company
LOGO
Presented by Rebecca Henderson
High-Tech Investigations Related To Consumer Fraud
IPMA Executive SeminarCampbell’s ResortOctober 15, 2008
Your Presenter
Rebecca Henderson Computer Investigative Specialist Consumer Protection Division’s High Tech Unit Washington Attorney General’s Office
Certifications CCNA Security+ CSFA i-Net+ C|EH
Agenda
Overview of the Consumer Protection Division What We Do High Tech Unit
Laws Related to Our Civil Investigations Consumer Protection Act Computer Spyware Act Unsolicited Commercial Email Canned SPAM
Examples of Actual Cases
Emerging Trends
Consumer Protection Division
10 attorneys and 43 professional staff
Enforces the Consumer Protection Act (RCW 19.86)
Investigates and files legal actions to stop unfair and deceptive practices
Recovers refunds for consumers and imposes penalties on offending businesses
Recovers attorneys’ fees and costs
Consumer Protection Division
Mission To secure a marketplace free from deceit and
unfairness and to promote fair methods of competition
Tools Education Informal Mediation Investigation and Enforcement Legislation
High Tech Unit
One of the most active and well-respected high tech fraud units (HTU) in the country
The division and its HTU was one of the first to enforce cases under both state and federal spam laws
One of the first in the country to pursue fraudsters under state spyware laws
Team is supported by a computer forensic expert and state-of-the-art high tech lab
Consumer Protection Act
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.86&full=true
Chapter 19.86 RCW Unfair competition, practices, declared unlawful
Attorney General may restrain prohibited acts
Demand to produce documentary materials for inspection, answer written interrogatories, or give oral testimony
Civil penalties $2,000 per violation Person, other than a corporation, not more than $100,000 Corporation, not more than $500,000
Computer Spyware Act
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.270&full=true
Chapter 19.270 RCW Unlawful activities
Modification of settings Collection of personally identifiable information Installation or removal of software Taking control of a computer Preventing installation of certain software Misrepresenting security software
Civil Penalties Enjoin further violations Recover actual damages or $100,000 per violation
Commercial Electronic Email
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.190&full=true
Chapter 19.190 RCW Unpermitted or misleading electronic mail
Commercial electronic text message
Civil actions Greater of actual damages or $5,000 per violation Up to three times the damages if defendant has engaged in a
pattern and practice of violation
CAN SPAM Act
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act)
Bans false or misleading header information Prohibits deceptive subject lines Requires that your email give recipients an opt-out
method Requires that commercial email be identified as an
advertisement and include the sender’s valid physical postal address
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3770
First case under Washington’s Computer Spyware Act
Advertised and distributed a product called Spyware Cleaner through:
SpamPop-up adsDeceptive hyperlinks
Six defendants sued for Spyware Act and Consumer Protection Act Violations
Cases – Secure Computer
Ad for Spyware Cleaner
Cases – Secure Computer
Free Spyware scan results always show Extreme Risk
Cases – Secure Computer
Pop up seen after exiting the program
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3982
First to Settle in State’s First Spyware Case Zhijian Chen, of Portland, Oregon, will pay nearly $84,000 in
fines and consumer restitution for marketing bogus anti-spyware software through deceptive means
Chen promoted Secure Computer’s Spyware Cleaner through Net Send messages
Stipulated Judgment Costs and Fees: $43,917.00 Restitution: $16,000.32 Civil Penalties: $24,000 Total Judgment: $83,917
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3840
Second to Settle in State’s First Spyware Case Defendant’s name allegedly used as an alias in business
transactions
Consent Decree Gary T. Preston will pay $7,200 in legal costs and attorney’s fees Prohibits him from assisting any person or organization in
disguising its identity from the public or law enforcement
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=4334
Third defendant to settle SethTraub advertised Secure Computer’s Spyware Cleaner
program using Google AdWords He will pay $2,000 in legal costs and attorneys’ fees.
Enjoined from (in the context of any advertising or sale): Using any trademarked terms Making any misrepresentations Making any unsubstantiated claims Using any terms that have the tendency or capacity to deceive
consumers
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=5926
Secure Computer Settlement Marketed and sold Spyware Cleaner on several Web sites
including myspywarecleaner.com and checkforspyware.com When tested on a computer that was deliberately infected with
spyware, Spyware Cleaner failed to detect some types of spyware
During the free scan, the software also surreptitiously erased a computer’s Hosts file
Judgments Costs and Fees: $725,000 Restitution: $75,000 Civil Penalties: $200,000 Total Judgment: $1,000,000
Cases – High Falls Media
http://atg.wa.gov/pressrelease.aspx?&id=4950
Promoted a software program called Spyware Slayer through deceptive means
Failed to disclose costs of a music download service until after consumers provided personal information
Cases – High Falls Media
Cases – High Falls Media
Cases – High Falls Media
Pop-up seen when closing www.freepcscan.com
Cases – High Falls Media
Results of free scan always show extreme risk
Cases – High Falls Media
www.247downloads.com represented as a “legal PTP” music, movie, game, and software download service
Cases – High Falls Media
Free Download Club actually requires monthly subscription for $29.95 a month to be a member
Cases – High Falls Media
Consent Decree
Civil Penalties: $300,000 (with $275,000 suspended upon compliance with this Consent Decree)
Restitution: refunds for consumers who purchased their products
Costs and Fees: $30.000
Total Judgment: $330,000
Cases – High Falls Media
Injunctions Using the word “free” without actual cost in
close proximity Representing a product or service as
“unlimited” when there are limits Creating a false sense of urgency in the
context of advertising Collecting personal information from
consumers without clear disclosure
Cases – Movieland.com
http://atg.wa.gov/pressrelease.aspx?&id=4286
Advertised a free, three-day trial offer that requires users to download software
After trial period, billing software was remotely activated causing a pop-up window to take up most of the screen
Clicking “Continue” launches a 40-second video
Prevented users from using Control Panel to uninstall the program
Cases – Movieland.com
Advertisement
Cases – Movieland.com
Advertisement
Cases – Movieland.com
Cases – Movieland.com
Cases – Movieland.com
Popup Demonstration
Audio Body
Kate
Cases – Movieland.com
Injunctions
May not use Internet to offer anonymous free trials to consumers located in the State of Washington.
Cannot collect payment for goods or services without a valid contract
Shall not distribute, download, or install any software program, code, script or other content without certification from user that he is the computer owner
Cases – Quikshield
http://atg.wa.gov/pressrelease.aspx?&id=4118
Advertised for a pop-up blocker using pop-up ads
Misrepresented security risks to induce consumers to install software for security purposes
Misrepresented advertisement as a “security alert”
Software could not be completely uninstalled by reasonable means
Cases – Quikshield
Cases – Quikshield
Advertisement
Cases – Quikshield
Cases – Quikshield
Pop-up seen if icon on system tray is closed and computer is rebooted
Cases – Quikshield
Cases – Quikshield
Total Judgment - $16,444.37 Injunctions
Failing to provide an operable uninstall function
Misrepresenting an advertisement as a Microsoft Internet Explorer security alert message
Misrepresenting security functions are not working properly
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=12328
Feigned the discovery of critical errors on a computer
Prevented a computer user from declining the installation of software
Modified computer settings
Intentionally misrepresented the necessity of new software for security purposes
Misled consumers into believing that registry-cleaner software had performed indicated repairs
Cases – SecureLink
Defendants
Manuel Corona, Jr Owner of SecureLink Networks LLC www.registryrinse.com Marketed and sold Registry Sweeper Pro and Registry Doc
Rudy O. Corella Owner of NJC Softwares, LLC www.registrydoc.com Marketed and sold Registry Doc, Registry Cleaner 32, and Registry
Cleaner Pro
HoanVinh V. Nguyenphuoc Owner of FixWinReg LLC Marketed and sold Registry Rinse, Registry Sweeper Pro, and
Registry Doc
Typical ad sent by Manuel Corona
Cases – SecureLink
Typical net send ads sent by Rudy Corella
Cases – SecureLink
Typical net send ad sent by Hoanvinh Nguyenphuoc
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=18078
HoanVinh V. Nguyenphuoc Owner of FixWinReg LLC Sent anonymous net send messages that simulated
security warnings
Stipulated Judgment Costs and Fees: $25,000 Civil Penalties: $75,000, with $75,000 suspended on
condition of compliance with all of the terms of the Decree
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=19692
Manuel Corona Owner of SecureLink Networks Intentionally misrepresented the extent software was necessary
for security purposes Induced consumers to download, install, and purchase Misrepresented the presence of critical errors on consumers
computers
Summary Judgment Costs and Fees: $141,020.45 Civil Penalties: $400,000.00
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=19692
Rudy Corella Owner of NJC Softwares Sent anonymous net send messages that simulated security
warnings Bundled TwikiBar with Registry Doc Hijacked home page settings
Summary Judgment Costs and Fees: $141,020.45 Civil Penalties: $400,000.00
Cases – Messenger Blocker
http://www.atg.wa.gov/pressrelease.aspx?&id=19416
Windows Messenger spammer
Bombarded consumers with ads for pornography and Viagra
Ads also instructed consumers to download and install Messenger Blocker
Once installed, ads would stealthily be sent from consumer’s computer
Cases – Messenger Blocker
Ad for PleasureRX
Cases – Messenger Blocker
Ad for College Degree without tests
Cases – Messenger Blocker
Ad for Messenger Blocker
Ad for Messenger Blocker
Cases – Messenger Blocker
Cases – Messenger Blocker
Ad for generic Viagra
Cases – Messenger Blocker
Ad
Cases – Messenger Blocker
Ad for Messenger Blocker
Cases – Messenger Blocker
Cases – Messenger Blocker
Program
Cases – Messenger Blocker
Task Manager is disabled
Cases – Messenger Blocker
Copyright warning
Cases – Messenger Blocker
Injunctions
Misrepresenting urgency, exclusivity, or need for products or services in the context of advertising
Using Net Send messages to promote any products or services
Using any form of advertising that simulates a an alert or security message
Cases – SubscriberBASE
http://www.atg.wa.gov/pressrelease.aspx?&id=19674
Advertised FREE laptops, HDTVs, digital cameras, etc.
Required completion of sponsor offers that would cost more than the value of the free gift
Consumer information became part of a database that was leased for commercial email use
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Consent Decree
Civil Penalties: $350,000, provided that $55,000 shall be payable and $295,000 suspended on condition of compliance with all of the terms of the Consent Decree
Restitution: refunds to consumers (potentially 2.7 million dollars)
Costs and Fees: $69,365.50
Cases – SubscriberBASE
Changes to disclosures
Cases – SubscriberBASE
Current Trends in Deception
Fake online spyware/antivirus scanners Uses trickery through JavaScript to simulate
scanning of computer Rogue registry cleaner programs
Label all results as “critical errors” Scan of registry does not actually occur
Hosting companies “ignoring” complaints Atrivo/Intercage
XP Antivirus
XP Antivirus
XP Antivirus
XP Antivirus
Changes to Spyware Act
Removes onerous requirements that hinder ability to prove cases against violators
Creates liability for Web hosting services who ignore violators’ use of their products or merchants who pay others to violate the law
Adds violations for new forms of spyware
Clarifies the standards for proof of violations and the circumstances under which actions may be brought.
Cases – RegistryCleanerXP
http://www.atg.wa.gov/pressrelease.aspx?&id=21026
New lawsuit using tougher legislation
Five causes of action against: James Reed McCreary IV Branch Software Alpha Red, Inc.
Advertised via Net Send messages
Registry Cleaner XP
Registry Cleaner XP
Registry Cleaner XP
Contact Information
Consumer Protection Division, TB-14Office of the Attorney General of Washington800 Fifth Avenue, Suite 2000Seattle, WA 98104-3188
Rebecca HendersonComputer Investigative Specialist(206) [email protected]