Click to call 602-307-0808 24/7 Click Here for Free Consultation

Computer Crime

The Dangers of File Sharing and Peer to Peer Networks

File sharing has been a big part of the counter-culture of legal and illegal music and movie downloads in the United States. Many file sharing programs that allowed the free flow of copyrighted files like Limewire, Napster, Bearshare, Frostwire, and the like have long been shut down by the U.S. Government (or switched their business models), but new software springs up all the time. For example, as soon as Limewire was shut down, Frostwire came out and today the most prevelant Peer to Peer software of today is bit Torrent. The cycle keeps repeating as bit torrent sites like The Pirate Bay, Demonoid, and others have faced government seizures of their physical servers located in other countries. The government may not be able to completely shut down all of the file-sharing software as it continues to morph into different models that make it undetectable. Many people praise these programs as means to download and own files for free that they would otherwise have to pay for, but what these people don’t realize is the inherent danger of downloading files from anonymous sources and sharing the same files out to strangers: namely, child pornography.

Helpful Link > Click the following links to view our Child Pornography Case Victories and view all of our Arizona Sex Crime Victories.

Here is a graphic showing the old way file sharing networks worked by each user connecting through a centralized server which is how the government was able to stop them, by legally choking off the central server:

(Images Courtesy of Vuze.com)

File Sharing Networks

And here is a graphic showing bit Torrent Peer to Peer networks where the user downloads and opens a torrent file which then connects the user to the peers who are seeding the files:

Peer to Peer Networks

One of the most important issues among the file sharing community in recent years has been the prosecutions relating to the possession and distribution of child pornography. Many of the defendants in these cases said that they were not even aware of the images that were stored on their computers. Images of child porn can be downloaded to your computer through a series of Trojan horses or by blindly downloading an entire directory that is shared with you through one of these peer to peer services. One common method of sharing child porn is the intentional mislabeling of filenames. For example, you may download a video named “Die Hard” thinking that you are getting a movie about Bruce Willis. Upon download, you might open the file and instead of finding a movie you find that it is actually hundreds or thousands of images of child pornography. Images of child porn are sometimes inserted into otherwise normal video files and may even go unnoticed by the person downloading the file. This example proves that you cannot be sure what is actually contained in the files you are downloading, which increases the risk of using any peer to peer file sharing software or methods. Remember, there is no file certification process since most of these files (movies, ebooks, software, etc) are being downloaded and shared illegally.

The most common way people are convicted of possession of child pornography, is by their permanent storage on your hard drive even after deleting it in several locations. With file sharing programs, the downloaded files go automatically into two folders: “Saved” and “Shared”. A third folder is created for “Incomplete or Temp Files” that a lot of people are unaware of. Files are labeled incomplete when they are deleted halfway through. You may not even be able to open these files, but the government can, and will attempt to prosecute and convict you for the possession of illegal images of children regardless of the folder they reside in.

The second charge of distribution of child pornography comes when you allow the program to share your files with other users. You may be doing this unknowingly as most file-sharing programs select this sharing option as a default setting. Even if you are unaware that the files you are sharing contain child porn, this act of sharing constitutes distribution.

So how does law enforcement track the child porn files? The government tracks files and images of child porn by looking at hash values. A hash value is the number of pixels a file contains. The government and law enforcement often knows the hash value of popular or commonly-shared child porn images. Any time that file is shared or downloaded; the government is alerted to the IP address of the user. They thereby obtain a search warrant and go about finding said files on your computer, upon which they arrest the user.

There are conspiracy theories out there that the government uses images of child porn to set people up for conviction. People use this to explain the surge of conviction among political rivals and other important people in society. This ruins their reputation and labels them a sex offender for the rest of their lives. Though this rumor does not have much traction, it is wise to avoid the possibility altogether by abstaining from P2P file sharing sites.

Here is a video David Michael Cantor made when Limewire was in the news in Oct 2010:

Here is another video where David Michael Cantor explains the dangers of file sharing:

Every state in the US has laws regarding the possession and distribution of child pornography. For example, here in Arizona the law is A.R.S §13-3553 “Sexual Exploitation of a Minor” (i.e. “Child Pornography”) and it is a class two (2) felony.  In Arizona, the minimum prison term is 10 years per image, if convicted. If you are facing child pornography charges, it’s a good idea to find yourself a defense attorney who has experience with these types of cases and also works with a good computer forensics expert.

If you have legal questions about Sexual Exploitation of a Minor and Child Pornography possession and distribution, please give our office a call at (602) 307-0808. If you are in the pre-charge phase or have already been charged, please call us for a free case review. The free consultation will last about 30 minutes and one of our defense attorneys will give you their professional opinion with your case.

Fraud Law from 1980’s creates dangerous situation for employees

In the 1980’s computer hacking was something that most Americans only heard about in Science Fiction. The few people who had a computer at their home did not have an Internet connection and there was no online shopping. However Congress still needed to pass some sort of fraud law that allowed it to prosecute criminal hackers, more appropriately labeled crackers. So they passed the US Computer Fraud and Abuse Act. Unfortunately they were a little vague in their wording and many analysts feel have left open a wide interpretation of the law where it says it is illegal to “intentionally access a computer without authorization or exceed authorized access.”

This line could be used to prosecute workers using a company computer to buy things on Ebay, it is argued. Experts think that this will probably end up in the Supreme Court of the United States after the 9th Circuit threw out a case. In this case the defendant was charged after he asked colleagues to download client names from a recruiting firm. He argues that he did not break any law as he had permission to access the database.

Computer Fraud and Abuse Act: The 1980s-Era Hacking Law Out Of Step With Today’s Internet, Analysts Say

Reuters | By Grant McCool
Posted: 07/29/2012 10:43 am Updated: 07/30/2012 9:23 am

NEW YORK (Reuters) – A 1984 U.S. anti-hacking law passed when computer crime was in its infancy is under fire for potentially going too far in criminalizing the actions of employees who violate workplace policies.

Judges across the country are divided on how the 28-year-old law, the U.S. Computer Fraud and Abuse Act, can be applied. At the same time, the Justice Department has signaled it wants to ramp up prosecutions under the law, even as it has lost some cases.

Civil liberties advocates and some lawyers and judges are questioning whether the CFAA, intended to punish hackers and other trespassers who damage computer systems or steal customer information, can be used to prosecute people inside a company who download sensitive data without their employers’ approval.

The debate is centered around a key phrase in the law: that it is illegal to “intentionally access a computer without authorization or exceed authorized access.” Critics argue this language is too broad and vague and could turn ordinary people into criminals for things many do routinely, such as dabble in online shopping or scan an online matchmaking site at work.

“This statute has the potential to affect millions of Americans in the workplace who work at or use a computer to do their job,” said Brent Cossrow, a partner at law firm Fisher & Phillips in Radnor, Pennsylvania, which specializes in computer breach cases. “Hopefully, it gets cleared up soon.”

BOUND FOR SUPREME COURT?

A split decision in April by the 9th U.S. Circuit Court of Appeals in San Francisco could be the case that forces the U.S. Supreme Court to examine the law’s reach.

In a 9-2 ruling, the appeals court threw out criminal charges brought under the law against David Nosal, a former managing director at executive search firm Korn/Ferry International. Nosal was indicted in 2008 for allegedly persuading colleagues to download confidential source lists and contact information from the firm to use at his new business.

Three co-defendants pleaded guilty to CFAA violations. But Nosal fought the charges, arguing that he and his colleagues had been authorized to access the company’s database. The appeals court supported Nosal’s argument, and threw out the CFAA charges against him, though he still faces separate charges of trade secrets theft in U.S. District Court in San Francisco.

The 9th Circuit ruling was suspended to give the Justice Department time to consider petitioning the Supreme Court to review the case. If the Supreme Court were to hear the matter, it could potentially be on the docket for the upcoming term.

The Justice Department, which declined to comment on the case, has until August 8 to decide whether to seek Supreme Court review.

Nosal’s lawyer, Steven Gruel, said his client wants to exonerate himself. “He’s always said he did nothing wrong.”

NEW SCENARIOS

If the high court does not take the Nosal case, legal experts say, little is likely to get settled in the near future over how and when the law can be applied.

The CFAA was crafted before the Internet was omnipresent in the workplace. Employees today have vastly more sensitive company information accessible on their computers, leading to scenarios that the writers of the law may never have envisioned.

Some companies, such as Oracle Corp, which filed a brief supporting the Justice Department against Nosal, say such criminal prosecutions are justified.

Oracle said Congress rooted the statute in common-law trespass doctrines.

“Among them is the concept of restricted authorization: a person commits trespass not only when he or she enters property or a portion of it when told not to; a person commits trespass also when he or she has authorization to enter for some purposes but enters for different ones,” the brief said.

Critics say the statute, which carries civil and criminal penalties, could be abused by employers.

The precedent that develops largely in the context of a private, workplace dispute “becomes something that people can go to jail for, and that’s really dangerous,” said Marcia Hoffman, senior staff attorney with the Electronic Frontier Foundation, a non-profit civil liberties organization.

Potential criminal penalties under the law range from one year to 10 years in prison, if the offense involves information relating to U.S. national security.

Prosecutors have brought about 550 federal criminal cases under the CFAA and related computer fraud laws in the past 5-1/2 years, according to court filings reviewed in Westlaw, a legal data division of Thomson Reuters. Over the same period, nearly 500 civil lawsuits were brought in private disputes citing the CFAA and related laws, the filings show.

The Justice Department wants to expand the penalties and prosecutions under the act, an Obama administration official told a hearing on Capitol Hill in November. Richard Downing, deputy section chief for computer crime and intellectual property, said it was important to retain the provisions of the law that apply to employee-use agreements.

Removing that section of the law “could make it difficult or impossible to deter and punish serious threats from malicious insiders,” he told the Crime, Terrorism and Homeland Security Subcommittee of the House Judiciary Committee.

If the Justice Department were to go to the Supreme Court and lose over the CFAA, it would remove an arrow in its quiver for prosecuting those “insider” computer abuse cases.

Congress has partially addressed the issue while crafting new cyber security legislation. One possible amendment to a bill pending in the U.S. Senate would narrow criminal cases to exclude relatively innocuous violations of agreements governing the use of private computers, such as a social-network user signing up under a pseudonym.

MIXED RULINGS

In February, the U.S. government lost another case involving an employee who had accessed company data, a case that also raised questions about use of the hacking statute.

That case involved a former Goldman Sachs Group Inc programmer, Sergey Aleynikov, who was accused of stealing code used in the bank’s high-frequency trading system before leaving for a new company in Chicago.

Before Aleynikov went on trial, U.S. District Judge Denise Cote dismissed the charges brought under the CFAA, saying the government’s interpretation “could convert an ordinary violation of the duty of loyalty or of a confidential agreement into a federal offense.” But she let trade-secrets charges against him stand, and in December 2010 Aleynikov was found guilty.

That conviction was thrown out earlier this year by the 2nd U.S. Circuit Court of Appeals, and Aleynikov was freed after serving one year of an eight-year prison term.

The Nosal and Aleynikov cases conflict with an earlier appeals court ruling. That case was a civil dispute between a real estate developer, Jacob Citrin, and his former employer, International Airport Centers LLC. The 7th U.S. Circuit Court of Appeals in Chicago ruled in 2006 that Citrin violated the CFAA by installing a program that deleted files on a company laptop as he was departing for another job.

Citrin was not criminally charged and his case was settled on undisclosed terms, but a Justice Department guide for prosecutors on the CFAA points to the 7th Circuit ruling as “the leading authority” for the position that when an employee is doing something disloyal to an employer, authorized access to the computer ends under the law.

Citrin’s lawyers, Ronald Marmer and John Koch, of Jenner & Block in Chicago, had no comment. Citrin is now CEO of Cargo Ventures in Doral, Florida, according to his company’s web site.

Unless the Supreme Court ultimately weighs in, the inconsistent decisions will continue, said lawyer John Dozier, of Dozier Internet Law, a Glen Allen, Virginia law firm.

Without clarity, he said, “what is going to be illegal in one part of the country is not illegal in the other.”

The cases are USA v David Nosal in the 9th U.S. Circuit Court of Appeals 10-10038 and International Airport Centers LLC v Jacob Citrin in the 7th U.S. Circuit Court of Appeals No. 05-1522 and USA v Aleynikov, U.S. District Court for the Southern District of New York 10-00096.

(Editing by Martha Graybow, Edward Tobin and Leslie Gevirtz)

Child Pornography Cases and Computer Forensics

Today David Michael Cantor, a Sex Crime Defense Lawyer, based in Phoenix, AZ, discusses Child Pornography Cases and Computer Forensics.

As David mentioned in last years video post about Limewire closing down, more people are finding themselves on the wrong end of the law because of various file sharing programs. Almost immediately after Limewire closed the network was shifted over to Frostwire allowing people to continue to download files from other users computers easily and with unforeseen dangers. As David explains again, but in more detail in this video, when you download files from other peoples computers it is very easy to unknowingly download child pornography and other files that can result in decades of prison time.

In this video David goes into further technical detail about how various files end up on your computer. Even when you delete a file from your computer there can still be parts of the file on your computer that can be used as evidence against you.

If you do find yourself or someone you know in trouble for this type of activity it is important that you get competent and experienced legal representation. It is also critical that a computer forensics expert be involved as well.

Tami Loehrs: Computer Forensics Expert (520) 219-6807

Kim Hart: False Allegation of Abuse Trial Consultant (419) 868-6016

Click Here for Free ConsultationComparison Questions to Ask when Hiring a Lawyer