I just watched the live press conference by the FBI, District Attorney's Office, and SEC folks. The full story should be on Yahoo and other news sites. The gist is that an arrest was made this morning. A former Internet Wire employee, who left in early August, was the arrestee. Internet Wire was of course the service which passed on the false press release. The e-mail was traced back to a public access computer at El Camino Community College, in the LA area. The arrestee was enrolled during the summer at this college, was known to use these computers, and in fact was seen last Thursday night using the public computers, at the time when the e-mail was sent from one of these computers (in a media lab of some sort). The cops apparently correlated former and current Internet Wire (and probably other companies, like Emulex, Bloomberg, PR Newswire, etc.) with employees and students at El Camino. The FBI/SEC obtained his stock trading records, determined that he had shorted Emulex at around $70, had then lost a lot of money as Emulex went up above $100, and then had bought stock in Emulex as the stock fell to $45 after the hoax. (There may have been various put and call trades...consult the detailed stories.) In short, this was classic FBI and law enforcement legwork: correlations, subpoenas, and, as appropriate and with warrants, searches and arrests. Kudos. I mention this here on Cypherpunks because this is an example of how law enforcement should work. By contrast, imagine the enforcement protocol in a Big Brotherish world of intercepts, escrow, bans on encryption, etc. There _was_ some rhetoric at the press conference about "hiding behind the Internet." Of course, this message was not "strongly untraceable." It was almost trivially traceable. And traced to a former employee (probably disgruntled, but I am only speculating) of Internet Wire who had specific knowledge of how press releases were handled, how the authentication could be spoofed, etc. Now, what if the perp had used "Cypherpunks technologies"? Aside from the likely subpoenas of Anonymizer, Inc., and varous remailers, the cops could have sought search warrants of the employees who departed, obtained records of their stock trades, etc. Someday, truly strong methods will be more widespread. Along with trading accounts unlinkable to meatspace names. Will this thwart such efforts to catch fraudsters? To some extent, yes. However, such a world will produce other changes which work in the other direction. Digitally-signed press releases, for example, are easy to do. (And I expect them to start happening Real Soon Now. Possibly with the strong urging of the SEC and others.) So, kudos to the FBI and SEC for their detective work. And let it be a lesson that we don't need a Big Brother world to stop computer crime. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.