CDR: Good work by FBI and SEC on Emulex fraud case
Tim May
tcmay at got.net
Fri Sep 15 18:58:37 PDT 2000
I just watched the live press conference by the FBI, District
Attorney's Office, and SEC folks. The full story should be on Yahoo
and other news sites. The gist is that an arrest was made this
morning.
A former Internet Wire employee, who left in early August, was the
arrestee. Internet Wire was of course the service which passed on the
false press release.
The e-mail was traced back to a public access computer at El Camino
Community College, in the LA area. The arrestee was enrolled during
the summer at this college, was known to use these computers, and in
fact was seen last Thursday night using the public computers, at the
time when the e-mail was sent from one of these computers (in a media
lab of some sort).
The cops apparently correlated former and current Internet Wire (and
probably other companies, like Emulex, Bloomberg, PR Newswire, etc.)
with employees and students at El Camino.
The FBI/SEC obtained his stock trading records, determined that he
had shorted Emulex at around $70, had then lost a lot of money as
Emulex went up above $100, and then had bought stock in Emulex as the
stock fell to $45 after the hoax. (There may have been various put
and call trades...consult the detailed stories.)
In short, this was classic FBI and law enforcement legwork:
correlations, subpoenas, and, as appropriate and with warrants,
searches and arrests.
Kudos.
I mention this here on Cypherpunks because this is an example of how
law enforcement should work.
By contrast, imagine the enforcement protocol in a Big Brotherish
world of intercepts, escrow, bans on encryption, etc.
There _was_ some rhetoric at the press conference about "hiding
behind the Internet." Of course, this message was not "strongly
untraceable." It was almost trivially traceable. And traced to a
former employee (probably disgruntled, but I am only speculating) of
Internet Wire who had specific knowledge of how press releases were
handled, how the authentication could be spoofed, etc.
Now, what if the perp had used "Cypherpunks technologies"? Aside from
the likely subpoenas of Anonymizer, Inc., and varous remailers, the
cops could have sought search warrants of the employees who departed,
obtained records of their stock trades, etc.
Someday, truly strong methods will be more widespread. Along with
trading accounts unlinkable to meatspace names.
Will this thwart such efforts to catch fraudsters? To some extent, yes.
However, such a world will produce other changes which work in the
other direction. Digitally-signed press releases, for example, are
easy to do. (And I expect them to start happening Real Soon Now.
Possibly with the strong urging of the SEC and others.)
So, kudos to the FBI and SEC for their detective work. And let it be
a lesson that we don't need a Big Brother world to stop computer
crime.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
More information about the cypherpunks-legacy
mailing list