Nosal Update: Ninth Circuit Hears Oral Arguments on Password Sharing and Scope of Computer Fraud and Abuse Act

2 12 2015

Seyfarth Shaw

October 28th, 2015

Amy Abeloff & Robert B. Milligan
On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA).   In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.

more.

The content in this post was found at http://www.tradesecretslaw.com/2015/10/articles/computer-fraud/nosal-update-ninth-circuit-hears-oral-arguments-on-password-sharing-and-scope-of-computer-fraud-and-abuse-act/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TradingSecrets+%28Trading+Secrets%29 and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

 



Joomla bug puts millions of websites at risk of remote takeover hacks

2 12 2015
 Arstechnica
October 23, 2015
Dan Goodin

Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.

The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.

“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.

more.

The content in this post was found at http://arstechnica.com/security/2015/10/joomla-bug-puts-millions-of-websites-at-risk-of-remote-takeover-hacks/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



CFAA and SCA Do Not Prohibit Creation Of A Fake Facebook Page

10 07 2015

The defendants in a case pending in Chicago federal court were accused of contravening Facebook’s terms of use by accessing its computers in order to create a phony page and then using it to ridicule someone. In Bittman v. Fox, Case No. 14 C 8191 (N.D.Ill., June 1, 2015) (Holderman, J.), the court held that those allegations do not state a cause of action under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, or the Stored Communications Act, 18 U.S.C. § 2707.

more

The content in this post was found at hhttp://www.tradesecretslaw.com/2015/06/articles/trade-secrets/cfaa-and-sca-do-not-prohibit-creation-of-a-fake-facebook-page/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Judge overturns conviction of former Goldman Sachs programmer

10 07 2015

The New York State Supreme Court has overturned the second conviction of Sergey Aleynikov, a former programmer accused of stealing high-frequency trading source code after leaving Goldman Sachs in 2009.

The Russian-American programmer, who was featured in the book Flash Boys, was previously convicted in federal court in 2010 on one count of stealing trade secrets and one count of transporting stolen property.

He was released from prison when the United States Court of Appeals for the Second Circuit overturned the conviction in 2012.

more

The content in this post was found at http://arstechnica.com/tech-policy/2015/07/former-goldman-sachs-programmer-wins-criminal-case-on-appeal-again/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Feds arrest “most hated man on the Internet” in revenge porn hacking case

11 02 2014

As the founder of one of the first highly profitable sites to post nude photos of people against their will, 27-year-old Hunter Moore had already been branded the most hated man on the Internet. On Thursday, he was arrested on federal charges claiming that he paid a man to break into the e-mail accounts of hundreds of victims and steal sexually explicit images that later showed up on Moore’s notorious isanyoneup.com site.

According to an indictment filed in federal court in Los Angeles, Moore paid $200 or more per week for images that he knew were obtained by illegally accessing the e-mail accounts. To cover his tracks, he used PayPal accounts that weren’t linked to his identity and at one point created new e-mail addresses and deleted data tied to past hack attacks. Moore’s arrangement with Charles “Gary” Evens, who is now 25, began at an unknown date and lasted until about May 2, 2012, prosecutors alleged in the 15-count charging document.

According to the indictment:

more

The content in this post was found at http://arstechnica.com/tech-policy/2014/01/feds-arrest-most-hated-man-on-the-internet-in-revenge-porn-hacking-case/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Creating Parody Social Media Accounts Doesn’t Violate Computer Fraud & Abuse Act – Matot v. CH

1 10 2013

[Post by Venkat Balasubramani]

Matot v. CH, et al, 13-cv-153-TC (D.Or.) (Report and Recommendation, Aug. 19, 2013) (Order Dismissing Lawsuit, Sept. 26, 2013)

This is a strange lawsuit brought by high school principal who alleged that defendants (students) created social media accounts using the principal’s name and likeness. Defendants allegedly posted materials, including some which were obscene, that caused his reputation to be diminished.  He brought suit against defendants and their parents, alleging claims under the Computer Fraud and Abuse Act and for defamation and negligent supervision.

On a motion to dismiss brought by one of the defendants, the court finds that plaintiff failed to adequately allege a cause of action under the CFAA. Reviewing the CFAA case law, the court says that plaintiff’s cause of action is premised on defendants’ use of protected computers beyond the scope of authorization (i.e., use in a way that “exceeded authorized access”). Finding that Nosal, Brekka, and US v. Drew all frowned upon this as a legal theory (particularly when restrictions are contained in terms of use agreements), the court rejects the claim. In front of the magistrate judge, plaintiff requested leave to add a RICO claim, but the judge rejects this:

more

The content in this post was found at http://blog.ericgoldman.org/archives/2013/09/creating_parody.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Ex-Employee’s Access/Misuse of Employer Files States CFAA Claim — Weingand v. Harland Financial

13 08 2012

[Post by Venkat Balasubramani with comments by Eric]

Weingand v. Harland Financial Solutions, C 11 3109 EMC (N.D. Cal.; June 19, 2012)

Weingand involves claims brought by an employee, and proposed counterclaims brought by the employer against the employee. Nor surprisingly, the employer tried to assert claims under the Computer Fraud and Abuse Act (and California Penal Code section 502, a state anti-hacking statute). The court grants the employer’s motion for leave to amend, finding that the counterclaims would survive a 12(b)(6) motion.

more

The content in this post was found at http://blog.ericgoldman.org/archives/2012/08/employees_poste.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



4th Circuit Limits the Reach of the Computer Fraud and Abuse Act – WEC Carolina Energy Solutions v. Miller

29 07 2012

[Post by Venkat Balasubramani, with comments from Eric]

WEC Carolina Energy Solutions LLC v. Miller, et al., 2012 WL 3039213 (4th Cir.; July 26, 2012)

We’ve blogged about the Computer Fraud and Abuse Act being stretched by plaintiffs in civil (particularly employment) cases. The Ninth Circuit in Nosal recently gave the statute a more limited interpretation, although it left some things unclear. (Here’s our blog post on the Nosal en banc panel opinion: “Comments on the Ninth Circuit’s En Banc Ruling in U.S. v. Nosal.”) The Fourth Circuit recently followed Nosal’s approach and went one step further. Both of these rulings make it much more difficult for employers to use the Computer Fraud and Abuse Act against departing employees.

more

The content in this post was found at http://blog.ericgoldman.org/archives/2012/07/4th_circuit_lim.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Court Smacks Down Koch Industries’ Attempt to Shut Down Satirical Website — Koch Industries v. Does

2 06 2012

[Post by Venkat Balasubramani]

Koch Industries, Inc. v. Does, 10CV1275DAK (D. Utah; May 9, 2011) [.pdf]

EFF, Public Citizen and other similar organizations have excellent resources for creators of parody and satire on the internet. A recent case (litigated by Public Citizen) illustrated a few pitfalls a plaintiff–who is seeking to shut down such non-commercial content–may face. A commercial motivation does not automatically doom a parody or satire defense, but the total absence of a commercial motive will neutralize a plaintiff’s claims.

Other coverage:

Utah Court Strikes Blow for Free Speech, Dismisses Trademark and CFAA Claims Against Political Activists” (EFF)
Court Protects Hoax Press Release” (Bill McGeveran)
In Which We Lose Our Funding And Are Reduced To Eating Gravel” (Popehat)
In Koch spoof case, judge favors First Amendment” (CitizenVox)

more

The content in this post was found at http://blog.ericgoldman.org/archives/2011/07/court_smacks_do_1.html and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Runescape Publisher Denied Preliminary Injunction Against Maker of Auto-Player Software — Jagex Ltd. v. Impulse Software

2 09 2010

[Post by Venkat]

Jagex Ltd. v. Impulse Software, et al., Case No. 10-10216-NMG (D. Mass.) (Aug. 16, 2010)

Jagex operates “Runescape,” a popular and free online role-playing game. The game has over 130 million accounts, and users spend a significant amount of time “rising through the levels of the game”:

as of October, 2009, the three highest-ranking players had each spent an average of approximately 20,000 hours [!] involved in a game, e.g., 50 hours per week for almost eight years.

Impulse (along with the individual defendants) operate websites offering “cheat” tools – i.e., software that allows users to advance their characters without actually playing the game. Defendants’ software downloads a copy of Runescape and “uses a process called ‘reflection’ to examine the game’s internal operation which is normally hidden from users.” The software then “plays the game for its owner while she is away from her computer.”

more

The content in this post was found at http://blog.ericgoldman.org/archives/2010/09/runescape_publi_1.htmand was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.