A Lawsuit Tries to Get at Hackers Through the Banks They Attack
By SAUL HANSELL The New York Times August 20, 2009
A lawsuit filed on Wednesday against some of the most shadowy Internet criminals - gangs based in Eastern Europe that electronically break into business computers, steal banking passwords and transfer themselves money - is being used to pry information from a group that is nearly as reclusive as the hackers: banks whose computers have been compromised.
The suit by Unspam Technologies, which organizes volunteers to track down information about spammers and other online rogues, was filed in United States District Court for the Eastern District of Virginia.
The lawyer for Unspam, Jon L. Praed, concedes he is unlikely ever to discover the names of the hackers. But he hopes to get the details of the thefts, the names of victims and other information from the banks that can be used to improve security and possibly identify the hackers.
Mr. Praed, the head of the Internet Law Group, which is based in Arlington, Va., has used the technique successfully on behalf of AOL and Verizon to identify people sending spam to their customers. The same legal method was used by the recording industry to force Internet providers to name customers who were exchanging copyrighted songs.
More recently, Mr. Praed has used these "John Doe suits" - so called because the unnamed defendant is identified only as John Doe - to get information from third parties that can then be passed to law enforcement officials and online security experts and used as the basis for other civil suits.
In 2007, Mr. Praed filed a suit on behalf of Unspam that was aimed at gathering information on illegal Internet pharmacies and the companies that support them. He declined to discuss any actions taken as a result.
The suit filed Wednesday invokes the federal Can-Spam Act because some of the malicious programs that infect corporate computers are sent in the form of attachments to e-mail messages. It is more common these days for computers to become infected when users visit Web sites that have been secretly taken over by hackers and unknowingly download computer code that then controls their computers.
...