[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dvd-discuss] A DMCA protected identity-theft scam

I just posted some comments to slashdot in response to the article:

eBay Customers Targetted by Credit Card Scam

that readers of this list might find interesting.

  The topic is a "credit-card theft" scam, where victims
received a piece of email spam that masquarades as an
official eBay web page, and asks the victim to type in
a large amount of sensitive information (credit card
number, social security number, mother's maiden name,
etc), and click submit.

What's interesting is that the identity-theft program is
encrypted. If you do a "view page", all that you see is
a Javascript decryption program, and a string of
encrypted numbers.

The program, when executed by your web browser,
overlays itself with the decrypted identity-theft program,
then runs it.  The purpose of this technological measure
is obviously to prevent potential victims from examining
the identity-theft program using the "view page" function
in their browser.

Therefore, this whole identity theft scam is fully
DMCA-protected! Under a strict reading of the law,
it would be a violation of 17 USC 1201(a)  for me to a
alter the decryption program in such a way as to
display the identity-theft program (and learn what the
identity-theft program actually did), and it would be a
violation of 17 USC 1201(b) for anyone to reveal
how to do it.

My full posting (including the decryption program, but
not the extremely long encrypted data stream) is at:


Regards, John