[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[dvd-discuss] A DMCA protected identity-theft scam
- To: dvd-discuss(at)cyber.law.harvard.edu
- Subject: [dvd-discuss] A DMCA protected identity-theft scam
- From: John Schulien <schulien(at)speakeasy.net>
- Date: Fri, 13 Dec 2002 13:29:54 -0600
- Reply-to: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
I just posted some comments to slashdot in response to the article:
eBay Customers Targetted by Credit Card Scam
http://slashdot.org/article.pl?sid=02/12/13/0338219
that readers of this list might find interesting.
The topic is a "credit-card theft" scam, where victims
received a piece of email spam that masquarades as an
official eBay web page, and asks the victim to type in
a large amount of sensitive information (credit card
number, social security number, mother's maiden name,
etc), and click submit.
What's interesting is that the identity-theft program is
encrypted. If you do a "view page", all that you see is
a Javascript decryption program, and a string of
encrypted numbers.
The program, when executed by your web browser,
overlays itself with the decrypted identity-theft program,
then runs it. The purpose of this technological measure
is obviously to prevent potential victims from examining
the identity-theft program using the "view page" function
in their browser.
Therefore, this whole identity theft scam is fully
DMCA-protected! Under a strict reading of the law,
it would be a violation of 17 USC 1201(a) for me to a
alter the decryption program in such a way as to
display the identity-theft program (and learn what the
identity-theft program actually did), and it would be a
violation of 17 USC 1201(b) for anyone to reveal
how to do it.
My full posting (including the decryption program, but
not the extremely long encrypted data stream) is at:
http://slashdot.org/comments.pl?sid=47796&cid=4882588
Regards, John