Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Newest First  |  Oldest First  |  Threaded View
Brian Bartlett
Brian Bartlett,
 User Rank: Apprentice
12/23/2013 | 3:31:53 AM
It doesn't matter...
whether you are a lieutenant, capo, bagman or enforcer. The organization, and it was definitely a group with  specific (illegal) shared goals, really is corrupt. Rackateers? Yes, they were engaging in a racket. All the elements are there, you'd need a lawyer to disect the theology needed to contradict the facts.

As for the age, this society recognizes that there are adult-size consequences to adult-size criminal acts. I understand the Aaron Schwartz analogy and it is far from the mark. No member of society was damaged save the owner of the repository and they forgave that.

As an aside: I've yet to scratch the surface of a US Attorney that din't have future higher office as a goal, which is why the statutes are heiniously applied. In this one case, where in my NSHO RICO was applied correctly, the US Attorney got the golden ring (look that up, youngsters ;). OTOH, I expect the Aaron Schwartz case is sticking to that lawyers shoes even today.

 
newsresponse
newsresponse,
 User Rank: Apprentice
12/18/2013 | 12:57:28 AM
Other Side of the Story
I love the media. I have seen several articles like this, some more biased than others, but all with the same slant that the government is being overly abusive with its use of the RICO statute. However, in each article I seem to see only the portions of the story that paint Camez as a some poor kid who at 17 got wrapped up in some "ebay for criminals".

I followed this trial closely and what I don't see in the articles is any mention of the portions of the trial where Camez was trading guns for counterfeit credit cards or the portion of the trial where one of his codefendants testified that Camez advice to him after he got in trouble at a Walmart was to next time punch the cashier in the mouth or statements Camez made about his own crew beating up a cashier. 

What I think is telling, and only gets a cursory mention, is that the jury only deliberated for 2 hours (which actually included their lunch break). The trial lasted over 3 weeks and had dozens of witnesses. Often quoted experts say that RICO is an incredibly complex statute. Yet 12 people, who arent judges or lawyers, understood the law as it applied here and made a unanimous decision in less than 2 hours. That tells me that it wasn't much of a "government experiment" at all, but instead a way to deal with the new face of organized crime.

 

 
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
12/17/2013 | 12:30:33 PM
Re: Guilty?
The appeal will be worth following, I'm also curious to see of Camez' attorneys will argue the appeal based on the inappropriateness (of lack of ) of the Rico statute. 
Mathew
Mathew,
 User Rank: Apprentice
12/17/2013 | 11:24:36 AM
Re: Guilty?
Thanks for your comment. What's notable here is that Camez never pleaded guilty. Rather, he was convicted, which makes this the first time that RICO was succesfully used in a cybercrime case that resulted in a guilty verdict. 

At first blush, I agree that using RICO to take down criminals seems like a no-brainer. But the case also raises a number of interesting legal questions. For starters, is a 17-year-old customer of an underground forum -- that's been likened to an eBay for ID thieves -- part of a "criminal enterprise"? Or is he just a thief who buys stolen IDs, and who might be succesfully rehabilitated after doing a bit of time?

Because he was convicted on the RICO front, this guy can be sent down for a much, much longer period of time (max 20 years) -- and be on the hook for the entire amount of money stolen by members of that eBay-like ID theft site -- than if he'd been convicted of a non-RICO charge (max 5 years). 

That's why Deitch was arguing that judges need to be careful about how they handle these kinds of cases. Prosecutors will always throw the biggest book (if you will) that they have at a suspect. But I'd argue that the time should fit the crime.

All that said, I think it will be interesting to see what kind of sentence Camez gets, and also if the RICO conviction holds up on appeal.
melgross
melgross,
 User Rank: Apprentice
12/17/2013 | 7:40:55 AM
Guilty?
If an individual admits to being guilty of the charges, what is a jury expected to do? I don't know if he admitted guilt during the trial, or as an aside afterwards. But I can't blame the government for going after the harsher choice, though they could have asked for a lesser penalty in this particular case. Should cyber crime be prosecuted under RICO? Sure! There are networks of criminals doing this. Estimates have been that cyber crime costs us billions a year. Crime is crime.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file