Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/25/2007
06:44 AM
50%
50%

Shallow Victory for the Federal Government

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.Pushing up against existing legal statutes and creating problems for unsuspecting consumers, Zuccarini has engaged in a game of cat and mouse with federal agencies since the turn of the millennium. The Federal Trade Commission (FTC) won the latest round in the battle, but it appears that the game will continue and hurt the credibility of small and medium businesses selling their goods online.

Zuccarini has made a small fortune (millions annually) through buying Internet domain names and then redirecting unsuspecting consumers from legitimate to illegitimate sites. The crook purchased the rights to more than 5,000 sites, focusing on words that are close to well known brands, for instance he has sites for 15 variations of the popular childrens cartoon site, the cartoonnetwork.com, and 41 variations on the name of pop star Britney Spears. Surfers looking for those sites but making typographical mistakes would enter his empire and be bombarded with ads for products ranging from Internet gambling to pornography. In some cases, the legitimate Web sites that the consumers were attempting to access were also launched. Consequently, customers sometimes thought the series of ads came from those companies. In addition, it also was difficult, or impossible in some cases, for Web surfers to close the popup windows and escape the advertising deluge.

The FCC went to court to penalize Zuccarinis practice, and a judge handed him a penalty of $1.8 million. Since this agency has no criminal prosecutory power, it worked with the United States Attorney for the Southern District of New York, which brought criminal charges against Zuccarini for his misleading use of domain names and possession of child pornography. In August 2003, he was sentenced to 30 months in prison and 36 months of supervised release.

After serving his time, Zuccarini immediately returned to his vocation, but instead of trafficking in pornography (an area that was easy to prosecute), he served up other sites. In December 2006, the FTC charged that Zuccarini violated a 2002 judicial order by redirecting consumers on the Internet, misrepresenting that his domain names were affiliated or associated with third parties, and participating in affiliate marketing programs. The agency also charged that the defendant did not comply with record-keeping and reporting requirements in the original order. Last week, a judge ruled in the FTCs favor and ordered Zuccarini to pay a $164,000 judgment. The agency, which declined to divulge how much of the first penalty the cybercrook paid, is in contact with him now, and working out the payment terms of the latest judgment.

Does that sound like an appropriate punishment for a flimflam artist who diminishes consumers faith in the Internet, skirts existing laws, and chews up government law enforcement resources? It seems like a slap on the wrist; a more appropriate sentence would be stripping him of his ability to conduct any type of cyber business. Enough time and money has been wasted with this clowns actions to warrant a stiffer penalty, so legitimate businesses can concentrate on serving their customers.

Do you know what sites are linked to misspellings of your companys name? How would you deal with a cyber criminal like Zuccarini? Do you think his latest sentence was appropriate?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21441
PUBLISHED: 2021-06-16
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS A...
CVE-2020-9493
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...