Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:44 AM

Shallow Victory for the Federal Government

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.Pushing up against existing legal statutes and creating problems for unsuspecting consumers, Zuccarini has engaged in a game of cat and mouse with federal agencies since the turn of the millennium. The Federal Trade Commission (FTC) won the latest round in the battle, but it appears that the game will continue and hurt the credibility of small and medium businesses selling their goods online.

Zuccarini has made a small fortune (millions annually) through buying Internet domain names and then redirecting unsuspecting consumers from legitimate to illegitimate sites. The crook purchased the rights to more than 5,000 sites, focusing on words that are close to well known brands, for instance he has sites for 15 variations of the popular childrens cartoon site, the cartoonnetwork.com, and 41 variations on the name of pop star Britney Spears. Surfers looking for those sites but making typographical mistakes would enter his empire and be bombarded with ads for products ranging from Internet gambling to pornography. In some cases, the legitimate Web sites that the consumers were attempting to access were also launched. Consequently, customers sometimes thought the series of ads came from those companies. In addition, it also was difficult, or impossible in some cases, for Web surfers to close the popup windows and escape the advertising deluge.

The FCC went to court to penalize Zuccarinis practice, and a judge handed him a penalty of $1.8 million. Since this agency has no criminal prosecutory power, it worked with the United States Attorney for the Southern District of New York, which brought criminal charges against Zuccarini for his misleading use of domain names and possession of child pornography. In August 2003, he was sentenced to 30 months in prison and 36 months of supervised release.

After serving his time, Zuccarini immediately returned to his vocation, but instead of trafficking in pornography (an area that was easy to prosecute), he served up other sites. In December 2006, the FTC charged that Zuccarini violated a 2002 judicial order by redirecting consumers on the Internet, misrepresenting that his domain names were affiliated or associated with third parties, and participating in affiliate marketing programs. The agency also charged that the defendant did not comply with record-keeping and reporting requirements in the original order. Last week, a judge ruled in the FTCs favor and ordered Zuccarini to pay a $164,000 judgment. The agency, which declined to divulge how much of the first penalty the cybercrook paid, is in contact with him now, and working out the payment terms of the latest judgment.

Does that sound like an appropriate punishment for a flimflam artist who diminishes consumers faith in the Internet, skirts existing laws, and chews up government law enforcement resources? It seems like a slap on the wrist; a more appropriate sentence would be stripping him of his ability to conduct any type of cyber business. Enough time and money has been wasted with this clowns actions to warrant a stiffer penalty, so legitimate businesses can concentrate on serving their customers.

Do you know what sites are linked to misspellings of your companys name? How would you deal with a cyber criminal like Zuccarini? Do you think his latest sentence was appropriate?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A, versions earlier than Emily-AL00A, versions earlier than NEO-AL00D NEO-AL00 have an improper validation vulnerability. The system does not perform...
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B,,,,,, have an insufficient verification vulnerability. The system does not verify certain par...
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.