Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/25/2007
06:44 AM
50%
50%

Shallow Victory for the Federal Government

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.Pushing up against existing legal statutes and creating problems for unsuspecting consumers, Zuccarini has engaged in a game of cat and mouse with federal agencies since the turn of the millennium. The Federal Trade Commission (FTC) won the latest round in the battle, but it appears that the game will continue and hurt the credibility of small and medium businesses selling their goods online.

Zuccarini has made a small fortune (millions annually) through buying Internet domain names and then redirecting unsuspecting consumers from legitimate to illegitimate sites. The crook purchased the rights to more than 5,000 sites, focusing on words that are close to well known brands, for instance he has sites for 15 variations of the popular childrens cartoon site, the cartoonnetwork.com, and 41 variations on the name of pop star Britney Spears. Surfers looking for those sites but making typographical mistakes would enter his empire and be bombarded with ads for products ranging from Internet gambling to pornography. In some cases, the legitimate Web sites that the consumers were attempting to access were also launched. Consequently, customers sometimes thought the series of ads came from those companies. In addition, it also was difficult, or impossible in some cases, for Web surfers to close the popup windows and escape the advertising deluge.

The FCC went to court to penalize Zuccarinis practice, and a judge handed him a penalty of $1.8 million. Since this agency has no criminal prosecutory power, it worked with the United States Attorney for the Southern District of New York, which brought criminal charges against Zuccarini for his misleading use of domain names and possession of child pornography. In August 2003, he was sentenced to 30 months in prison and 36 months of supervised release.

After serving his time, Zuccarini immediately returned to his vocation, but instead of trafficking in pornography (an area that was easy to prosecute), he served up other sites. In December 2006, the FTC charged that Zuccarini violated a 2002 judicial order by redirecting consumers on the Internet, misrepresenting that his domain names were affiliated or associated with third parties, and participating in affiliate marketing programs. The agency also charged that the defendant did not comply with record-keeping and reporting requirements in the original order. Last week, a judge ruled in the FTCs favor and ordered Zuccarini to pay a $164,000 judgment. The agency, which declined to divulge how much of the first penalty the cybercrook paid, is in contact with him now, and working out the payment terms of the latest judgment.

Does that sound like an appropriate punishment for a flimflam artist who diminishes consumers faith in the Internet, skirts existing laws, and chews up government law enforcement resources? It seems like a slap on the wrist; a more appropriate sentence would be stripping him of his ability to conduct any type of cyber business. Enough time and money has been wasted with this clowns actions to warrant a stiffer penalty, so legitimate businesses can concentrate on serving their customers.

Do you know what sites are linked to misspellings of your companys name? How would you deal with a cyber criminal like Zuccarini? Do you think his latest sentence was appropriate?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.