Friday, December 22, 2006

Even Criminals Should be Careful about Authentication

Here in Cyberspace-law-land, we've long been noting that lack of a true purely electronic method authentication is the big thing that prevents e-commerce from making the leap into the big time. (Yes, you can buy plenty of books online, but nobody has been willing to sell you a house on a transaction that is totally end-to-end online -- You still need to see somebody offline.) There is still some risk that the person you are dealing with is not who they claim to be. If one is vending a low-cost items like books, maybe the risk is sufferable. If one has backup from another independent system like a credit card system, maybe the risk is mitigated. But, if one is doing high-value transactions with a purely electronic communication, from start to finish, authentication is still a serious isue.

Well, it seems you can't even solicit somebody to do a crime without running into potential authentication problems. On an e-mail exchange posted on the site http://attrition.org/, a couple of guys apparently answered a widely disseminated request from somebody who was allegedly soliciting for someone to engage in potentially criminal enterprises (i.e., entering without authority into the systems of the solicitor's alma mater to change his Grade Point Average). The guys who took up the call were spoofing the solicitor -- let's just say that hilarity ensued. (It almost reminded me of the elaborate e-mail chains the infamous Nigerian spammers would start once they might have started to reel in a victim...)

To put it mildly, when you get to the part where the spoofers ask the solicitor for pictures of the pigeons on his college campus to prove that he's not an FBI agent, you will probably be spitting your lunch all over the table. (Aim away from the computer screen when you do that. Trust me on that one.)

Notes --
  1. All people are innocent before the law until found guilty -- Even on this blog.
  2. There is a background story on this that involves U.S. politics -- Many of you might have already gotten wind of this story because of that aspect. This blog has no dog in that hunt... We're all about the cyberspace part.
  3. If you do go to the actual e-mail exchange posted at http://www.attrition.org/postal/z/033/0871.html, it contains a few choice words that most of us would not want to say out loud in front of our grandmothers. Press the link at your own risk. There's a less naughty-word laden report on the story here if you wish. And, props to Talking Point Memo for originally pointing out the story to me.

ANYWAY -- I hope each of you has a happy holiday season, and we look forward to seeing many of our readers at upcoming Cyberspace Law Committee events during 2007!

No comments: