[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Legal problems: TOR relay & Torrents in .de



On 04/02/13 12:33, Hendrik Neumann wrote:

I've been running an exit node from my home network for ca. a year or
so. Now I've receviced mail from 21st Century Fox's lawyers in Germany
accusing me of torrenting a movie. Since all I offer via Torrent are
some old PC-BSD-ISOs and "House on Haunted Hill", I'm pretty sure it
must have been a user from the TOR network.


Hi Hendrik,

Have a look at this article from Thursday's New York Times:

www.nytimes.com/2013/02/14/business/global/europol-takes-down-cybercrime-gang-in-spain.html

and particularly the last para:

"While the virus generally came with a police warning, the gang is believed to have used different versions to deceive more users, including one fraudulent message that was designed to look as if it had been sent by the Spanish association that defends artistsâ copyrights."

I would give some thought to the possibility that there is another criminal gang behind your letter, pretending to be Fox in order to get your money. This kind of scareware seems to have appeared only in the last year or two.

*********************************************************************
Disclaimer: I am not a lawyer, nor do I have any direct experience of this kind of scam. Do not rely on my advice in a court of law!
*********************************************************************

Having said that, several aspects of this do seem very suspect to me. First, the vagueness of the initial accusation. They could send an identical message to any IP address with substantial steady upload traffic.

You write on 11/02/13 19:31 that:

>
>FOX is working with a German company, ipoque GmbH, that monitors
>filesharing platforms. So they've logged my IP (the exit node), the
>time stamp, the hash of the file in question and got a court order
>that forced my ISP to handover my personal data to them.
>

Do you have independent confirmation of this, or does it come only from the "Fox" letter? For what it's worth, a Google search on 'ipoque GmbH 21st Century Fox' with time set to 'past year' gives no results at all. So if it's a media industry initiative, it's not a well publicised one! And ipoque GmbH are well known for Deep Packet Inspection, so if I were concocting a scareware letter, they are the company I'd name. You might consider contacting ipoque GmbH; you could say you suspect their name is being used in a scareware extortion scam. That should get their attention. If they're not actually working with Fox, you can relax (and call the police); if they are, that still doesn't necessarily mean your particular letter is genuine.

Have "Fox" actually given you the time stamp and hash, or simply told you that they have them? Even if they have given you numbers, they may simply be invented; they know that you have no way of checking whether the "torrenting" actually happened or not.

If it is genuine, the court order at least must be on public record somewhere. If the letter they sent you does not give details of this court order (enough for you - or potentially, your lawyers - to be able to verify it for yourself), be very suspicious. It's almost certainly a scam, like all those emails "from the Bank" that start "Dear Customer" instead of using your name.

Now they want me to pay â1.0000 (which I don't have due to recent
health problems and unemployment) and sign some papers.

Second, this immediate demand for money. In my experience, real lawyers work much more slowly than this (after all, they can charge for every letter they write). First one or two demands that you stop what you're doing, then a threat of eventual legal action, and so on. If they want to build a case against you that will stand up in court, they would usually have to show that you were given fair warning, and then wilfully and knowingly persisted in your evil-doing for a substantial time.

**********************************************************************
Repeat disclaimer: I am not a lawyer! This is only my gut-feeling as an interested bystander.
***********************************************************************

Was the demand for money in the very first communication you received from "Fox"? If it was, it looks very much like a scam artfully designed to bounce you into sending the money without thinking, especially if they gave you a tight deadline and threatened drastic consequences on non-payment. What was their suggested payment method? A payment into an account verifiably owned by the real Fox? Or something more gang-friendly?

All in all, if it swims like a duck and quacks like a duck, it probably is a duck. Or a scam. Don't be fooled by impressive letterheads and so on, they're really easy to forge. From the article:

âIt used the idiom and logo of each specific police service,â [Mr Wainwright] said. âEven Europol and my own name have been used to defraud citizens.â

Don't give too much weight to the fact that they apparently got your address from your ISP (when you wrote "mail from Fox" I'm assuming you meant snailmail). ISPs can be fooled just as easily as individuals. If a "Mr Wainwright from Europol" contacted an ISP and demanded a list of subscribers with substantial upload traffic, who would refuse? Even forging a court order would be quite possible (as long as the ISP didn't bother to check back with the court).

And there is always the possibility that the gangsters have bribed someone in the ISP to give them a list of addresses ("There's no harm in it, it's only for marketing, honest ..."). If there are 1000 people on the list, and 10% of them fall for the the scam and pay 1000 euros, I'll leave you to estimate how much of the profit is available for bribes!

Has your ISP contacted you independently and accused you of misusing their service? If not, be very suspicious. Ask them if they know about this "court order". Did they verify it with the issuing court?

In short: suspect everything, check everything. One thing in your favour is that the more convincing-looking detail a scareware letter contains, the more things there are that you can check. If the letter is on a law firm's letterhead, check that the company exists. If it does, check that the phone numbers and addresses on the letter match those of the real company. Don't bother contacting the address given in the letter yourself, that will just connect you to the gangsters. Of course they'll sound convincing, it's their profession!

Like everyone who runs a tor relay, you'll be aware that it'll sometimes be used (but you won't know when) by bad guys. You'll also have calculated that the good guys greatly outnumber the bad guys, and that on balance tor benefits the good guys. But never forget that the bad guys are always out there, and to them, you're just prey like everyone else.

I'm a bit surprised that nobody else in this discussion has raised the scam possibility so far. Am I really the most paranoid person here (pauses to adjust tinfoil helmet ...)?

Anyway, best of luck however it turns out,

Nick Sheppard

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk