Transcript Consumer Protection Division

High-Tech Investigations
Related To Consumer Fraud
Presented by Rebecca Henderson
IPMA Executive Seminar
Company
Campbell’s
Resort
LOGO
October
15, 2008
Your Presenter
 Rebecca Henderson



Computer Investigative Specialist
Consumer Protection Division’s High Tech Unit
Washington Attorney General’s Office
 Certifications





CCNA
Security+
CSFA
i-Net+
C|EH
Agenda
 Overview of the Consumer Protection Division


What We Do
High Tech Unit
 Laws Related to Our Civil Investigations




Consumer Protection Act
Computer Spyware Act
Unsolicited Commercial Email
Canned SPAM
 Examples of Actual Cases
 Emerging Trends
Consumer Protection Division
 10 attorneys and 43 professional staff
 Enforces the Consumer Protection Act (RCW 19.86)
 Investigates and files legal actions to stop unfair and
deceptive practices
 Recovers refunds for consumers and imposes penalties
on offending businesses
 Recovers attorneys’ fees and costs
Consumer Protection Division
 Mission

To secure a marketplace free from deceit and
unfairness and to promote fair methods of competition
 Tools




Education
Informal Mediation
Investigation and Enforcement
Legislation
High Tech Unit
 One of the most active and well-respected high tech
fraud units (HTU) in the country
 The division and its HTU was one of the first to enforce
cases under both state and federal spam laws
 One of the first in the country to pursue fraudsters under
state spyware laws
 Team is supported by a computer forensic expert and
state-of-the-art high tech lab
Consumer Protection Act
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.86&full=true
 Chapter 19.86 RCW

Unfair competition, practices, declared unlawful

Attorney General may restrain prohibited acts


Demand to produce documentary materials for inspection,
answer written interrogatories, or give oral testimony
Civil penalties
 $2,000 per violation
 Person, other than a corporation, not more than $100,000
 Corporation, not more than $500,000
Computer Spyware Act
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.270&full=true
 Chapter 19.270 RCW

Unlawful activities







Modification of settings
Collection of personally identifiable information
Installation or removal of software
Taking control of a computer
Preventing installation of certain software
Misrepresenting security software
Civil Penalties
 Enjoin further violations
 Recover actual damages or $100,000 per violation
Commercial Electronic Email
http://apps.leg.wa.gov/RCW/default.aspx?cite=19.190&full=true
 Chapter 19.190 RCW

Unpermitted or misleading electronic mail

Commercial electronic text message

Civil actions
 Greater of actual damages or $5,000 per violation
 Up to three times the damages if defendant has engaged in a
pattern and practice of violation
CAN SPAM Act
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
 CAN-SPAM Act of 2003 (Controlling the Assault of
Non-Solicited Pornography and Marketing Act)




Bans false or misleading header information
Prohibits deceptive subject lines
Requires that your email give recipients an opt-out
method
Requires that commercial email be identified as an
advertisement and include the sender’s valid physical
postal address
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3770
 First case under Washington’s Computer Spyware Act
 Advertised and distributed a product called Spyware
Cleaner through:
Spam
Pop-up ads
Deceptive hyperlinks

 Six defendants sued for Spyware Act and Consumer
Protection Act Violations
Cases – Secure Computer

Ad for Spyware Cleaner
Cases – Secure Computer
Free Spyware scan results always show Extreme Risk
Cases – Secure Computer

Pop up seen after exiting the program
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3982
 First to Settle in State’s First Spyware Case


Zhijian Chen, of Portland, Oregon, will pay nearly $84,000 in
fines and consumer restitution for marketing bogus anti-spyware
software through deceptive means
Chen promoted Secure Computer’s Spyware Cleaner through
Net Send messages
 Stipulated Judgment




Costs and Fees: $43,917.00
Restitution: $16,000.32
Civil Penalties: $24,000
Total Judgment: $83,917
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=3840
 Second to Settle in State’s First Spyware Case

Defendant’s name allegedly used as an alias in business
transactions
 Consent Decree


Gary T. Preston will pay $7,200 in legal costs and attorney’s fees
Prohibits him from assisting any person or organization in
disguising its identity from the public or law enforcement
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=4334
 Third defendant to settle


SethTraub advertised Secure Computer’s Spyware Cleaner
program using Google AdWords
He will pay $2,000 in legal costs and attorneys’ fees.
 Enjoined from (in the context of any advertising or sale):




Using any trademarked terms
Making any misrepresentations
Making any unsubstantiated claims
Using any terms that have the tendency or capacity to deceive
consumers
Cases – Secure Computer
http://atg.wa.gov/pressrelease.aspx?&id=5926
 Secure Computer Settlement



Marketed and sold Spyware Cleaner on several Web sites
including myspywarecleaner.com and checkforspyware.com
When tested on a computer that was deliberately infected with
spyware, Spyware Cleaner failed to detect some types of
spyware
During the free scan, the software also surreptitiously erased a
computer’s Hosts file
 Judgments




Costs and Fees: $725,000
Restitution: $75,000
Civil Penalties: $200,000
Total Judgment: $1,000,000
Cases – High Falls Media
http://atg.wa.gov/pressrelease.aspx?&id=4950
 Promoted a software program called Spyware
Slayer through deceptive means
 Failed to disclose costs of a music download
service until after consumers provided personal
information
Cases – High Falls Media
Cases – High Falls Media
Cases – High Falls Media
 Pop-up seen when closing www.freepcscan.com
Cases – High Falls Media
 Results of free scan always show extreme risk
Cases – High Falls Media
 www.247downloads.com
represented as a “legal
PTP” music, movie,
game, and software
download service
Cases – High Falls Media
 Free
Download
Club actually
requires
monthly
subscription
for $29.95 a
month to be a
member
Cases – High Falls Media
 Consent Decree


Civil Penalties: $300,000 (with $275,000 suspended
upon compliance with this Consent Decree)
Restitution: refunds for consumers who purchased
their products

Costs and Fees: $30.000

Total Judgment: $330,000
Cases – High Falls Media
 Injunctions




Using the word “free” without actual cost in
close proximity
Representing a product or service as
“unlimited” when there are limits
Creating a false sense of urgency in the
context of advertising
Collecting personal information from
consumers without clear disclosure
Cases – Movieland.com
http://atg.wa.gov/pressrelease.aspx?&id=4286
 Advertised a free, three-day trial offer that requires users
to download software
 After trial period, billing software was remotely activated
causing a pop-up window to take up most of the screen
 Clicking “Continue” launches a 40-second video
 Prevented users from using Control Panel to uninstall
the program
Cases – Movieland.com
 Advertisement
Cases – Movieland.com
 Advertisement
Cases – Movieland.com
Cases – Movieland.com
Cases – Movieland.com
 Popup Demonstration

Audio
Body

Kate

Cases – Movieland.com
 Injunctions



May not use Internet to offer anonymous free trials to
consumers located in the State of Washington.
Cannot collect payment for goods or services without
a valid contract
Shall not distribute, download, or install any software
program, code, script or other content without
certification from user that he is the computer owner
Cases – Quikshield
http://atg.wa.gov/pressrelease.aspx?&id=4118
 Advertised for a pop-up blocker using pop-up ads
 Misrepresented security risks to induce consumers
to install software for security purposes
 Misrepresented advertisement as a “security alert”
 Software could not be completely uninstalled by
reasonable means
Cases – Quikshield
Cases – Quikshield
 Advertisement
Cases – Quikshield
Cases – Quikshield
 Pop-up seen if icon on system tray is
closed and computer is rebooted
Cases – Quikshield
Cases – Quikshield
 Total Judgment - $16,444.37
 Injunctions



Failing to provide an operable uninstall
function
Misrepresenting an advertisement as a
Microsoft Internet Explorer security alert
message
Misrepresenting security functions are not
working properly
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=12328
 Feigned the discovery of critical errors on a computer
 Prevented a computer user from declining the installation of
software
 Modified computer settings
 Intentionally misrepresented the necessity of new software
for security purposes
 Misled consumers into believing that registry-cleaner
software had performed indicated repairs
Cases – SecureLink
 Defendants

Manuel Corona, Jr
 Owner of SecureLink Networks LLC
 www.registryrinse.com
 Marketed and sold Registry Sweeper Pro and Registry Doc

Rudy O. Corella
 Owner of NJC Softwares, LLC
 www.registrydoc.com
 Marketed and sold Registry Doc, Registry Cleaner 32, and Registry
Cleaner Pro

HoanVinh V. Nguyenphuoc
 Owner of FixWinReg LLC
 Marketed and sold Registry Rinse, Registry Sweeper Pro, and
Registry Doc
 Typical ad sent by Manuel Corona
Cases – SecureLink
 Typical net send ads sent by Rudy Corella
Cases – SecureLink
 Typical net send ad sent by Hoanvinh Nguyenphuoc
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=18078
 HoanVinh V. Nguyenphuoc


Owner of FixWinReg LLC
Sent anonymous net send messages that simulated
security warnings
 Stipulated Judgment


Costs and Fees: $25,000
Civil Penalties: $75,000, with $75,000 suspended on
condition of compliance with all of the terms of the
Decree
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=19692
 Manuel Corona




Owner of SecureLink Networks
Intentionally misrepresented the extent software was necessary
for security purposes
Induced consumers to download, install, and purchase
Misrepresented the presence of critical errors on consumers
computers
 Summary Judgment


Costs and Fees: $141,020.45
Civil Penalties: $400,000.00
Cases – SecureLink
http://atg.wa.gov/pressrelease.aspx?&id=19692
 Rudy Corella




Owner of NJC Softwares
Sent anonymous net send messages that simulated security
warnings
Bundled TwikiBar with Registry Doc
Hijacked home page settings
 Summary Judgment


Costs and Fees: $141,020.45
Civil Penalties: $400,000.00
Cases – Messenger Blocker
http://www.atg.wa.gov/pressrelease.aspx?&id=19416
 Windows Messenger spammer
 Bombarded consumers with ads for pornography and
Viagra
 Ads also instructed consumers to download and install
Messenger Blocker
 Once installed, ads would stealthily be sent from
consumer’s computer
Cases – Messenger Blocker
 Ad for PleasureRX
Cases – Messenger Blocker
 Ad for College Degree without tests
Cases – Messenger Blocker
 Ad for Messenger Blocker
Cases – Messenger Blocker
 Ad for Messenger Blocker
Cases – Messenger Blocker
 Ad for generic Viagra
Cases – Messenger Blocker
 Ad
Cases – Messenger Blocker
 Ad for Messenger Blocker
Cases – Messenger Blocker
Cases – Messenger Blocker
 Program
Cases – Messenger Blocker
 Task Manager is disabled
Cases – Messenger Blocker
 Copyright warning
Cases – Messenger Blocker
 Injunctions



Misrepresenting urgency, exclusivity, or need
for products or services in the context of
advertising
Using Net Send messages to promote any
products or services
Using any form of advertising that simulates a
an alert or security message
Cases – SubscriberBASE
http://www.atg.wa.gov/pressrelease.aspx?&id=19674
 Advertised FREE laptops, HDTVs, digital
cameras, etc.
 Required completion of sponsor offers that
would cost more than the value of the free gift
 Consumer information became part of a
database that was leased for commercial email
use
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
Cases – SubscriberBASE
 Consent Decree



Civil Penalties: $350,000, provided that $55,000 shall
be payable and $295,000 suspended on condition of
compliance with all of the terms of the Consent
Decree
Restitution: refunds to consumers (potentially 2.7
million dollars)
Costs and Fees: $69,365.50
Cases – SubscriberBASE
 Changes to disclosures
Cases – SubscriberBASE
Current Trends in Deception
 Fake online spyware/antivirus scanners

Uses trickery through JavaScript to simulate
scanning of computer
 Rogue registry cleaner programs


Label all results as “critical errors”
Scan of registry does not actually occur
 Hosting companies “ignoring” complaints

Atrivo/Intercage
XP Antivirus
XP Antivirus
XP Antivirus
XP Antivirus
Changes to Spyware Act
 Removes onerous requirements that hinder
ability to prove cases against violators
 Creates liability for Web hosting services who
ignore violators’ use of their products or
merchants who pay others to violate the law
 Adds violations for new forms of spyware
 Clarifies the standards for proof of violations and
the circumstances under which actions may be
brought.
Cases – RegistryCleanerXP
http://www.atg.wa.gov/pressrelease.aspx?&id=21026
 New lawsuit using tougher legislation
 Five causes of action against:



James Reed McCreary IV
Branch Software
Alpha Red, Inc.
 Advertised via Net Send messages
Registry Cleaner XP
Registry Cleaner XP
Registry Cleaner XP
Contact Information
Consumer Protection Division, TB-14
Office of the Attorney General of Washington
800 Fifth Avenue, Suite 2000
Seattle, WA 98104-3188
Rebecca Henderson
Computer Investigative Specialist
(206) 389-2736
[email protected]