Computer Searchs, Electronic Communication, Computer Trespass

0 %
100 %
Information about Computer Searchs, Electronic Communication, Computer Trespass

Published on May 12, 2008

Author: ctin

Source: slideshare.net

Computer Crime and Digital Evidence Legal Issues Ivan Orton Complex Prosecutions & Investigations Division King County Prosecutor’s Office 500 Fourth Ave., Rm. 840 Seattle, WA 98104 [email_address] 206 296-9082

Legal Issues that Arise in Three Situations Warrants for searching computers Warrants for tracing electronic communications What constitutes a computer trespass

Warrants for searching computers

Warrants for tracing electronic communications

What constitutes a computer trespass

Fixing a Bad Warrant, Already Executed

Legal Problems in Computer Searches Warrant does not establish PC to search (or seize) computer Getting a second warrant Using general custom or habit information to establish PC Taking computer offsite for searching

Warrant does not establish PC to search (or seize) computer

Getting a second warrant

Using general custom or habit information to establish PC

Taking computer offsite for searching

Legal Problems in Computer Searches (cont) Consent searches Search incident to arrest Out of State warrants Time limits on execution of search

Consent searches

Search incident to arrest

Out of State warrants

Time limits on execution of search

Legal Problems in Computer Searches Warrant does not establish PC to search (or seize) computer

Warrant does not establish PC to search (or seize) computer

General Search Law for Containers United States v. Ross (US Supreme - 1982) “ A lawful search of fixed premises generally extends to the entire area in which the object of the search may be found and is not limited by the possibility that separate acts of entry or opening may be required to complete the search” United States v. Hunter (D. Vt. 1998) “ A finding of probable cause is not predicated on the government’s knowing precisely how certain records are stored.”

United States v. Ross (US Supreme - 1982)

“ A lawful search of fixed premises generally extends to the entire area in which the object of the search may be found and is not limited by the possibility that separate acts of entry or opening may be required to complete the search”

United States v. Hunter (D. Vt. 1998)

“ A finding of probable cause is not predicated on the government’s knowing precisely how certain records are stored.”

It is axiomatic that when a search warrant properly describes the things to be searched and seized, it also authorizes law enforcement officers to search inside any container in which the items could reasonably be found. State v. Mazzaferro, Div I, 2007 UNPUBLISHED OPINION

The Grow House

The Card Reader

The Unpublished Opinions Mazzaferro Dunn

Mazzaferro

Dunn

Issues Other than naming computer, how can we make sure computer records are covered? “Records” means those items in whatever form created or stored.

Other than naming computer, how can we make sure computer records are covered?

“Records” means those items in whatever form created or stored.

Legal Problems in Computer Searches Getting a second warrant

Getting a second warrant

Legal Problems in Computer Searches Using general custom or habit information to establish PC

Using general custom or habit information to establish PC

Legal Problems in Computer Searches Taking computer offsite for searching

Taking computer offsite for searching

Content of the Affidavit: Issues Can Police take a computer offsite for examination?

Can Police take a computer offsite for examination?

Content of the Affidavit: Issues What about if you request and receive permission in the warrant? Some 9th Circuit law suggesting that must justify in each instance

What about if you request and receive permission in the warrant?

Some 9th Circuit law suggesting that must justify in each instance

Legal Problems in Computer Searches Consent searches

Consent searches

Consent Exception Crucial Requirement is Common Authority Parent Spouse Co-User Workplace Private v. Public

Crucial Requirement is Common Authority

Parent

Spouse

Co-User

Workplace

Private v. Public

Password Protected Files … US v. Trulock , 275 F.3d 391 (4th Cir., 2001) Although housemate had general authority to consent to search of their shared computer, housemate lacked authority to consent to search of defendant’s private, password-protected files. In other words, same as roommate, shared apartment/house rule - if door is locked or otherwise indications that space is not shared, roommate can’t consent

US v. Trulock , 275 F.3d 391 (4th Cir., 2001)

Although housemate had general authority to consent to search of their shared computer, housemate lacked authority to consent to search of defendant’s private, password-protected files.

In other words, same as roommate, shared apartment/house rule - if door is locked or otherwise indications that space is not shared, roommate can’t consent

Workplace Searches

Facts Employer contacts police Police ask employer to retain copies of hard drive Employer provides hard drive to police

Employer contacts police

Police ask employer to retain copies of hard drive

Employer provides hard drive to police

Evidence Suppressed?

More Facts Dispute as to whether police directed employees to seize hard drive Employees said police did (and their actions were consistent with this belief) Police said they only asked them to retain what they had copied Trial court believed employee version

Dispute as to whether police directed employees to seize hard drive

Employees said police did (and their actions were consistent with this belief)

Police said they only asked them to retain what they had copied

Trial court believed employee version

Now Should Evidence be Suppressed?

4 th Amendment Primer Fourth Amendment applies: Reasonable expectation of privacy Government action If 4 th Amendment applies need a warrant unless . . . Consent

Fourth Amendment applies:

Reasonable expectation of privacy

Government action

If 4 th Amendment applies need a warrant unless . . .

Consent

Difference between Public and Private Employer Searches PRIVATE Search by employer is not government action (unless) Employer can consent to police search Employees have reasonable expectation of privacy in their workspace PUBLIC Search by employer is always government action Employer cannot consent to police search Do public employees have a REP?

PRIVATE

Search by employer is not government action (unless)

Employer can consent to police search

Employees have reasonable expectation of privacy in their workspace

PUBLIC

Search by employer is always government action

Employer cannot consent to police search

Do public employees have a REP?

Public Employer Searches O’Connor v. Ortega (1987) There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.) Even with reasonable expectation of privacy, employer can search for work related reasons or to investigate work related misconduct.

O’Connor v. Ortega (1987)

There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.)

Even with reasonable expectation of privacy, employer can search for work related reasons or to investigate work related misconduct.

Public Employer Searches O’Connor v. Ortega (1987) There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.) Even with reasonable expectation of privacy, employer can search for work related reasons or to investigate work related misconduct.

O’Connor v. Ortega (1987)

There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.)

Even with reasonable expectation of privacy, employer can search for work related reasons or to investigate work related misconduct.

Back to the Scenario What are the Issues Is there a REP? Tech people had complete access to computers Firewall monitored all activity Firewall Logs reviewed frequently Employees were advised of above Employees were told computers were company property, to be used for company purposes only

Is there a REP?

Tech people had complete access to computers

Firewall monitored all activity

Firewall Logs reviewed frequently

Employees were advised of above

Employees were told computers were company property, to be used for company purposes only

Back to the Scenario What are the Issues Was there government action? Was there valid consent?

Was there government action?

Was there valid consent?

Ziegler 1 Court ruled that policies and procedures means there was no reasonable expectation of privacy Therefore did not need to discuss other issues

Court ruled that policies and procedures means there was no reasonable expectation of privacy

Therefore did not need to discuss other issues

Remember O’Connor O’Connor v. Ortega (1987) There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.)

O’Connor v. Ortega (1987)

There is a reasonable expectation of privacy (unless actual office practices and procedures or legitimate regulation permit the supervisor or co-workers or the public to enter the employee’s workspace.)

Was Ziegler Correctly Decided? Difference Between Expectation of Privacy from Employer Search as opposed to From Police Search O’Connor (and other cases relied on in Ziegler) were public employer searches As such there is no difference between an employer and the police In private context there is a difference

Difference Between Expectation of Privacy from Employer Search as opposed to From Police Search

O’Connor (and other cases relied on in Ziegler) were public employer searches

As such there is no difference between an employer and the police

In private context there is a difference

Ziegler 2 Court ruled that no expectation of privacy from employer searches did not mean no expectation of privacy from police search Employees were agents of government in obtaining hard drive Employer had common authority over computer and could consent to police search

Court ruled that no expectation of privacy from employer searches did not mean no expectation of privacy from police search

Employees were agents of government in obtaining hard drive

Employer had common authority over computer and could consent to police search

Where Does that Leave Us? PRIVATE Search by employer is not government action (unless) Employer can consent to police search if . . . REP: Almost always have a REP against police action May (or may not) have REP against employer search* If no REP against employer search, employer can consent PUBLIC Search by employer is always government action Employer cannot consent to police search REP Have a REP unless policies or practices suggest otherwise Even with REP employer can search for work related reasons or to investigate suspected employee malfeasance

PRIVATE

Search by employer is not government action (unless)

Employer can consent to police search if . . .

REP:

Almost always have a REP against police action

May (or may not) have REP against employer search*

If no REP against employer search, employer can consent

PUBLIC

Search by employer is always government action

Employer cannot consent to police search

REP

Have a REP unless policies or practices suggest otherwise

Even with REP employer can search

for work related reasons or

to investigate suspected employee malfeasance

Refinement of Public Search Law Warrentless Search Search must be work-related Presence or involvement of law enforcement officers will not invalidate the search so long as the employer or his agent participates for legitimate work-related reasons Fact that work-related malfeasance being investigated is also a crime will not make search invalid Search must be justified at its inception and permissible in its scope

Warrentless Search

Search must be work-related

Presence or involvement of law enforcement officers will not invalidate the search so long as the employer or his agent participates for legitimate work-related reasons

Fact that work-related malfeasance being investigated is also a crime will not make search invalid

Search must be justified at its inception and permissible in its scope

Legal Problems in Computer Searches Search incident to arrest

Search incident to arrest

Legal Problems in Computer Searches (cont) Out of State warrants

Out of State warrants

Out of State Providers - A New Law Requires compulsory process recipient to produce records within 20 days Applies to any person or corporation who has conducted business or engaged in transactions occurring at least in part in Washington Effective June 12 2008

Legal Problems in Computer Searches (cont) Time limits on execution of search

Time limits on execution of search

Time to Conduct Search Computer is properly seized for offsite search Computer is turned over to crime lab Crime lab searches computer three weeks later Ok?

Computer is properly seized for offsite search

Computer is turned over to crime lab

Crime lab searches computer three weeks later

Ok?

Time to Conduct Search Same Scenario - search done 3 weeks later Warrant requires service within five days Court rule requires service within ten days Three Weeks Ok?

Same Scenario - search done 3 weeks later

Warrant requires service within five days

Court rule requires service within ten days

Three Weeks Ok?

Time to Conduct Search How long do you have to examine the computer? Constitutional Standard: Probable Cause not Stale Magistrate deadlines Court Rule or Statutory Deadlines

How long do you have to examine the computer?

Constitutional Standard: Probable Cause not Stale

Magistrate deadlines

Court Rule or Statutory Deadlines

Time to Conduct Search How about a preliminary search within deadline and a more detailed search later Ok?

How about a preliminary search within deadline and a more detailed search later

Ok?

Time to Conduct Search How about lab analysis of drugs seized under warrant? How about DNA analysis seized under warrant?

How about lab analysis of drugs seized under warrant?

How about DNA analysis seized under warrant?

Time to Conduct Search Washington Court Rule CrR 2.3(c) [The warrant] shall command the officer to search, within a specified period of time not to exceed 10 days, the person, place, or thing named for the property or person specified.

Time to Conduct Search State v. Kern 81 Wn.App. 308 Police obtain warrant for bank records Serve warrant on bank within ten days of issuance Bank delivers records to police 17 days later Defendant objects saying untimely under court rule and bank, not police, executed search

Police obtain warrant for bank records

Serve warrant on bank within ten days of issuance

Bank delivers records to police 17 days later

Defendant objects saying untimely under court rule and bank, not police, executed search

Time to Conduct Search State v. Kern 81 Wn.App. 308 Court says warrant was executed when served Even if not, completing a search shortly after deadline when PC still exists is ok Under circumstances, delegation to bank officials was OK. No danger of scope being exceeded. Less privacy invasion.

Court says warrant was executed when served

Even if not, completing a search shortly after deadline when PC still exists is ok

Under circumstances, delegation to bank officials was OK. No danger of scope being exceeded. Less privacy invasion.

Time to Conduct Search State v. Grenning COA No. 32426-1-II (Jan. 8, 2008) A forensic examination of information stored on copies of a hard drive may extend beyond the 10-day deadline specified in CrR 2.3(c), provided the computer is seized within the 10-day period. A delay in analyzing the information stored on a hard drive will only result in the suppression of evidence if: (1) the delay caused a lapse in probable cause; (2) it created unfair prejudice to the defendant; or (3) officers acted in bad faith.

Tracing Electronic Communications Never forget the goal of tracing email, etc. The goose and the gander

Never forget the goal of tracing email, etc.

The goose and the gander

Fourth Amendment US Constitution No Expectation of Privacy in Records Held by Third Parties U.S. v. Miller (1976)

WA Constitution Article One, Section 7 No person shall be disturbed in his private affairs or his home invaded without authority of law Broader than 4th Amendment U.S. v. Miller may not be law in Washington is not the

ECPA governs access to stored communications (including customer information) Electronic Communications Privacy Act (ECPA), Privacy Protection Act (PPA) and Washington’s Privacy Act

ECPA governs access to stored communications (including customer information)

Extremely Complex Statute Governs Holders of Third Party Records Relating to Electronic Communications Sets up an elaborate scheme for what process (warrant, court order, subpoena) can obtain what records Can get everything except real-time information with search warrant Electronic Communications Privacy Act

Extremely Complex Statute

Governs Holders of Third Party Records Relating to Electronic Communications

Sets up an elaborate scheme for what process (warrant, court order, subpoena) can obtain what records

Can get everything except real-time information with search warrant

Can’t Use Warrant to obtain records from a publisher - must use subpoena Applies to computer publishers Doesn’t apply when publisher is suspect Complex statute - ask me Privacy Protection Act

Can’t Use Warrant to obtain records from a publisher - must use subpoena

Applies to computer publishers

Doesn’t apply when publisher is suspect

Complex statute - ask me

Prohibits Recording or Interception of Real Time Private Communications without Consent of All Parties to Communication Privacy Act covers Electronic Communications like Email and Instant Messaging No exception for parental monitoring Washington Privacy Act RCW 9.73

Prohibits Recording or Interception of Real Time Private Communications without Consent of All Parties to Communication

Privacy Act covers Electronic Communications like Email and Instant Messaging

No exception for parental monitoring

Records Stored on Victim or Suspect’s Computer not Covered by ECPA or Privacy Act Governed by Traditional Search and Seizure Law Search Warrant Law

Records Stored on Victim or Suspect’s Computer not Covered by ECPA or Privacy Act

Governed by Traditional Search and Seizure Law

E-Mail Spoofing Spoofing - a simple definition Changing e-mail so that it looks like it came from someone else

Spoofing - a simple definition

Changing e-mail so that it looks like it came from someone else

E-Mail Spoofing Simple (and easy to detect) spoofing Changing the name in the FROM line of the message

Simple (and easy to detect) spoofing

Changing the name in the FROM line of the message

Network Solutions Registration Services E-mail: hostmaster@internic net >From postmaster@isomedia.com Wed Dec 31 19:00:00 1969 >Received: from rs.internic.net (bipmxo.lb.internic.net [192.168.120.13]) by opsmail.internic.net (8.9.3/8.9.1) with SMTP id QAAO17O1 for <hostmaster~internic.net>; Fri, 16 Jul 1999 16:19:46 -0400 (EDT) >Received: (qmail 18559 invoked from network); 16 Jul 1999 20:15:16 -0000 >Received: from smtp6.jps.net (209.63.224.103) > by 192.168.119.13 with SMTP; 16 Jul 1999 20:15:16 -0000 >Received: from [209.63.189.117] (209-63-189-117.sea.jps.net [209.63.189.117]) by smtp6.jps.net (8.9.0/8.8.5) with ESMTP id NAA17047; Fri, 16 Jul 1999 13:19:43 -0700 (PDT) >X-Sender: (Unverified) >Message-Id: <v04003a00b3b475e9299ee[209.63.189.841> >Mime-Version: 1.0 >Content-Type: text/plain; charset=~us-ascii >Date: Fri, 16 Jul 1999 13:22:14 -0700 >To: hostmaster@internic net >From: Steve Milton <postmaster~isomedia.com> >Subject: [NIC-990716.l2fcd] MODIFY DOMAIN

Network Solutions Registration Services

E-mail: hostmaster@internic net

>From postmaster@isomedia.com Wed Dec 31 19:00:00 1969

>Received: from rs.internic.net (bipmxo.lb.internic.net [192.168.120.13])

by opsmail.internic.net (8.9.3/8.9.1) with SMTP id QAAO17O1

for <hostmaster~internic.net>; Fri, 16 Jul 1999 16:19:46 -0400 (EDT)

>Received: (qmail 18559 invoked from network); 16 Jul 1999 20:15:16 -0000

>Received: from smtp6.jps.net (209.63.224.103)

> by 192.168.119.13 with SMTP; 16 Jul 1999 20:15:16 -0000

>Received: from [209.63.189.117] (209-63-189-117.sea.jps.net [209.63.189.117]) by smtp6.jps.net (8.9.0/8.8.5) with ESMTP id NAA17047;

Fri, 16 Jul 1999 13:19:43 -0700 (PDT)

>X-Sender: (Unverified)

>Message-Id: <v04003a00b3b475e9299ee[209.63.189.841>

>Mime-Version: 1.0

>Content-Type: text/plain; charset=~us-ascii

>Date: Fri, 16 Jul 1999 13:22:14 -0700

>To: hostmaster@internic net

>From: Steve Milton <postmaster~isomedia.com>

>Subject: [NIC-990716.l2fcd] MODIFY DOMAIN

E-Mail Spoofing Most e-mail programs allow you to specify what name will be shown on the FROM line Easy to detect because it doesn’t change the header information which shows where the message really came from

Most e-mail programs allow you to specify what name will be shown on the FROM line

Easy to detect because it doesn’t change the header information which shows where the message really came from

E-Mail Spoofing - A More Sophisticated Method Where did this message originate

Where did this message originate

Return-Path: <mickey@mouse.com> Received: from Mail ([12.228.157.210]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020917013945.NHXQ26988.sccrmhc01.attbi.com@Mail>; Tue, 17 Sep 2002 01:39:45 +0000 Received: from blv-smtpout-01.boeing.com ([192.161.36.5]) by Mail ([12.228.157.210]) (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>; Mon, 16 Sep 2002 22:09:17 +0000 Received: from stl-av-02.boeing.com ([192.76.190.7]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869; Mon, 16 Sep 2002 15:09:15 -0700 (PDT) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781; Mon, 16 Sep 2002 17:09:14 -0500 (CDT) Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28]) by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228; Mon, 16 Sep 2002 15:09:13 -0700 (PDT) Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21) id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700 Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com> From: &quot;Heyamoto, Craig R&quot; <craig.r.heyamoto@boeing.com> To: My Victim Date: Tue, 17 Sep 2002 01:39:45 +0000 I am the Viper!

Return-Path: <mickey@mouse.com>

Received: from Mail ([12.228.157.210]) by sccrmhc01.attbi.com

(InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP

id <20020917013945.NHXQ26988.sccrmhc01.attbi.com@Mail>;

Tue, 17 Sep 2002 01:39:45 +0000

Received: from blv-smtpout-01.boeing.com ([192.161.36.5])

by Mail ([12.228.157.210])

(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP

id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>;

Mon, 16 Sep 2002 22:09:17 +0000

Received: from stl-av-02.boeing.com ([192.76.190.7])

by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869;

Mon, 16 Sep 2002 15:09:15 -0700 (PDT)

Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])

by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781;

Mon, 16 Sep 2002 17:09:14 -0500 (CDT)

Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28])

by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228;

Mon, 16 Sep 2002 15:09:13 -0700 (PDT)

Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21)

id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700

Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com>

From: &quot;Heyamoto, Craig R&quot; <craig.r.heyamoto@boeing.com>

To: My Victim

Date: Tue, 17 Sep 2002 01:39:45 +0000

I am the Viper!

SpoofMail 1.17

SpoofMail 1.17 Return-Path: <craig.r.heyamoto@boeing.com> Received: from blv-smtpout-01.boeing.com ([192.161.36.5]) by rwcrgwc53.attbi.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>; Mon, 16 Sep 2002 22:09:17 +0000 Received: from stl-av-02.boeing.com ([192.76.190.7]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869; Mon, 16 Sep 2002 15:09:15 -0700 (PDT) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781; Mon, 16 Sep 2002 17:09:14 -0500 (CDT) Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28]) by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228; Mon, 16 Sep 2002 15:09:13 -0700 (PDT) Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21) id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700 Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com>

Return-Path: <craig.r.heyamoto@boeing.com>

Received: from blv-smtpout-01.boeing.com ([192.161.36.5])

by rwcrgwc53.attbi.com

(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP

id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>;

Mon, 16 Sep 2002 22:09:17 +0000

Received: from stl-av-02.boeing.com ([192.76.190.7])

by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869;

Mon, 16 Sep 2002 15:09:15 -0700 (PDT)

Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])

by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781;

Mon, 16 Sep 2002 17:09:14 -0500 (CDT)

Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28])

by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228;

Mon, 16 Sep 2002 15:09:13 -0700 (PDT)

Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21)

id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700

Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com>

SpoofMail 1.17

Return-Path: <mickey@mouse.com> Received: from fMail ([12.228.157.210]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020917013945.NHXQ26988.sccrmhc01.attbi.com@SpoofMail>; Tue, 17 Sep 2002 01:39:45 +0000 Return-Path: <craig.r.heyamoto@boeing.com> Received: from blv-smtpout-01.boeing.com ([192.161.36.5]) by fMail ([12.228.157.210]) (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>; Mon, 16 Sep 2002 22:09:17 +0000 Received: from stl-av-02.boeing.com ([192.76.190.7]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869; Mon, 16 Sep 2002 15:09:15 -0700 (PDT) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781; Mon, 16 Sep 2002 17:09:14 -0500 (CDT) Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28]) by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228; Mon, 16 Sep 2002 15:09:13 -0700 (PDT) Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21) id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700 Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com> From: &quot;Heyamoto, Craig R&quot; <craig.r.heyamoto@boeing.com> To: My Victim Date: Tue, 17 Sep 2002 01:39:45 +0000 I am the Viper! Headers I Inserted Headers Servers Inserted

Return-Path: <mickey@mouse.com>

Received: from fMail ([12.228.157.210]) by sccrmhc01.attbi.com

(InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP

id <20020917013945.NHXQ26988.sccrmhc01.attbi.com@SpoofMail>;

Tue, 17 Sep 2002 01:39:45 +0000

Return-Path: <craig.r.heyamoto@boeing.com>

Received: from blv-smtpout-01.boeing.com ([192.161.36.5])

by fMail ([12.228.157.210])

(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP

id <20020916220917.PGLL21115.rwcrgwc53.attbi.com@blv-smtpout-01.boeing.com>;

Mon, 16 Sep 2002 22:09:17 +0000

Received: from stl-av-02.boeing.com ([192.76.190.7])

by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id PAA03869;

Mon, 16 Sep 2002 15:09:15 -0700 (PDT)

Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])

by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id RAA17781;

Mon, 16 Sep 2002 17:09:14 -0500 (CDT)

Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28])

by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g8GM9D511228;

Mon, 16 Sep 2002 15:09:13 -0700 (PDT)

Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21)

id <TBQGHFX5>; Mon, 16 Sep 2002 15:07:58 -0700

Message-ID: <86DC430079D8024898A5EE2FF390B16DE91F04@xch-nw-12.nw.nos.boeing.com>

From: &quot;Heyamoto, Craig R&quot; <craig.r.heyamoto@boeing.com>

To: My Victim

Date: Tue, 17 Sep 2002 01:39:45 +0000

I am the Viper!

E-Mail Spoofing - Other Sophisticated Methods Using an anonymous remailer Using an open e-mail server Use of Sniffers and Intercepts

Using an anonymous remailer

Using an open e-mail server

Use of Sniffers and Intercepts

Problems in Electronic Communications Cases Defendant produces email from victim in which she admits she made it all up

Defendant produces email from victim in which she admits she made it all up

Computer Trespass A person is guilty of computer trespass . . . if the person, without authorization, intentionally gains access to a computer system or electronic database of another What constitutes accessing a computer system or electronic database “without authorization”

A person is guilty of computer trespass . . . if the person, without authorization, intentionally gains access to a computer system or electronic database of another

What constitutes accessing a computer system or electronic database “without authorization”

Ivan Orton Complex Prosecutions & Investigations Division King County Prosecutor’s Office 500 Fourth Ave., Rm. 840 Seattle, WA 98104 [email_address] 206 296-9082

Add a comment

Related presentations

Related pages

Trespass to Chattels - Internet Law Treatise

Trespass to chattels "lies ... In order to prevail on a claim for trespass based on accessing a computer ... an electronic communication that ...
Read more

Trespass to chattels - Wikipedia, the free encyclopedia

... context of electronic communications to combat ... the trespass theory to computer ... the electronic trespass to chattels theory even ...
Read more

Cybercrime - Wikipedia, the free encyclopedia

The content of websites and other electronic communications ... computer "means an electronic, ... to computer monitoring and/or computer searches ...
Read more

Introduction of the Computer Trespass Clarification Act (S ...

Section 217 of the Patriot Act addresses the interception of computer trespass communications. ... The computer trespass provision now in the law as a ...
Read more

Computer Fraud and Abuse Act (CFAA) - Internet Law Treatise

Computer Fraud and Abuse Act. ... Incumbent airline employees' union filed suit under Stored Wire and Electronic Communications and ... Compaq Computer ...
Read more

Article 156 | Penal Law | Offenses Involving Computers

Definitions of terms. Computer Trespass, ... Search New York State Laws. ... by manipulation of electronic, ...
Read more

Computer and Internet Fraud | Wex Legal Dictionary ...

Computer and Internet Fraud: ... sophisticated technological tools to remotely access a secure computer or internet ... or Electronic Communications ...
Read more

a. The FTC Act. b. The Electronic Communications Privacy ...

The FTC Act. b. The Electronic Communications Privacy ... The Computer Fraud and Abuse Act prohibits all but which of the following? a. Computer trespass. b.
Read more

5 Examples of Trespass in Cyberspace - MIT Computer ...

... 1030(e)(1)(1998). This section defines a "computer" as an electronic, ... is a computer, communications ... of Trespass in Cyberspace
Read more