Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

posted by admin on marzo 31, 2017

computer crimes

(No comments)

The Italian DPA has imposed fines totalling over 11 million euros on five money transfer companies which had unlawfully processed more than one thousand users’ personal data in order to bypass anti money-laundering regulations.

These companies collected and transferred to China sums of money belonging to Chinese businessmen, violating both the anti money-laundering law and the data protection law. By using the technique of structuring (i.e. the technique of breaking up large amounts of money into several smaller transactions below the anti money-laundering legal threshold), companies allocated money transfers to more than 1,000 customers, who were completely unaware of these transactions, by illegally using their data.

These serious violations came to light during an investigation by the Procura di Roma (the Rome Public Prosecutor’s Office). The Currency Police Unit of the Italian Financial Police, authorised by the Judicial Authorities, ascertained that the names of the people these money transfers were registered to did not correspond to the real senders. In addition, in certain cases the transaction forms turned out not even to have been signed or to have been filled out by people who were either deceased or non-existent. The personal data used were taken from photocopies of id documents, which were stored in specific folders to be used when needed. Money transfers were carried out within seconds of each other and involved sums of money which were just under the legal threshold and addressed to the same recipient.

Due to this infringement of the Data Protection Law committed by the companies, the Italian Data Protection Authority was obliged to intervene and, in view of the seriousness of the violations, the number of parties involved whose personal data had been processed without their consent and the importance (and size) of the database, has imposed the following fines: 5,880,000 euros for the multinational corporation and fines of 1,590,000 euros, 1,430,000 euros, 1,260,000 euros and 850,000 euros respectively for the other four companies, for a total of over 11 million euros.

 

 

posted by admin on marzo 15, 2017

computer crimes

(No comments)

The latest report from Clusit (the Italian Association of Internet and IT Security) states that 2016 was the worst year ever for the evolution in cyber threats and their impact. The Interministerial Commitee for the Security of the Republic, chaired by Prime Minister Gentiloni, has devised a national cyber security plan.

Clusit stresses the phenomenal rise (+1,166%) in phishing attacks – by means of which cyber scammers persuade victims to hand over personal and financial data or login credentials by masquerading as bona fide companies – and social engineering scams – i.e. techniques of studying individual people’s behaviour in order to extort information. Malevolent common malware virus attacks also rose (+116%), and were not only small scale attacks, but also aimed at attacking important targets with significant impact.

There was a dramatic rise even in cyber warfare related attacks (+ 117%), which aim to increase geopolitical pressure or manipulate public opinion. Examples of cyber warfare attacks include those on political parties’ or institutions’ email accounts, but potential targets also include critical infrastructure such as energy, water, communications and transport services, attacks on which rose by + 15% compared to 2015.

So-called cybercrime – i.e. offences committed in order to extort money or information – represented 72% of global attacks in 2016. There has been a consistent upward trend in cybercrime since 2011, when the percentage was 36%. 32% of attacks use unknown techniques, which is 45% up on 2015.

In 2016 the healthcare sector was under increased serious attack (+ 102%) from ransomware – i.e. viruses that encrypt data on victims’ devices only released if the victims pay a ransom – and data theft. There was also a substantial rise in attacks against large scale retail distribution (+70%) and the banking and financial sector (+64%).

In geographical terms, in the second half of 2016 attacks against European targets rose from 13% to 16% and against Asian targets from 15% to 16%, whereas the number of victims in the USA seems to have dropped slightly, even if the USA remains the area most hit by cyber attacks. The tendency to attack mostly important and transnational targets was confirmed. An example of one of the most important global attacks was that against the Italian Ministry of Foreign Affairs.

The Interministerial Commitee for the Security of the Republic (Cisr) has launched a multi phase national plan for cyber security with a new decree – “indications for cybernetics protection and national information security”, which replaces the old Council of Ministers Presidential Decree of January 24th, 2013.

The new measure acknowledges the NIS (Network and Information Security) European Directive and reinforces the role of the Cisr which will issue directives with the aim of raising the level of national cyber security and will avail itself of the support of interministerial coordination on the part of the so-called “Cisr tecnico” (the Technical Interministerial Commitee for the Security of the Republic) and the Security Intelligence Department (Dis).

The new decree assigns the Director General of the DIS the task of defining appropriate courses of action to ensure the required levels of security in both public and private strategic systems and networks, identifying and removing their vulnerabilities. So as to successfully carry out these initiatives the involvement of both the academic world and the world of research is envisaged, as is the idea to use top quality resources in addition to setting up extensive co-operation with businesses in the cyber sector.

At an operational level, the Cyber Security Unit (Nsc) – now part of the Dis – will guarantee a coordinated joint response to any significant cyber attack on national security, together with specialists from all relevant Government Departments.

 

 

posted by admin on novembre 15, 2016

computer crimes

(No comments)

This is a summary of the interview given by Prof. Giusella Finocchiaro to Vanity Fair, in which she was invited to explain certain legal aspects underlying some particular recent news items regarding online privacy.

Social media allow a choice of the level of visibility for each post published, however for uses such as that of videos illegally circulated online judicial measures are required. Giusella Finocchiaro, the first attorney at law in Italy to teach Internet law, explains how.

Two cases recently appeared in the news in the space of just 24 hours. Firstly, the suicide of a 31-year-old woman, whose hard core videotape had been circulating illegally on the web for more than a year and the case of a 17-year-old girl, whose girl friends recorded and posted a video of her while she was being raped in a disco. Both of these cases raise the question of what the limits of privacy on the Internet are. The head of the Italian Data Protection Authority, Antonello Soro, spoke of « the risk of being pilloried that the Net exposes us to, given the lack of adequate user awareness of the nature of its unlimited space and of the damaging effects that violent communication or the ferocity of ruthless mockery on the part of others may cause».

Lack of legislation was not in question Soro did not speak of a lack of legislation but rather of the need for «appropriate response procedures on the part of the different platforms» and also of another fundamental need: namely «to cultivate respect among people on the Internet». Investment in digital education is fundamental also according to Giusella Finocchiaro, (attorney at law and Professor of Private and Internet law at the University of Bologna, the first chair for this subject in Italy, as laws exist and the legal course followed by Tiziana Cantone (the woman who committed suicide) was the correct one, but timescales remain lengthy and not all people know how to protect themselves.

 

 

posted by admin on maggio 27, 2015

computer crimes

(No comments)

According to the Court of Ivrea (Italy) insulting remarks directed against colleagues and superiors posted on Facebook are a sufficiently serious cause for justifying the dismissal of an employee.

With an injunction issued on the 28th January 2015, the Court of Ivrea rejected an appeal by a former employee asking to be reinstated at work following lawful dismissal for misconduct. The employee had been fired for posting seriously offensive comments on Facebook against his employers and some women colleagues.

While admitting to posting the offensive remarks on his Facebook account, the claimant had applied to the Court claiming that such conduct could not be considered sufficiently serious to justify his dismissal and in addition to reinstatement demanded damages.

This is the second procedure in which the employee has taken legal action to ask to be reinstated at work at the same company. The work relationship had already been terminated in 2012. However, certain contractual irregularities had prompted the man to file an appeal and at the end of 2012 the Court had accepted his request, annulling the terms of the fixed-term contract that he had stipulated with the company and condemning the latter to reinstating the claimant and in addition to the payment of all wages accrued.

Consequently, in 2014 the company had rehired the employee, but had decided to exempt him from effectively resuming work, thus the employee had begun to receive a salary without having to work.

Paradoxically this condition, which to some might seem advantageous, led the employee to libel his employers on Facebook. In fact the man published the letter of reinstatement on the social network, accompanying it with some highly insulting remarks against his superiors who had reinstated him and also against some women colleagues.

As the Ivrea Court judge stressed, the posts were not restricted to the “friends” of the claimant, but “could potentially have been seen by about a billion social network users” and were only removed after a cease and desist order on the part of the company. All these factors carried weight in the judge’s final decision, according to which the seriousness of the former employee’s misconduct is considered “severe enough to preclude even temporary continuation of the work relationship”.

In the judge’s decision it is explained that the insults, especially the sexist insults directed at the women colleagues, who were totally unconnected to the previous litigation between the employers and the employee, indicate “the will of the claimant to defame both the company and also some of its employees, in a manner which was potentially gravely damaging to their reputations”.

The claimant failed in his attempt to justify his behaviour as “a reaction, even though an excessive and abnormal (but instinctive) one”. The judge underlined that if it had been provoked by an instinctive gesture –although rash – the employee would have taken prompt action to eliminate the post and would not have waited more than two weeks to do so, as in fact happened. This lengthy period of time that the comments remained online also seems to suggest that the claimant had absolutely no perception of the serious nature of his misconduct.

In light of these considerations, the Court dismissed the claimant’s appeal and ordered him to pay the company’s legal costs, amounting to 3,500€.

This decision by the judge of the Court of Ivrea confirms the case law regarding lawful dismissal for misconduct for defamatory posts which offend employers, as already established by the Court of Appeal of Turin (judgment of 17th July 2014, n. 164) and the labour section of the Court of Milan (order of 1st August, 2014).

 

 

posted by admin on maggio 7, 2012

computer crimes

(No comments)

The website www.italia programmi.net is again in the news for trying to extort a payment to none other than President of the Italian Republic Giorgio Napolitano.

The mechanism of the scam of the website has been repeatedly reported on our blog: the website offers users the possibility to download some softwares, notoriously known to be free, in exchange of the registration of their data.The truth is that, through the registration procedure the consumers subscribe without their knowledge a two-year contract with the company Estesa Limited based in the Seychelles, for the provision of a software at an annual cost of €96 to be paid in advance once a year. After the registration users start to receive letters which threaten them of a legal action if they do not pay by a certain date. Of course, the fear of facing up to a trial leads many citizens to pay off.

Despite the heavy financial penalty for misleading and aggressive commercial practices imposed by the Antitrust Authority in January, the intimations of Extended Limited keep harassing Italian people. Surprisingly, on the 6th of February a letter of payment has also reached the palace of the Italian Republic Presidency, the Quirinal.

As reported by the press, the request of a payment of 96 euros (plus 8.5 for costs with relative transaction code (F681819) and Iban for the transfer to be sent before the 23rd of February to a bank situated in Cyprus) was sent to the Italian Republic President Giorgio Napolitano.

Through the offices of the Quirinal Palace, President Napolitano, who probably has never personally registered on the website, reported the incident to the police, as thousands of other people did before him.

We hope that the many victims of the scam who have been written us during the last months could feel a bit heartened by the fact that the fraud is unevenly distributed, and it do not save the high places!

The Italian press have recently reported on the first case of fraud in Italy through the unlawful use of a digital signature.

According to reports, a Rome businessman discovered through a check carried out at the Chamber of Commerce in 2011 that all his company’s shares had been registered without his knowledge to a man by name of David Henry Antinucci, who in this way had become the sole member of the company and had also appointed himself sole director, with the authority to transfer the company’s headquarters.

With the appointment of the new sole director, the deeds of conveyance had been transmitted to the Chamber of Commerce via the Internet by an accountant’s office by means of the activation of an electronic smart card with a digital signature, which is obligatory for company communications with the Italian Register of companies. In this case the smart card had been registered in the Rome businessman’s name but had not been requested by him.

The probe conducted by the IT investigation section of the Special Telematic Fraud Unit of the Italian Financial and Tax Police has led to the identification of three suspects, including Antinucci, who now face prosecution for personation, false statements or proof given to the electronic signature authenticator regarding their own and other people’s identities and capacities in addition to forgery of public documents, private documents and electronic documents.

According to the investigation, Antinucci was aided and abetted in the fraud by the owner of a business consultancy firm who appears to have been a total tax evader for 16 years. The two men are alleged to have used a photocopy of the businessman’s ID card to activate two smart cards at a certification services agency after filling out the appropriate form.

The owner of the agency declared that he had had direct contact with the two men to issue the smart cards and that they had informed him that the businessman would not be present to sign the smart cards in person as he was abroad on business. The accountant who forwarded the requests to the Chamber of Commerce said he had worked in good faith on the documentation he had been sent by the owner of the agency and had not checked it further.

From what we read in the press, the judges are convinced that neither the agency owner nor the accountant are criminally involved in the scam, although they are guilty of carelessness when initiating the procedure.

However, the accountant has been reported for violation of the rules of discipline to his professional association for failing to verify the authenticity of the signatures which were not added in his presence when transferring the shares.

In the light of this reconstruction, we can say with some certainty that this case arouses a certain level of interest not only because of the novelty of the method apparently used for the fraud but also for the different positions of responsibility which emerge in relation to the various individuals involved in the case.

The Italian press have recently reported on the first case of fraud in Italy through the unlawful use of a digital signature.

According to reports, a Rome businessman discovered through a check carried out at the Chamber of Commerce in 2011 that all his company’s shares had been registered without his knowledge to a man by name of David Henry Antinucci, who in this way had become the sole member of the company and had also appointed himself sole director, with the authority to transfer the company’s headquarters.

With the appointment of the new sole director, the deeds of conveyance had been transmitted to the Chamber of Commerce via the Internet by an accountant’s office by means of the activation of an electronic smart card with a digital signature, which is obligatory for company communications with the Italian Register of companies. In this case the smart card had been registered in the Rome businessman’s name but had not been requested by him.

The probe conducted by the IT investigation section of the Special Telematic Fraud Unit of the Italian Financial and Tax Police has led to the identification of three suspects, including Antinucci, who now face prosecution for personation, false statements or proof given to the electronic signature authenticator regarding their own and other people’s identities and capacities in addition to forgery of public documents, private documents and electronic documents.

According to the investigation, Antinucci was aided and abetted in the fraud by the owner of a business consultancy firm who appears to have been a total tax evader for 16 years. The two men are alleged to have used a photocopy of the businessman’s ID card to activate two smart cards at a certification services agency after filling out the appropriate form.

The owner of the agency declared that he had had direct contact with the two men to issue the smart cards and that they had informed him that the businessman would not be present to sign the smart cards in person as he was abroad on business. The accountant who forwarded the requests to the Chamber of Commerce said he had worked in good faith on the documentation he had been sent by the owner of the agency and had not checked it further.

From what we read in the press, the judges are convinced that neither the agency owner nor the accountant are criminally involved in the scam, although they are guilty of carelessness when initiating the procedure.

However, the accountant has been reported for violation of the rules of discipline to his professional association for failing to verify the authenticity of the signatures which were not added in his presence when transferring the shares.

In the light of this reconstruction, we can say with some certainty that this case arouses a certain level of interest not only because of the novelty of the method apparently used for the fraud but also for the different positions of responsibility which emerge in relation to the various individuals involved in the case.

posted by admin on marzo 26, 2012

computer crimes

(No comments)

Telecom Italy is under investigation by the Milan Public Prosecutor’s Office for alleged fraud connected to false SIM cards. The company’s presumed involvement is based on the content of Legislative Decree no. 231 of 2001 regarding the criminal liability of corporations arising from administrative offences.

The Public Prosecutor’ s Office is carrying out investigations into criminal conspiracy, receiving and forgery. 14 of the 99 people under investigation for irregularities in the management of SIM cards are Telecom employees while all the others are authorized Tim dealers.

Between 2007 and 2009, according to the prosecutors’ reconstruction, the Telecom employees under investigation enabled millions of SIM cards registered to bogus individuals with the aim of receiving higher rates of incentive pay, as the company paid bonuses to employees in relation to the number of SIM cards enabled. The authorized Tim dealers then sold them under the counter to people in whose interest it was not to appear as SIM card holders and in many cases cards were then used to commit crimes (particularly IT crimes).

Thanks to the SIM card scam the Telecom employees gained in terms of incentive payments, the Tim dealers increased their earnings thanks to the higher price at which they sold cards already made out in someone’s name and Telecom itself also benefitted as this business increased its market share and generated further traffic. According to the investigation coordinated by the Milan Public Prosecutors Massimiliano Carducci and Francesco Cajani, it would appear that in 2008 the company made an unfair profit of some €231 million.

Telecom has issued a statement in which it describes itself as “the injured party” and announces that “it will sue all the defendants for damages in a civil proceeding,” stressing that in 2008 it had filed “two complaints as the injured party and from the very outset of the investigation had taken action to suspend the 14 employees, (none of whom were executives), who were involved at the time and who are under investigation in the current judicial proceedings.”

posted by admin on marzo 19, 2012

computer crimes

(No comments)

If employees delete files from a company’s computer, or get possession of a company’s cd-roms, they may be charged with theft or malicious mischief, even if the files can still be recovered.

This was recently determined in judgment no. 8555 of the Italian Supreme Court when ruling on a case in which, on resigning due to severe tensions at work an employee decided to take his revenge on the company by deleting certain files from his computer workstation and taking away the backup cd-roms.

Confirming the judgment of the Court of Appeal, the Supreme Court rejected the reasons put forward by the former employee who alleged that the crime of theft could only be ascribed should the loss of data be permanent, whereas in the case in question the company had successfully regained possession of the files thanks to the help of a technician specialized in the recovery of deleted data.

With reference to Law no. 547 of 1993 which ratified the European Convention on software piracy, the Court noted that “the headword “delete” which appears in the provision of the law is not to be interpreted in its principal meaning which is that of unrecoverable elimination, but in the more specific technical sense intended by the provision of the law. “

Since “deletion” in computer science is understood as removing data on a temporary basis by putting it in the recycle bin, and permanently by emptying the bin, according to the Supreme Court it is correct to maintain that any intended deletion which does not rule out the possibility of recovery through the use of, albeit expensive special procedures, is also in line with the spirit of the law.

The Court thus confirmed the existence of damage suffered by the company, which was forced to spend both time and money to recover the files. Furthermore, in this specific case, the damage incurred is also to be interpreted in a strictly physical sense as most of the recovered files could no longer be opened and consequently were permanently lost.

posted by admin on gennaio 9, 2012

computer crimes

(No comments)

One of the first 2011 year-end considerations to attract a certain interest on the Internet is that regarding the increase of online identity thefts in Italy.

In fact, in 2011 many Italian public figures have found their names associated with social networking profiles managed by unknown parties. Among the latest to be affected is the new Minister for Economic Development Corrado Passera who had a tweet attributed to him after the new economic measures had been passed, that was later revealed to come from a fake account.

But not only well-known personalities are hit by identity thieves. In an interview with the Adnkronos agency, Sabrina Castelluzzo, the person in charge of the computer crimes section of the Postal and Communications Police Service said that of the crimes committed online in Italy, identity theft is the most frequent. “This year alone we have received 2,900 complaints regarding this crime all over Italy,” explained Ms. Castelluzzo “and 1,400 have been fielded by other police departments. The investigations have enabled us to press charges of Identity Theft against 198 people, while at least 2,600 checks have been carried out on the Internet. “

According to Ms. Castelluzzo identity theft is an especially widespread crime as it is often a “crime vehicle” which comes in useful when committing more serious crimes such as misuse of credit cards or bank accounts through credentials extorted by means of phishing. However, with regard to the creation of fake profiles on social networks, identity theft is often linked to crimes such as defamation and stalking.

  • Recent comments

  • Popular posts

    • None found