Cable & Wireless has served an injunction against a former executive following the theft of a 100,000 customer database, the BBC has learned.
The injunction orders Seemab Zafar to hand over any part of the database of former subsidiary Bulldog, including names, addresses and financial details.
Ms Zafar, from London, denies that she holds any part of the database.
A BBC investigation has established that the database had been illegally used by call centres in Pakistan.
The call centres tricked customers into handing over credit card details.
One victim of the scam, Gareth Thomas, has subsequently been defrauded on his bank and credit cards, and had his identity cloned on the internet pay system Paypal.
Other victims complained of being relentlessly called by call centres in South East Asia, who won't reveal their identity nor what personal information they hold.
The High Court injunction was brought by Cable & Wireless because it owned internet services provider Bulldog at the time the database was taken.
Database denial
The data base of up to 100,000 names was stolen at the same time as an employee went on a business trip to Pakistan in 2005.
Cable & Wireless said "the employee did not return as planned and was then sacked", adding that "we take this matter very seriously".
Ms Zafar now runs an international out-sourcing business.
She recently emailed the BBC from abroad to deny that she had any part of the data base: "For the record I am letting you know that I do not have any part of the Bulldog database and this is exactly what I told the lawyers."
Cable & Wireless believe its injunction, served in the past few days, has" led to the destruction of all copies of the Bulldog customer data" that may have been in the possession of Ms Zafar and her companies.
But it declined to give any assurances that data which may have been passed to other call centres had also been destroyed.
Since September 2006 Bulldog is part of Pipex Group.
Top
ETHICS! : Want to Write a Virus? Take a Class
Erik Larkin
May 22, 2007
http://blogs.pcworld.com/staffblog/archives/004452.html
A college computer course that teaches students how to write computer viruses is riling up security companies once again, according to a story in a local California paper today.
Per the story, a computer science professor at Sonoma State University in California is teaching the course in order to train his students how to design better defenses. Security companies, on the other hand, have always vigorously decried any attempts to create new malware as automatically unethical, no matter the end goal. And at least three companies are sending Ledin letters saying they will boycott hiring Ledin's students, according to the story.
This is an ongoing debate. Other colleges have previously taught such classes, and Consumer Reports took major heat when it created new malware to test antivirus software.
So who's right? Is Ledin violating an unwritten Hippocratic oath of computer security? Or is this an important thing to teach, and learn, and test?
Personally, I think the genie's out of the bottle. Unlike with biological viruses, it's not hard to create a new piece of malware. You don't need a lab, expensive equipment or even much techie know-how; There has long been software available that allows any aspiring online thug to easily create a new piece of malware.
What's more, malware writers are constantly spewing out new variants in an attempt to evade antivirus programs. The recent Storm Worm blast was a great example.
So I don't really think it makes us less safe if a few students create new malware in order to learn how they're built. Even if one of them escapes its protected environment, it will be a drop in the bucket compared to the already existing deluge of new virus variants that come out all the time.
And such training may help with what's really important: Developing effective proactive defenses that can block attacks whether they're old or brand new.
Top
LAW : Europe considering anti-ID theft law
OUT-LAW News,
24/05/2007
http://www.out-law.com/page-8084
The European Commission is considering new legislation against identity theft. The proposal is contained in a just-published policy on EU-wide plans to fight cybercrime.
The European Commission's policy on fighting cybercrime in Europe is the product of many years of consultation and focuses on greater co-operation between European police forces.
Though the Commission said that it did not believe that new legislation would be useful at this stage in stopping the fast growth of cybercrime, it said it will consider anti-ID theft laws later this year.
"No general legislation on the fight against cyber crime can be expected to be effective at this moment," said a Commission statement. "However … targeted legislative actions may also prove to be appropriate or needed in specific areas. As an example, the Commission will consider an initiative regarding European legislation against identity theft in 2007. Legislative action could also include developing a regulation on the responsibility of different actors in the relevant sector."
Overall, the Commission said that its cyber crime fighting policies would depend on improved co-operation and communication between law enforcement forces across Europe.
"The main feature of this policy instrument is a proactive policy in reinforcing the structures for operational law enforcement cooperation," said the Commission statement. "The Commission will launch a reflection on how this cooperation can be strengthened and improved."
In a move which could prove controversial, the Commission said that its new policy included "actions to improve exchange of information" between law enforcement agencies. Attempts to share increasing amounts of information between police forces in Europe have met with opposition.
Europe's privacy watchdog the European Data Protection Supervisor recently warned of his "grave concern" that data sharing plans was a "lowest common denominator approach that would hinder the fundamental rights of EU citizens".
Earlier this week the European Parliament voted to support the reinstatement of data protection principles into a European plan to share data across police forces.
"The policy instrument includes actions to improve exchange of information and best practices, initiatives to improve training and awareness-raising within law enforcement authorities," said the Commission's statement on its plan.
The Commission also wants to create new public-private projects designed to fight crime. This could also raise privacy problems because state bodies in Europe are often reluctant to share personal information with the private sector.
