Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/25/2007
06:44 AM
50%
50%

Shallow Victory for the Federal Government

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.

Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.Pushing up against existing legal statutes and creating problems for unsuspecting consumers, Zuccarini has engaged in a game of cat and mouse with federal agencies since the turn of the millennium. The Federal Trade Commission (FTC) won the latest round in the battle, but it appears that the game will continue and hurt the credibility of small and medium businesses selling their goods online.

Zuccarini has made a small fortune (millions annually) through buying Internet domain names and then redirecting unsuspecting consumers from legitimate to illegitimate sites. The crook purchased the rights to more than 5,000 sites, focusing on words that are close to well known brands, for instance he has sites for 15 variations of the popular childrens cartoon site, the cartoonnetwork.com, and 41 variations on the name of pop star Britney Spears. Surfers looking for those sites but making typographical mistakes would enter his empire and be bombarded with ads for products ranging from Internet gambling to pornography. In some cases, the legitimate Web sites that the consumers were attempting to access were also launched. Consequently, customers sometimes thought the series of ads came from those companies. In addition, it also was difficult, or impossible in some cases, for Web surfers to close the popup windows and escape the advertising deluge.

The FCC went to court to penalize Zuccarinis practice, and a judge handed him a penalty of $1.8 million. Since this agency has no criminal prosecutory power, it worked with the United States Attorney for the Southern District of New York, which brought criminal charges against Zuccarini for his misleading use of domain names and possession of child pornography. In August 2003, he was sentenced to 30 months in prison and 36 months of supervised release.

After serving his time, Zuccarini immediately returned to his vocation, but instead of trafficking in pornography (an area that was easy to prosecute), he served up other sites. In December 2006, the FTC charged that Zuccarini violated a 2002 judicial order by redirecting consumers on the Internet, misrepresenting that his domain names were affiliated or associated with third parties, and participating in affiliate marketing programs. The agency also charged that the defendant did not comply with record-keeping and reporting requirements in the original order. Last week, a judge ruled in the FTCs favor and ordered Zuccarini to pay a $164,000 judgment. The agency, which declined to divulge how much of the first penalty the cybercrook paid, is in contact with him now, and working out the payment terms of the latest judgment.

Does that sound like an appropriate punishment for a flimflam artist who diminishes consumers faith in the Internet, skirts existing laws, and chews up government law enforcement resources? It seems like a slap on the wrist; a more appropriate sentence would be stripping him of his ability to conduct any type of cyber business. Enough time and money has been wasted with this clowns actions to warrant a stiffer penalty, so legitimate businesses can concentrate on serving their customers.

Do you know what sites are linked to misspellings of your companys name? How would you deal with a cyber criminal like Zuccarini? Do you think his latest sentence was appropriate?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.